Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal logs


  • This topic is locked This topic is locked
8 replies to this topic

#1 wukillalogic

wukillalogic

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 06 March 2011 - 11:39 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic382491.html ~ OB

here is the DDS log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Marteezy at 20:26:57.56 on Sun 03/06/2011
internet explorer: 8.0.6001.18702
browserjavaversion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.405 [GMT -8:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marteezy\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\Marteezy\My Documents\Downloads\dds.scr
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marteezy\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\Marteezy\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
NoUpdateCheck REG_DWORD 1 (0x1)
NoJITSetup REG_DWORD 1 (0x1)
Disable Script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
XMLHTTP REG_DWORD 1 (0x1)
UseClearType REG_SZ yes
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Start Page REG_SZ http://www.google.com/
CompatibilityFlags REG_DWORD 0 (0x0)
FullScreen REG_SZ no
Window_Placement REG_BINARY 2c0000000200000003000000ffffffffffffffffffffffffffffffffb900000000000000d903000058020000
IE8RunOnceLastShown REG_DWORD 1 (0x1)
IE8RunOnceLastShown_TIMESTAMP REG_BINARY e0913a22bbc1cb01
IE8TourShown REG_DWORD 1 (0x1)
IE8TourShownTime REG_BINARY d6850ace48c5ca01
Start Page Redirect Cache_TIMESTAMP REG_BINARY 8820cdfebac1cb01
Start Page Redirect Cache AcceptLangs REG_SZ en-us
NotifyDownloadComplete REG_SZ yes
Check_Associations REG_SZ yes
AutoHide REG_SZ yes
Use FormSuggest REG_SZ no
RunOnceHasShown REG_DWORD 1 (0x1)
RunOnceComplete REG_DWORD 1 (0x1)
IE8RunOncePerInstallCompleted REG_DWORD 1 (0x1)
IE8RunOnceCompletionTime REG_BINARY 9af88b37bbc1cb01
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\Default Feeds
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\FeatureControl
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\WindowsSearch
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0a000000
Delete_Temp_Files_On_Exit REG_SZ yes
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1a000000
Placeholder_Height REG_BINARY 1a000000
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\ErrorThresholds
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\FeatureControl
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\UrlTemplate
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0 (0x0)
MigrateProxy REG_DWORD 1 (0x1)
EnableNegotiate REG_DWORD 1 (0x1)
ProxyEnable REG_DWORD 0 (0x0)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 1 (0x1)
UrlEncoding REG_DWORD 0 (0x0)
SecureProtocols REG_DWORD 160 (0xa0)
PrivDiscUiShown REG_DWORD 1 (0x1)
PrivacyAdvanced REG_DWORD 0 (0x0)
ZonesSecurityUpgrade REG_BINARY ec0dbc52d6bdca01
DisableCachingOfSSLPages REG_DWORD 0 (0x0)
WarnonZoneCrossing REG_DWORD 1 (0x1)
EnableAutodial REG_DWORD 0 (0x0)
WarnonBadCertRecving REG_DWORD 1 (0x1)
WarnOnPostRedirect REG_DWORD 0 (0x0)
WarnOnHTTPSToHTTPRedirect REG_DWORD 1 (0x1)
ProxyOverride REG_SZ *.local
5 REG_BINARY c102d231de0fe22e11110b67f2f3295d75b5530362980efb1e872a1f6a38a55ebe127f14f356524c41141d381f54e2d29f630334e8c182779e2048067b275e0f
4 REG_BINARY 450f780bddc165fc31036138db0bba0dfa1863a483514aa8f4f922797a2b6dad603f17b473182df6468790f909d450bb836c8426c865c994b3a07527a956ad31efbf83b26e25f51a8bad7958da697a36c4e7205fbf6480e52adaedac94a191e75e46b490a033dd13ae2d841e7a1b675683c3567f0e9731331cb45fca55a5533d2f0df06ef13e6e25f1662c6011255c325465bae2c3414d16a0f1d6559c024d757c4d5364d343b5205bca641e4f469416a72b1e6a1e7265a09ac8a26a5cb841cdaf6142f7fffafe03798c7cf7267d8e8dee481d6d57f07b3f72118ddbfeca63d05d224fe1a40086d01a881073949512fe5d0e50420e02230c002b8d29399ff084cd2d7c00661e8dcdc9f8ea9b5a10353f2327d9b5da8ee39a143a4e8e9e6f28b07987f10bb97749b99e6cc19925759ee9a415bca4c6424036a7b48465fe6b76f62aeb2f524b5d8473a1a98131f4bbde054421cb09e601e358aff65534b6181a46b0e8e000b1125d68b6ad5ca8f51e9493ce5ea22972ab9bc52b306098bde6565884a7e64ed6f70f6422d0053d3d90d0c035bf02aad203261502a30135bcaeaa01e05eb7e6f548ac243948905365bf13dd7bd61dab467b9fd2430eb839ddc2ce850fe2030d419a563c78342cf8ececd49c49149eb3de00f395e8d35893e017ca01e6fcb584b6ac9aa3f3a1fb444ef1a05a606a47d5862cda0c85c8b9ddcfab40d23bd67afbca0acf83518de3cf41b259c354d037c3bf4bb79fecdf14d111f0fae15e75c622fc47935a1f5fdfacb9be3438b0850d27b1fc98844dda82cda47ea6a4bb01da05bc119d935d34b3e156e9b3e20110cda8cf806e32513969102dc70ef42fa7aac222a184791b711b5b3a35dd991b68574462dd9087649b303e45223d479ce144d0b6516e82575df3b32c6ae2bf159e46823cbcee9c7a0cbf82cbb7d4325d3ed36a4e4d90120a29c72c33861b85b024eacff2ee0b1de6c094a64d16768cf59dabfa6c9d97ba74e2f2b091a0def33ccfc2a910abc5dc8bc45668e10660cc5b4f066eb489dd24a158ffd084fb8ea6af3eef973c88a34ffb6ba91bca88578a901c4043725ed0e55869be22e62f921c2e6e35a653dc0f9176100d2fef571aa59959691f34516bf078d55486af5a4562d024343ea13e9c41241321eb7dd7986b46dcbf4c191174852d3a0ee8e1d1c0d0cc8ddfd8203ccf7e757ba75a3b1a76d8a250ec03d4f127cabf63418b835acbaa67d8d0942103429c7a5f8c24f7220dfd64839089d49b4e8a5740d52cebab74dcbf08d25e9aaf1fe554535f71dfb1e0f4652bd4af1d97182521913a8bbf384851ce272a91bd520ae26324f5e3be4cd309ec764ee47a3f9cfc7f453c0b0514ecbb0221f72314f52f9a7b90c04ee9a4d6759d5c095cd2a20c05d4f98fcad35641e903897ebc1b59299446043366a9727d114ef45704027595c390f2cda14602d145e04be61d100dcd82ccefd03f0ec3803ada1894f02fe94c04e744b68d2554e66162df2805b1aeae5649964adf4ac2abecc146ec86f39ed7979f39675df38db17792a1803558986621a9c9a6b901906e736ae5e92cf0db62b7abf2ee936f6b67137fdb5f2252c0b3c5f547df6a54f93a708eada60bad8922774fd44e1ff770ebf4ee6cc75c314ea8b0ce2198fcc291e5fe164199b1137cd48dc79c7b9555274807b79073ca57548edc48db4b1818f0a10bba751409d536a46496ad5b84a16ef96eebf2623096d66e1965cad2c2f0c4f2a8eb367611fd5643cb4efeb713473652842fddae2a55a7513a606458a33fc809c98e1fcfbaece8f41bb3be833ce399d8387a7eee777a2c390a6285536a79bb8eca8de9bd8e35cc16b68571e46320bd10982123f37f0b03cefc01dad151cf0c2fce19716b2d8b750d3f27813ad39df9709d5dcf78e0d7785188ee07a288207ad633126275a75380ed2783eda6b38cf30360378730e344c6f34c04019a74bb8be9bd48fb264c3a3caa24799d4e5eac0621e0bc8b956d3b53525f52ef631dbdb33fcadab71894ea4ad03868283d4ad3fbec14eb3ded8634218eb8062059f974fbcf332e9520d5f7fa8fe6f02427f208d3d1dcf9c348f3902d12158a9648c6978c9d71ebdabce3639444db7e09cb95f877ab5138848421350ce6cbd28e0bf8fd121db74a1de14d1081bcb95ea652e41f2247dc59d1520e2a3b1d7e0330f42e248144d8e3ea41ce53c3b8816b91fc887027a03299cc2f6c8a9d2cbfb7e24121a6b978f5d8c770e80928d21aebd22743b58ff3df0d02950c76636dae9fe5fbea9c89efa48fa8c2dd1c2b3c8284f184e4d7735187ffe3a3360bdce99c32e56889181331666d4bdd7834310c75870fb4665f5f2c523079977cd467ec0c2199a893cd3ebd62c2f935bc0c7707c80e5a7d251dc7ce0679f6d64d4fd96a215d33ce7aedb7ec9957fd5b0c4ac6888fdf25aee3cdf9135808eee4a2dea49b9a3bc26b691e2d141a8a7a6af9f12d24d27c9b291330409b31e6ad2a1fe8087edc83c20f1670648df8c38a7661adc0885ec858f1164b202cc12e25fad932125b0d3f37063de9f6361f2034155cfc41ebfca653ae976598ef246108081e6289b50e9802d7ac12c62566ac16c464fa97dbdbf9a08e87393a90695b77e6fa0179acbf001efaf618d7297afee6c70fd786093444e4f6f5996e0a30309a197a29dc9308e1b86f75ed1e057f5f7eafef91478fd3b36379310a083b1614b2ccf305461ec20bcbcb0c2421588c58a967953b8d83d3aeb8b0f2c4fe580d7d73737ee5a6c2574486a6ae5c5029de0205debddc6e7300ee637b6f7e171804d0c43928c4a9dff0a38a4a6c9bb07c612196149556961eaba6e4242b74ed0a37c9017b56be98b48f04d801791b370f57fb20499774637140843dd81dc623cd2ad27ac76be05a92613552f8ad23c94d1800c9833ef35c51d457ccaaa122fe5f0bd710da8ccd43a54ef4e02bba91397e3082acfec226177ca1d8c66c2e99328ca1a4ee4598f32de6503937cf530965cb6d9c02b71e1d697d104cceedc3c12fef681593266b46e183073d33c03ec8d25e975afcfb82f63d3e359fb0b2128a507225b0c6d25483307637ac39c51d7c71dc428c2c49810b6908d39f8b20a0fddac61c773ea21abde38945467e75c3dbc7e215e1afe4e59ab1d6b7328b4dd6f3da516a5715316a2f83dd251742a05607fdcff1e23e13897431ae16b6eea9581ee737794d920e93a7da41b80b102276adc61ea8824d55a38fd15d7ff1b5d5826416c9d76ace5ac9d75bb9029aaad0aff22ff9bf81073dfd75b66eb9fb44e123acb4c2ae0d0a9b3af749b7d36176df6da9a6d3cf7dfdd7e20ec5e805ecdd4bc8453d5c13e6a21aac19d6dd72284acea480782c90c79b0be7a8e681b44f9e86d99ed864a8204e27c3523511a2cd0c1e6ab1ebe6fc9ee2d60c92219fcc359eae44a9d645e9361866c572edccce244ec1fe5197902fa350f2750898fea4065fb61db3971e3ba08df2c88cd5bf97cd9f816a8088c3b7a8e15bb75a8eee103112563c1532e8919340a66ced2092b73578a1110f013b6f6188d778b97ac6dcf4d3b48fb1c8e8e96f00e0cf0133e2f53ce556abcbc5111983630e51465cd98afb2dc84746fdcb239acdd872dee15ac362744ebf9eeaa3279de1aa16f8c54a82608e3624f4ece1c24ecb4f1ed679bdccdebd1ce86c7c0a3db15686aa9244646db6faa7d27507ce1a3ca4c069eb5c1d78c801502850d128022e092774e07dcced2ad06a1e79feb3c866dfd7674541109e745c897bc722d905c6e8e9bf0f8cd9b3f594dad7c9db4179cd00d71c856dd417e151b44589478ab7e39e47c822c5eb3ad80fdb2d95db0175e4909e7e968d8989d26efd868e680cb909f742114d35874f0286f8a89a000352bc2275d68cae18d59c1e37c31b6ba5627bd36cedc5846a4efd2475419b88faca3ea53f45c8d686bfcd2cbfd2b2632bca1e397b97d0c090f33f250446ea9a7cada8d660340c9c878102663a513c2ad8423724bd1417cf2573039f2161aad9e794c7c19727e65e71ac1e51ce1b8d5e21dee98f36940b74862a1608591cedd8d56b3018582181d8da81fc36a6aa73791f67d9720629bc86e207a4cc9b78435e74af7b9d31903acf6e645b657595ec3627ebb7c07f28539a1abfa134f2cbab7b9f6a95c5258ea1139f128f868ec7dd207f82659492417f0495a7105b1e28e735913d9029b85d6c7834005affe3575d100a7ab7d875e4f29912c5ebbdd05fb8712f59707ec9d4698e83d74ae77c14eb286e68d84f6eb9dbea41736f9f89108e4885aade28cff16ebef5d3e9c20b382ace4aa82ab054a48eb8264dce1824208a338a33e67ada446a1e10facff13f50ac528bcee9dd2e4728ad0de813e171fa6056775815f0ab94d9c0046d9f17695ffc46db56e6ff3fef7bcc0904e64a9f9582ae778c1857d811066a73c76a98aeb45d838f56289050bd4ce88edbded29977171206c6ae2aa0b4c5edf249c38122e7f33e3ab2381ec988e89f3192e54a8c0b3ff2c0ca4f25beef57f18f6a8352aa6ca19dbfced8f2025d8f942662130b710470340dad42043f0f0006b335959ddb231429608e974c461edf6452dc39e3c6ace0676d8445f2bd9d7f35b12099dfa01e9aec4097689c96b376fa0ae4d8c11e74c98bf35281701aad9925a9df8708ebda195b8380f7a99e2bfd8bea4facaf5f17facd7267d2b7b6c1d21a62528a21599089b07588ae27e3e044faf267aac747548de5b15ba3f224533fc8743a6f6e89c875315d39014a8baafe96e9284f329d42b4507346374b169e7d6bce1320d03e8c2615a634d4cf961ad470f0bf263a1dcc7531c1a0185d6a3ca3015cc33a822fece40e03c2576fa7cd8cfeb1a2ea12c9ff8eb68615f639833c4096755f223cba61d51a9a15f01391beb445ac8ca5e01dc098e5dc0d5114215d83edcedc2d258f77d91d9df8b4cc1cb50691845eecb09eaf05411779238fc17c7424e571c5c83eb5c870fa6acae746bf35a2b0ad0d44a8e50d91d3e56db0c4d1eb112857bf0e240c072d529e8640a02188fb976b0520db1990346c4f04bd4f314d13eadee8d3682e053f4a9ca7399fd9c067ad36e21cd1912bf34f8b10998b49e8dd455a6de307076bf3cab8d06d44f1c7235aa7f8167b201c8c879f4ae694b75ee8d8ae46dfd0651b76956da39275c18163cb4b0fef05d4260e2cfce4c77080f5a7f052dc6677938d6724984c697c57f06ff3e0846aad975e5a3f96322dbd018f854811527a4b4ccd9d96de5e43690cad93800a42fe038c22be9a565fb42144f443f0ebac9f849b38f6b206f1ef7ffaada649137ff01e4b380ad5352c6c2ce2dd9b179bc9f5c1cce0edcc68ca8f509600bbd3d68cd41ecf5ce62f68635e9543c7787b088622eeaa7c7f9c5e500f3fbf200a3c305208ef8235c4ce0cd6a5a6512bb0f8d7c71ab7d173bd72487e49a9af989e66c4b88e66e8415d6c6869643efb7a546209c73f72e68d6a25e9fc22e62251eb065dc796d3a6e27607ef152951344be82d3939819b7894498e3fca2d034e473393a5763ff09a75459bc18eba9d7f56342365ce5b4724d4edfa9b7df3ca57edfd996ff00152b0e85d208cef3ed6fc83b88f4fb6cdb0bf175ea5bd590cf4631443be9b9e5427f16dacb23fb052ff2f9d284c0d3389d9363a24a86cd8f0c98ea944b3cb346ed964c9f2450e2d33c5094fee545604d2b82df983ed2586621386536a6258b0192f72086dfd609bedff887cccadcda62d2381641e80b74ddb8708852208e1e108c3d54f7c16ad262668c2fbfe7bc7d0d3b576f1d5e97845823dd3efdb1eef101531182f8aa0a3d4199154be481876be266a11a31f797363fc86fd0368d5f8bd392c22ba98fda7a312a9d4f56cc73831991e205c37ab71edb8f1fcba1ffa1a7c0a7cc4b23e1a7b111ba04a78d74eb7c2f6f2348f0da1bc67aaea29092abe9945c33c4511e09f7ecd952667422e9fe8ff18ab4ce96bd4111aca33a053c24e711b6b175da6aa39b1c427ef7974c8d02b113575b653922b572ecc4fae1f0e58de1a1fc48d4b624389311e9d024243eb08e527d7d509fc488a5e593384c7cb1d5054b5a06424c999ec1d6e4c78fba8a8f3f607e5ea72afaaea3d19c105d4b1e38c8c0809c14e041d5501d7d4f1687ed755437c7b8702c12fc1debc8c835a5c094059e297a0184f3a892947f63c05f7f463c624fd746a9ce4483f3deead0081cda49bcfa5db6b0761344f54029e14461c3abd6dbf09426bb6451da3fa5c4c73f998c6db76919164fafc4a755715b08c4dce3a3c3eb09768acfff98974cbbd41780bdf72f5a9a3074612cdb53cfde57c0b3bae400d0a7a85db441598946d3634c4e73ef61b19ca3f355d196b6628f405a2a9e62e4688d68b6801b546cc94a35758119a1ac85a6a245446b7d9e3a29c5dfed6ac9adb4a2ad48b80f07d80c77eb354bf248ffbd29919397829cd7431a1e36158d084631b19856bc4f46670db6c1e323b4149c48f740c64683eba123cc8e9f2f3e54c4b321182eecec488deea6443731d4744152a1bf171cc19260387c1be56704d920f9ab4b1cb6f63a3b5abec67f7c224b7e30085116c5414086d63a026ee1c5d5840afcd57d3abbccae89c7acf82c9c7839e5a20b343c7d0300e8624c9df72327713b160822b6f42b85bb7b29b27ec9648ca5170ed856799a7aa033c977534572513344a4b4f30adb1213bc2f491e5d9af4f383f71a9f2c00746a1b1019dd1c65d32b90941b8feae437d4631419e40a94375ccbc7c91c5089774075bf741ad9e9b23c16c2b2cfa17df1d9026f1ea07e4f62d84805581b261e2fbdc2959d529f57c47a2b831092c05d7c222e6e12e04a14232274088094237f32a16cf51c42ccb7b5f0799e62574881da3cd77d9bcbf6cf304d878cfc3225f4219609bae12add4be2d2d3b07cf37ec85250cd47b5717b521b61d40eaa7210ec95cdbe8776d997dd4020a2deef76cdb65aa9ffb31ced0789c1cbfbe15f19a4217cc140f8ebeceb899b8af342225c0a5720d733a08931fc891640f61f6780da836fe49ed36cdccdf27a954b2ec6f8c523cc88aceb2f5224c1df74c64f84c1feb0e2360af80bb1db133b4b3275015ee70f33a8dad0cb94607819a27fdcea69d4ad118e0dc0aafb5a3c13ecd8902d2899ea16d951e474d8f8668936e0f1ac4da382f0dd61b7648550405c41894dd48f10ca01aa9876b4009881bf7daca5be8fda9e534844bc448c7ed7d963b057e1981a43cbd94c5338a5de5f682fdc23657c13759f3db446b961fc875cee26f23775fb1e2e504b5e2924c29e7be968c1158652e557f1891e9e6bbdf3becc30a76fe69feed91985e590a3c6b7cf18d8a0a4e674415929471cbaf5792d51cb652f468e0126467de6eed7d19ec7f9d447bdb26cb15ba0aa81026da4304d08c525da36d62bef42bb4fbb67423a25247d18c1ad8692072718e0aab64eb6fba15c36cb5a5bc46647fa0b498a9e827e0fe247f49ca63c902c13a923de95f47af6af418d3ffb791ba65d521c2032fab60cf8f159648570c7af16f5e37643dfbb8c94f61c63f2a5202da81bb45ebed97037cb45701d63b68d7fb2af5c05a0d1e04fe5815def92cf03d31f0eda67b61f04fba516fb0a3c11256c75c5cae569bc8bfc9b6421476c8336956d90029086401865ac0e4ebc0422ac3edcbc1d0c16b7bb039c1af6af2aa6d2c58593eef78886453f3fa3c8b5114cc66d9c1007ed440c0f7110395ea6dd455c3c1e725a99a499eabd99ef61c735396c35677bbe7f4247ac767f590b6874b1bcbc67bbdbfffd12d2bf9c07c0fa42ee957c46606624a16c7b815ef57f79613605e53493b0a2a72f6229607dc598c65e0c06f579fbbaba9b6cf2cb98dd63f18aad8891e24e4bc77e5483daab92980bb236d73879ba244523275426d6398cd82ccbf7943c9acab5afa11cc7058ca7a56d7d01a2aa15930e50572367a057c83bcc158b82776ee92cfc3a5b16b1e90ce1993a374b5fa04d5bfcfe067bf7b56810a87f4c315e6bfd005ab0bf9b7146fc66f50216677b638369f66aebe03a5d74d54933019556b20b7db58a1a60a53882e04ec6b0f070ab7a82636eb3b8fa3bfe5cc9e0d10feb1279d446223c7709d80bcb846b26758b97c1664d155f18e612bf20788ecfe4cf8287355969225926f3c60d2f8902cf04769b7c6ea65345ae0ce5417800f71109aafe2e1e3f802492cfa5d58da4e58e12ef127e58ea2e9c21ca197829d46d0ca3ff5e3c62cb6389a9d27f5f17e12d2d6283dd82a1e4bf967a6fa6a00339a60521241552ba387a56c710a861e278a282dbd84be8fe26af48dcaa08cd2aae2be9c552b0096722f7a8f0eff0726d646eb844993fcbb09fdaf2ea198e836ac0b122472b532fb1fb5a8c10256896a5c5c1151049d8fc1ce2b8bd00186d5406f4c74db98bc466f6b187820b2be873b94e9a0906971f8c7020953a7bade0ef6a400ec5ee2f7fdea828a6c891eb0885d2a7492f54a47f45fc35edac2ae473acbfe2c005373b3b309f55e43b3cfe5336d41233c822f5c87640c9cc63eae11c80377204c07b5d68106ab33bbf768652185e272099d8ab58007f18cc3d75d49204b2db9a132a6efa84ddf5932b6484799befe0cb35d993b2ecb5a4fa8f858dee71962843e539f93d24b3ace63e42133b2f5fdbae9e3cb900a99f66e0793e68cd18767788db19d8d02d2d01cceb7024e2aa3bea39d2b37d1d646dbea7bfd1eaab3b10c72ffe5c4b32363dfc353da40546ab70711db4ee13b09597410469220870f7971fe630a56125272beb99365414de3b93d006bd7460c91800ec4044139f7bd4a5dcbf128943bc80f619d65f18d80e509409963eead7bef425a0f79d4d8728da79e1524573a03ad4bdbffe645252a2738a05fcfc0a8d5b3bee2f8b0ba864e60b910f8fb61db71220d6660b865ba279f62dc72f50dc39b1001fd9f90c24b655f957027b54704bba55e6a68ba15609c27749ee63e0a5bb0d8d573669d4e98633f144b337d5256c4e51571e167dc6b1ede5d76ee455c12c4694044f370bb69d1908dda99d1e070f4112a360caa620fe8731a3a0a6a3d2954f1d8fa3ed245cee3be920366d2ddb7512f502b3ceb4f9a9016f7b40aa6149bc8662ed6f2bb303b9490d2711d414b910500f8d8c7739d6adc44ab782409cf96ca22587606c347d81dab5932ca4752051555fcad050f6dc3fb6a82a0f8174812fcf381fdcb0be806c7f906119e4fc1fd8aa0496ad3c2c1ca4841bd9ba7d84b1d6c2ffe0e45a0737bfe2d28eaa0ec42f14f7f6ac0830608913e3def861bfc8cfce9eccc3eefeb30b4c3faec60775bd64078184a03651ebd01f69d769c547a50bf3050151ee73515e263999a6a31047d6e681ba94badfa9ba81ad532a1149e043f5ac5e1bd351dcaa9631a0ee37120767aa531375e19a0a65553bf9b5984fb0ab0af076ecf9cb635f450da403c7bd40f9e17027e0e17a916970d8cd1d77b3ceda4c0d98ac9846728d9939478ac8730a72754a5136d6f9ca183dd3c62a68ae226df92c370a052a5d1e42ad3a79408715714a3e67904609f753aea9cc90df50e1502169b3a7c3c4e03c0a6f71295458f9afc5e88ed2bfa3373c34920c3add58cc2fcd42daed040725cd82a2c717fadb2f11bce5556854c8c8b95753a49b43cc38e940b00dd9b0c9a4854440b765e0644f474dd71e6975a6ff5bec18cb9d7b9aaabbcad88f31887aef4f3a8a66f634f58175f83fec3cca404295b35ae4b65b205ccc02976f34eba4d2c88f31d81578a853f9d47cded8f38ca1c704587e6a977c3f18d14f4000d584897b9edf34359c300de42cf5dcaf9e23974ae3513d1dbb04d07dd9de703c7c39788ed5df596c19adb3d5d3bbcaea42dbbda1334cc07807ff473dd101162c4594b967912395f2465a4ed9dd75bdefac56f77f744ca975570cef209e36ea5233920a4bb458e77c1c5d50602e00249f76108eb73bb5539c9e57afd9b3219b790a540483bfe6b4e8f9777c9d78334318eefb90cce202172c229d9ce4a2fa6159e82018d2f72545bf623f28f3dd3e18b8222c446f0d711e9a7f0307abd7bdd25816baf295ee9d3b277240bd42b6353b4fa71165fc89ba53e892a70fe9cd69ba38aeafddbed91fbd0bba04b66ccd756efeda65fa67c41c72de3830f42fb75bedefb9bbfa776d1a1ff6c303ae44cc99b2f318401ff9db43eccfafef31d72545eddbfb4c4fcc55f3479755913e7a4fb2c76bc08b1a1d8365f3babe0bdf119200ef313566d46dfa8fed33765224bd69bf37345757b7e6b0704dc5675a4a0171299436fac73114b8aceff339298c986ada5772cc0316fc1326cbc606b82919494520c2c5e14f09b77d89b56a509eb94cfbd81ef7c4c7314b720f6dd16938e000fa20f0a476e0fd701b6d0148187b0ccf0df72fc336dc1cba7b140386b019207d5bbd61a8f85bd4cf7c2c3547001ca915c9c93aab8dc109095424c606e4531170a3400433fa923ae5e3cea7bed7e5af9dd22beac22229ca2447700bbbcea76239cb09803a8fa647469cf904d5dd8463020ede265f038fb4b74b30d92b4562e0cf6047315ff4fabce4d4541177655e6c5a7281a75f1001c7c40e7c2181035c4faf057dcf4a70459cdcd6316aa97017a52a41f3243877e2ff922401dd62e9dfc115b727732dff8c122fbb7b5eb36986553d1b7be45481cfa6f0931d6231028dded48db5dada0d5388b732f83975ee7b9cc7df48d2ccbfb01c228cc8f77260f5b5161f6f0dacf70db9f9cb6ee5c7fb9a3232ef7e5b84144d398b444036fca83998c0b9b00f28c64b785d9bf14884fb441c0fbdaf8282868cbcf6973d619acc732c6106886242a0c5aa8cd40ed1a93f5a291694bdbe6ef2aaefde8e5fca5ef38fde0299c5e1709b3e4f69ac614775a1599bfaad7d3a0e494eda3b15e5e780a82eebc44e70ab5fa032998048990c825c2cb55335c93071c4873f4fb1b82c0c4a191e752a1a52ab4c6b985b37e6d8c5906fb65283fa925d9b5ba859ea23e1227c40c6eefffc4d5739a3d92155a6a4e49e6d35787bdd2430629b47a4f5367f7391f25955b1595972960b4fe194e30cb32a9f9c51589ae188f26d0f3
2 REG_BINARY 22f7e8702cfa5096ed8adaf926e547f2db46c5c87696ae6c009dbd715b04bee789d9387234989703414a5f67d08a1cb3f1346ca48547f32eb0baeeb6d3
7 REG_BINARY 3f10c388a674badd
8 REG_BINARY 1bd05cdfe2665f7624ce331f9fc18a66db3b8789cd2dd64737259f7969d00fba4bb30eca440f9bfc4a61fb459da5ceea0a8e
1 REG_BINARY 4fc41d31fe
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Activities
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Cache
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Connections
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Lockdown_Zones
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\P3P
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Passport
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\ZoneMap
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Zones
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
Error: Key: software\microsoft\internet explorer\search does not exist!
.
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_USERS\.default\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ S-X77KYUR7FRZNA
DefaultUserName REG_SZ Marteezy
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ c:\WINDOWS\system32e\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Marteezy
AltDefaultDomainName REG_SZ S-X77KYUR7FRZNA
EnableConcurrentSessions REG_DWORD 0 (0x0)
DomainName REG_BINARY 53002d005800370037004b005900550052003700460052005a004e0041000000
UserName REG_BINARY 4d00610072007400650065007a0079000000
Password REG_BINARY 6d006f00720065006e006f000000
LegalNotice Text REG_SZ
Taskman REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon
ParseAutoexec REG_SZ 1
ExcludeProfileDirs REG_SZ Local Settings;Temporary Internet Files;History;Temp
BuildNumber REG_DWORD 2600 (0xa28)
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
DebugOptions REG_SZ 2048
Documents REG_SZ
DosPrint REG_SZ no
NetMessage REG_SZ no
NullPort REG_SZ None
Programs REG_SZ com exe bat pif cmd
Run REG_SZ
Load REG_SZ
Device REG_SZ HP Officejet J5700 Series (Copy 2),winspool,Ne03:
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
urun: [Logitech Vid] "c:\Program Files\Logitech\Logitech Vide\vid.exe" -bootmode
urun: [Google Update] "c:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Updatee\GoogleUpdate.exe" /c
urun: [QuickTime Task] "c:\Program Files\QuickTimee\QTTask.exe" -atboottime
urun: [ctfmon.exe] c:\WINDOWS\system32e\ctfmon.exe
urun: [MSMSGS] "c:\Program Files\Messengere\msmsgs.exe" /background
urun: [SUPERAntiSpyware] c:\Program Files\SUPERAntiSpywaree\SUPERAntiSpyware.exe
mrun: [NvCplDaemon] RUNDLL32.EXE c:\WINDOWS\System32e\NvCpl.dll,NvStartup
mrun: [nwiz] nwiz.exe /install
mrun: [NvMediaCenter] RUNDLL32.EXE c:\WINDOWS\System32e\NvMcTray.dll,NvTaskbarInit
mrun: [HP Software Update] c:\Program Files\HP\HP Software Updatee\HPWuSchd2.exe
mrun: [SunJavaUpdateSched] "c:\Program Files\Common Files\Java\Java Updatee\jusched.exe"
mrun: [LogitechQuickCamRibbon] "c:\Program Files\Logitech\Logitech WebCam Softwaree\LWS.exe" /hide
mrun: [AVP] "c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\avp.exe"
mrun: [QuickTime Task] "c:\Program Files\QuickTimee\QTTask.exe" -atboottime
mrun: [iTunesHelper] "c:\Program Files\iTunese\iTunesHelper.exe"
mrun: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Readere\Reader_sl.exe"
mrun: [Adobe ARM] "c:\Program Files\Common Files\Adobe\ARM\1.0e\AdobeARM.exe"
mrun: [Ccubelu] rundll32.exe "c:\WINDOWSe\ojiyibewe.dll",Startup
c:\DOCUME~1\Marteezy\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files\LimeWiree\LimeWire.exe
c:\DOCUME~1\Marteezy\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office12e\ONENOTEM.EXE
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files\HP\Digital Imaging\bine\hpqtra08.exe
.
ie: SteelWerX Registry Console Tool 2.0
ie: Written by Bobbi Flekman 2006 ©
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\E&xport to Microsoft Excel
ie: <NO NAME> REG_SZ res://c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE/3000
ie: Contexts REG_DWORD 1 (0x1)
.
ie: {SteelWerX Registry Console Tool 2.0
ie: {Written by Bobbi Flekman 2006 ©
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}
ie: { KeyPath - REG_SZ Yes
ie: { ButtonText - REG_SZ Send to OneNote
ie: { MenuText - REG_SZ S&end to OneNote
ie: { ToolTip - REG_SZ Send to OneNote
ie: { Default Visible - REG_SZ Yes
ie: { HotIcon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\ONBttnIE.dll,103
ie: { Icon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\ONBttnIE.dll,103
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{4248FE82-7FCB-46AC-B270-339F08212110}
ie: { ButtonText - REG_SZ &Virtual keyboard
ie: { HotIcon - REG_SZ c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\kbrd.ico
ie: { Icon - REG_SZ c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\kbrd.ico
ie: { Default Visible - REG_SZ YES
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ie: { Icon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\REFBAR.ICO
ie: { HotIcon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\REFBARH.ICO
ie: { ButtonText - REG_SZ Research
ie: { Default Visible - REG_SZ Yes
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{CCF151D8-D089-449F-A5A4-D9909053F20F}
ie: { ButtonText - REG_SZ URLs c&heck
ie: { HotIcon - REG_SZ c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\logo.ico
ie: { Icon - REG_SZ c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\logo.ico
ie: { Default Visible - REG_SZ YES
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ie: { ButtonText - REG_SZ Messenger
ie: { Default Visible - REG_SZ Yes
ie: { Exec - REG_SZ c:\Program Files\Messengere\msmsgs.exe
ie: { HotIcon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,302
ie: { Icon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,301
ie: { MenuText - REG_SZ Windows Messenger
ie: { ToolTip - REG_SZ Windows Messenger
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { ClsidExtension - REG_SZ {48E73304-E1D6-4330-914C-F5F514E3486C} - {48e73304-e1d6-4330-914c-f5f514e3486c}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { ClsidExtension - REG_SZ {4248FE82-7FCB-46AC-B270-339F08212110} - {4248fe82-7fcb-46ac-b270-339f08212110}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - {e0dd6cab-2d10-11d2-8f1a-0000f87abd16}\inprocserver32 does not exist!
IE: { BandCLSID - REG_SZ {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - {ff059e31-cc5a-4e2e-bf3b-96e929d65503}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { ClsidExtension - REG_SZ {CCF151D8-D089-449F-A5A4-D9909053F20F} - {ccf151d8-d089-449f-a5a4-d9909053f20f}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes
<NO NAME> REG_SZ DirectAnimation Java Classes
SystemComponent REG_DWORD 1 (0x1)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes\Contains\Java
com.ms.dxmedia REG_SZ
com.ms.dxmedia.rawcom REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes\DownloadInformation
CODEBASE REG_SZ file://c:\WINDOWS\Java\classese\dajava.cab
OSD REG_SZ c:\WINDOWS\Downloaded Program Filese\DirectAnimation Java Classes.osd
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes\InstalledVersion
<NO NAME> REG_SZ 5,1,15,1014
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java
<NO NAME> REG_SZ Microsoft XML Parser for Java
SystemComponent REG_DWORD 1 (0x1)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java\Contains\Java
com.ms.xml.dso REG_SZ
com.ms.xml.om REG_SZ
com.ms.xml.parser REG_SZ
com.ms.xml.util REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java\DownloadInformation
CODEBASE REG_SZ file://c:\WINDOWS\Java\classese\xmldso.cab
OSD REG_SZ c:\WINDOWS\Downloaded Program Filese\Microsoft XML Parser for Java.osd
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java\InstalledVersion
<NO NAME> REG_SZ 1,0,9,2
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\Contains\Files
c:\WINDOWS\system32e\LegitCheckControl.DLL REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation
CODEBASE REG_SZ http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\LegitCheckControl.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\InstalledVersion
<NO NAME> REG_SZ 1,9,42,0
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\Contains\Files
c:\WINDOWS\System32e\wuweb.dll REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\DownloadInformation
CODEBASE REG_SZ http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265529029687
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\wuweb.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\InstalledVersion
<NO NAME> REG_SZ 7,4,7600,226
LastModified REG_SZ Fri, 07 Aug 2009 03:58:59 GMT
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.18
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.18
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.18
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Contains\Files
c:\WINDOWS\Downloaded Program Files\CONFLICT.1e\FP_AX_CAB_INSTALLER.exe REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation
CODEBASE REG_SZ http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Files\CONFLICT.1e\swflash.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InstalledVersion
<NO NAME> REG_SZ 10,1,53,64
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
Error: Value: "NameServer" does not exist!
.
.
SteelWerX Registry Console Tool 2.0
.
HKEY_CLASSES_ROOT\clsid\{5ae067d3-9afb-48e0-853a-ebb7f4a000da}
AppID REG_SZ {C615554D-7B87-4275-84FF-8E0BA2AD071B}
.
<NO NAME> REG_SZ c:\Program Files\SUPERAntiSpywaree\SASSEH.DLL
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\clsid\{5ae067d3-9afb-48e0-853a-ebb7f4a000da}\ProgID
<NO NAME> REG_SZ ShellExecuteHook.SABShellExecuteHook.1
HKEY_CLASSES_ROOT\clsid\{5ae067d3-9afb-48e0-853a-ebb7f4a000da}\Programmable
.
<NO NAME> REG_SZ {D01E70E5-2E5A-4EDC-B8A7-84FA45346E34}
.
<NO NAME> REG_SZ ShellExecuteHook.SABShellExecuteHook
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
d; /.* /!d; s//securityproviders: /
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Authentication Packages REG_MULTI_SZ msv1_0
Bounds REG_BINARY 0030000000200000
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest
LsaPid REG_DWORD 1364 (0x554)
SecureBoot REG_DWORD 1 (0x1)
auditbaseobjects REG_DWORD 0 (0x0)
crashonauditfail REG_DWORD 0 (0x0)
disabledomaincreds REG_DWORD 0 (0x0)
everyoneincludesanonymous REG_DWORD 0 (0x0)
fipsalgorithmpolicy REG_DWORD 0 (0x0)
forceguest REG_DWORD 1 (0x1)
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0 (0x0)
lmcompatibilitylevel REG_DWORD 0 (0x0)
nodefaultadminowner REG_DWORD 1 (0x1)
nolmhash REG_DWORD 0 (0x0)
restrictanonymous REG_DWORD 0 (0x0)
restrictanonymoussam REG_DWORD 1 (0x1)
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Notification Packages REG_MULTI_SZ scecli
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 1 (0x1)
enabledcom REG_SZ y
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems
windows REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
127.0.0.1 localhost
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\WINDOWS\system32\driverse\klbg.sys [2010-11-23 36880]
R1 kl1;Kl1;c:\WINDOWS\system32\driverse\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\WINDOWS\system32\driverse\klif.sys [2010-11-23 315408]
R1 SASDIFSV;SASDIFSV;c:\Program Files\SUPERAntiSpywaree\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\Program Files\SUPERAntiSpywaree\SASKUTIL.SYS [2010-5-10 67656]
R2 AVP;Kaspersky Anti-Virus;c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\avp.exe [2009-10-20 340456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\WINDOWS\system32\driverse\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\WINDOWS\system32\driverse\klmouflt.sys [2009-10-2 19472]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\WINDOWS\system32\driverse\lne100v5.sys [2010-2-5 36224]
.
=============== File Associations ===============
.
acrobat="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" /u "%1"
AcroExch.acrobatsecuritysettings.1="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.Document="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.Document.7="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.FDFDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.pdfxml.1="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.RMFFile="c:\Program Files\Adobe\Acrobat 5.0\Readere\AcroRd32.exe" "%1"
AcroExch.XDPDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.XFDFDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
acwfile=%SystemRoot%\system32\accwiz.exe %1
Adobe.SVGCtl="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
AIFFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
Application.Manifest=rundll32.exe dfshim.dll,ShOpenVerbApplication %1
Application.Reference=rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
ASFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
ASXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AUFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AVIFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:8 /Open "%L"
avsfile=notepad.exe "%1"
avs_auto_file=notepad.exe "%1"
!d
Briefcase=explorer.exe %1
callto=rundll32.exe msconf.dll,CallToProtocolHandler %l
CATFile=rundll32.exe cryptext.dll,CryptExtOpenCAT %1
cdafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
CERFile=rundll32.exe cryptext.dll,CryptExtOpenCER %1
CertificateStoreFile=rundll32.exe cryptext.dll,CryptExtOpenSTR %1
certificate_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /certificate %1
cfxxefile="%1" %*
!d
ChromeHTML="c:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Applicatione\chrome.exe" -- "%1"
ChromeHTML.cool kid="c:\Documents and Settings\cool kid\Local Settings\Application Data\Google\Chrome\Applicatione\chrome.exe" -- "%1"
ChromeHTML.Marteezy="c:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Applicatione\chrome.exe" -- "%1"
clpfile=clipbrd.exe %1
!d
!d
CompressedFolder=rundll32.exe zipfldr.dll,RouteTheCall %L
ConferenceLink=rundll32.exe msconf.dll,OpenConfLink %l
Connection Manager Profile=c:\WINDOWS\System32e\CMMGR32.EXE "%1"
CRLFile=rundll32.exe cryptext.dll,CryptExtOpenCRL %1
daap=c:\Program Files\iTunese\iTunes.exe /url "%1"
DocShortcut=rundll32 %SystemRoot%\System32\shscrap.dll,OpenScrap_RunDLL /r /x %1
dqyfile=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE
dunfile=%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1
DVDFlick="c:\Program Files\DVD Flicke\dvdflick.exe" -load "%1"
emffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
Excel.Addin="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.AddInMacroEnabled="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Backup="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Chart=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE /e
Excel.CSV="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Macrosheet="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.OpenDocumentSpreadsheet.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Sheet.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Sheet.8="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SheetBinaryMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SheetMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SLK="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Template="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Template.8="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.TemplateMacroEnabled="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Workspace="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.XLL="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excelhtmlfile="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE"
Excelhtmltemplate="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE"
!d
FirefoxHTML="c:\Program Files\Mozilla Firefoxe\firefox.exe" -requestPending -osint -url "%1"
FirefoxURL="c:\Program Files\Mozilla Firefoxe\firefox.exe" -requestPending -osint -url "%1"
fndfile=%SystemRoot%\Explorer.exe
Folder=%SystemRoot%\Explorer.exe /idlist,%I,%L
fonfile=%SystemRoot%\System32\fontview.exe %1
ftp="c:\Program Files\Internet Explorere\IEXPLORE.EXE" %1
giffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
gopher="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
h323file="rundll32.exe" msconf.dll,NewMediaPhone %l
HCP=%SystemRoot%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -FromHCP -url "%1"
helpfile=winhlp32.exe %1
hlpfile=%SystemRoot%\System32\winhlp32.exe %1
htafile=c:\WINDOWS\system32e\mshta.exe "%1" %*
htfile="c:\Program Files\Windows NTe\HYPERTRM.EXE" %1
htmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
HTTP="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
https="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
iiifile="rundll32.exe" msconf.dll,NewMediaPhone %l
!d
!d
InternetShortcut="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\ieframe.dll",OpenURL %l
InterTrustSPOP="c:\Program Files\Internet Explorere\iexplore.exe" -nohome %1
iqyfile=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE /e
itls=c:\Program Files\iTunese\iTunes.exe /url "%1"
itms=c:\Program Files\iTunese\iTunes.exe /url "%1"
itmss=c:\Program Files\iTunese\iTunes.exe /url "%1"
itpc=c:\Program Files\iTunese\iTunes.exe /url "%1"
ITS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
iTunes=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.aa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aax="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aif="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aifc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aiff="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.AssocProtocol.itls=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.cda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.cdda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipsw="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itdb="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ite="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itl="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itlp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itms="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itpc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u8="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4a="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4b="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4p="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4r="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4v="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mov="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp2="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp3="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpeg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pcast="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.rmp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wav="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wave="c:\Program Files\iTunese\iTunes.exe" /open "%L"
jarfile="c:\Program Files\Java\jre6\bine\javaw.exe" -jar "%1" %*
JNLPFile="c:\Program Files\Java\jre6\bine\javaws.exe" "%1"
jpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
LDAP="c:\Program Files\Outlook Expresse\wab.exe" /ldap:%1
Logitech.VideoEffectPackageHandler=c:\PROGRA~1\COMMON~1\Logishrd\LQCVFXe\MODELF~1.EXE "%1"
m3ufile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
MacromediaFlashPaper.MacromediaFlashPaper="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome "%1"
mailto="%ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%1
MediaPackageFile="c:\Program Files\Microsoft Office\Office12e\MSTORE.EXE" "%1"
mhtmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
Microsoft Internet Mail Message="%ProgramFiles%\Outlook Express\msimn.exe" /eml:%1
Microsoft Internet News Message="%ProgramFiles%\Outlook Express\msimn.exe" /nws:%1
Microsoft.InformationCard=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
Microsoft.WindowsCardSpaceBackup=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
MIDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
MMS="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMST="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMSU="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
mp3file="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
mpegfile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:9 /Open "%L"
MPlayer=mplay32.exe /play /close "%L"
msbackupfile=%SystemRoot%\system32\ntbackup.exe
MSBD="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MSCFile=%SystemRoot%\system32\mmc.exe "%1" %*
MSDASC=Rundll32.exe c:\PROGRA~1\COMMON~1\System\OLEDB~1e\oledb32.dll,OpenDSLFile %1
Msi.Package="%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Patch="%SystemRoot%\System32\msiexec.exe" /p "%1" %*
MSInfo.Document=c:\Program Files\Common Files\Microsoft Shared\MSInfoe\MSInfo32.exe /msinfo_file %1
MSProgramGroup=c:\WINDOWS\system32e\grpconv.exe %1
MsRcIncident=%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"
msstylesfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"
news="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:%1
nntp="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:%1
nView.Profile=rundll32.exe nview.dll,nViewCmd loadprofile shell "%1"
OfficeTheme.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
OneNote=c:\PROGRA~1\MICROS~2\Office12e\ONENOTE.EXE /hyperlink "%1"
OneNote.Package="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" "%1"
OneNote.Section.1="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" "%1"
OneNote.TableOfContents="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" /navigate "%1"
OneNote.TableOfContents.12="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" /navigate "%1"
otffile=%SystemRoot%\System32\fontview.exe %1
P7RFile=rundll32.exe cryptext.dll,CryptExtOpenP7R %1
P7SFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
Paint.Picture=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pbkfile=%SystemRoot%\system32\rasphone.exe -f "%1"
pcast=c:\Program Files\iTunese\iTunes.exe /url "%1"
PDXFileType="c:\Program Files\Adobe\Acrobat 5.0\Readere\AcroRd32.exe" "%1"
PerfFile=%SystemRoot%\system32\perfmon.exe %1
pfmfile=%SystemRoot%\System32\fontview.exe %1
!d
pjpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pngfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
PowerPoint.Addin.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Addin.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.OpenDocumentPresentation.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Show.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Show.4=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Show.7=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Show.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.ShowMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Slide.12=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.4=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.7=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.8=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.SlideMacroEnabled.12=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.SlideShow.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShow.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShowMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.Template.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Template.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.TemplateMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Wizard.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
powerpointhtmlfile="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
powerpointhtmltemplate="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
powerpointxmlfile="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
ppifile=%SystemRoot%\System32\msppcnfg.exe /Config %1
prffile="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\msrating.dll",ClickedOnPRF %1
Publishing Folder=explorer.exe /idlist,%I,%L
QuickTime.3g2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gpp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aac=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.ac3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.adts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aifc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aiff=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.amc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.AMR=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.au=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.avi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.bmp=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.bwf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.caf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cdda=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cel=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dib=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.dif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.flc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.fli=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gsm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.jp2=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpe=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpeg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.kar=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m15=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1s=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3u=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3url=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4b=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4p=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m75=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mac=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.mid=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.midi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mov=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp4=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpeg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mqv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.pct=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pic=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pict=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.png=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pnt=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pntg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.psd=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qcp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qht=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qhtm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qt=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qti=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtl=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.rgb=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.rts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.rtsp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sd2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sgi=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.smf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smil=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sml=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.snd=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.swa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.targa=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tga=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tiff=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.ulw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.vfw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.wav=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
rar_auto_file="c:\Program Files\iTunese\iTunes.exe" /open "%L"
ratfile="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\msrating.dll",ClickedOnRAT %1
!d
!d
rlogin="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
rtffile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
SavedDsQuery=rundll32 %SystemRoot%\System32\dsquery.dll,OpenSavedDsQuery %1
!d
scriptletfile="c:\WINDOWSe\NOTEPAD.EXE" "%1"
SHCmdFile=explorer.exe
Shell=%SystemRoot%\Explorer.exe /idlist,%I,%L
ShellScrap=rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
snews="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:%1
SoundRec="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
SPCFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
STLFile=rundll32.exe cryptext.dll,CryptExtOpenCTL %1
T126_Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" - "%1"
telnet=rundll32.exe url.dll,TelnetProtocolHandler %l
themefile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"
TIFImage.Document=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
tn3270="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
ttcfile=%SystemRoot%\System32\fontview.exe %1
ttffile=%SystemRoot%\System32\fontview.exe %1
!d
ulsfile="rundll32.exe" msconf.dll,NewMediaPhone %l
vcard_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /vcard %1
VisioViewer.Viewer="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" %1
WAXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
webpnpFile=%SystemRoot%\system32\wpnpinst.exe %1
Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" "%1"
Windows.CompositeFont="%WinDir%\System32\notepad.exe" "%1"
Windows.Movie.Maker=c:\Program Files\Movie Makere\moviemk.exe "%1"
Windows.XamlDocument="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
Windows.Xbap="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
WinRAR="c:\Program Files\WinRARe\WinRAR.exe" "%1"
WinRAR.REV="c:\Program Files\WinRARe\WinRAR.exe" "%1"
WinRAR.ZIP="c:\Program Files\WinRARe\WinRAR.exe" "%1"
wmafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:5 /Open "%L"
WMDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /WMPackage:"%L"
wmffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
WMP.DVR-MSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
WMSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
WMVFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
WMZFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
Word.Backup.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Document.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Document.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.DocumentMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.OpenDocumentText.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.RTF.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Template.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Template.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.TemplateMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
wordhtmlfile="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE"
wordhtmltemplate="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE"
Wordpad.Document.1="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
WPLFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
wrifile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
WVXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
x-internet-signup=%ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE %1
XEV.FailSafeApp=%SystemRoot%\system32\NOTEPAD.EXE %1
XEV.GenericApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
XEV.OriginalApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
xmlfile="c:\Program Files\Common Files\Microsoft Shared\OFFICE12e\MSOXMLED.EXE" /verb open "%1"
XPSViewer.Document.1="c:\WINDOWS\system32\XPSViewere\XPSViewer.exe" "%1" %*
xslfile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
zapfile=%SystemRoot%\system32\NOTEPAD.EXE %1
.bat
.cmd
.com
.exe
.scr
.reg
.txt
.
=============== Created Last 30 ================
.
2011-02-06 20:34:03 -------- d-----w- c:\DOCUME~1\ALLUSE~1\APPLIC~1e\hIoIcJe09000
.
==================== Find3M ====================
.
2011-03-01 22:07:48 118784 --sha-r- c:\WINDOWS\system32e\rcimlbye.dll
.
============= FINISH: 20:29:37.57 ===============

Edited by Orange Blossom, 08 March 2011 - 06:00 PM.


BC AdBot (Login to Remove)

 


#2 wukillalogic

wukillalogic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 07 March 2011 - 12:12 AM

Here is the GMER log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Marteezy at 20:26:57.56 on Sun 03/06/2011
internet explorer: 8.0.6001.18702
browserjavaversion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.405 [GMT -8:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marteezy\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\Marteezy\My Documents\Downloads\dds.scr
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marteezy\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\Marteezy\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
NoUpdateCheck REG_DWORD 1 (0x1)
NoJITSetup REG_DWORD 1 (0x1)
Disable Script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
XMLHTTP REG_DWORD 1 (0x1)
UseClearType REG_SZ yes
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Start Page REG_SZ http://www.google.com/
CompatibilityFlags REG_DWORD 0 (0x0)
FullScreen REG_SZ no
Window_Placement REG_BINARY 2c0000000200000003000000ffffffffffffffffffffffffffffffffb900000000000000d903000058020000
IE8RunOnceLastShown REG_DWORD 1 (0x1)
IE8RunOnceLastShown_TIMESTAMP REG_BINARY e0913a22bbc1cb01
IE8TourShown REG_DWORD 1 (0x1)
IE8TourShownTime REG_BINARY d6850ace48c5ca01
Start Page Redirect Cache_TIMESTAMP REG_BINARY 8820cdfebac1cb01
Start Page Redirect Cache AcceptLangs REG_SZ en-us
NotifyDownloadComplete REG_SZ yes
Check_Associations REG_SZ yes
AutoHide REG_SZ yes
Use FormSuggest REG_SZ no
RunOnceHasShown REG_DWORD 1 (0x1)
RunOnceComplete REG_DWORD 1 (0x1)
IE8RunOncePerInstallCompleted REG_DWORD 1 (0x1)
IE8RunOnceCompletionTime REG_BINARY 9af88b37bbc1cb01
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\Default Feeds
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\FeatureControl
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\WindowsSearch
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0a000000
Delete_Temp_Files_On_Exit REG_SZ yes
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1a000000
Placeholder_Height REG_BINARY 1a000000
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\ErrorThresholds
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\FeatureControl
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\UrlTemplate
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0 (0x0)
MigrateProxy REG_DWORD 1 (0x1)
EnableNegotiate REG_DWORD 1 (0x1)
ProxyEnable REG_DWORD 0 (0x0)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 1 (0x1)
UrlEncoding REG_DWORD 0 (0x0)
SecureProtocols REG_DWORD 160 (0xa0)
PrivDiscUiShown REG_DWORD 1 (0x1)
PrivacyAdvanced REG_DWORD 0 (0x0)
ZonesSecurityUpgrade REG_BINARY ec0dbc52d6bdca01
DisableCachingOfSSLPages REG_DWORD 0 (0x0)
WarnonZoneCrossing REG_DWORD 1 (0x1)
EnableAutodial REG_DWORD 0 (0x0)
WarnonBadCertRecving REG_DWORD 1 (0x1)
WarnOnPostRedirect REG_DWORD 0 (0x0)
WarnOnHTTPSToHTTPRedirect REG_DWORD 1 (0x1)
ProxyOverride REG_SZ *.local
5 REG_BINARY c102d231de0fe22e11110b67f2f3295d75b5530362980efb1e872a1f6a38a55ebe127f14f356524c41141d381f54e2d29f630334e8c182779e2048067b275e0f
4 REG_BINARY 450f780bddc165fc31036138db0bba0dfa1863a483514aa8f4f922797a2b6dad603f17b473182df6468790f909d450bb836c8426c865c994b3a07527a956ad31efbf83b26e25f51a8bad7958da697a36c4e7205fbf6480e52adaedac94a191e75e46b490a033dd13ae2d841e7a1b675683c3567f0e9731331cb45fca55a5533d2f0df06ef13e6e25f1662c6011255c325465bae2c3414d16a0f1d6559c024d757c4d5364d343b5205bca641e4f469416a72b1e6a1e7265a09ac8a26a5cb841cdaf6142f7fffafe03798c7cf7267d8e8dee481d6d57f07b3f72118ddbfeca63d05d224fe1a40086d01a881073949512fe5d0e50420e02230c002b8d29399ff084cd2d7c00661e8dcdc9f8ea9b5a10353f2327d9b5da8ee39a143a4e8e9e6f28b07987f10bb97749b99e6cc19925759ee9a415bca4c6424036a7b48465fe6b76f62aeb2f524b5d8473a1a98131f4bbde054421cb09e601e358aff65534b6181a46b0e8e000b1125d68b6ad5ca8f51e9493ce5ea22972ab9bc52b306098bde6565884a7e64ed6f70f6422d0053d3d90d0c035bf02aad203261502a30135bcaeaa01e05eb7e6f548ac243948905365bf13dd7bd61dab467b9fd2430eb839ddc2ce850fe2030d419a563c78342cf8ececd49c49149eb3de00f395e8d35893e017ca01e6fcb584b6ac9aa3f3a1fb444ef1a05a606a47d5862cda0c85c8b9ddcfab40d23bd67afbca0acf83518de3cf41b259c354d037c3bf4bb79fecdf14d111f0fae15e75c622fc47935a1f5fdfacb9be3438b0850d27b1fc98844dda82cda47ea6a4bb01da05bc119d935d34b3e156e9b3e20110cda8cf806e32513969102dc70ef42fa7aac222a184791b711b5b3a35dd991b68574462dd9087649b303e45223d479ce144d0b6516e82575df3b32c6ae2bf159e46823cbcee9c7a0cbf82cbb7d4325d3ed36a4e4d90120a29c72c33861b85b024eacff2ee0b1de6c094a64d16768cf59dabfa6c9d97ba74e2f2b091a0def33ccfc2a910abc5dc8bc45668e10660cc5b4f066eb489dd24a158ffd084fb8ea6af3eef973c88a34ffb6ba91bca88578a901c4043725ed0e55869be22e62f921c2e6e35a653dc0f9176100d2fef571aa59959691f34516bf078d55486af5a4562d024343ea13e9c41241321eb7dd7986b46dcbf4c191174852d3a0ee8e1d1c0d0cc8ddfd8203ccf7e757ba75a3b1a76d8a250ec03d4f127cabf63418b835acbaa67d8d0942103429c7a5f8c24f7220dfd64839089d49b4e8a5740d52cebab74dcbf08d25e9aaf1fe554535f71dfb1e0f4652bd4af1d97182521913a8bbf384851ce272a91bd520ae26324f5e3be4cd309ec764ee47a3f9cfc7f453c0b0514ecbb0221f72314f52f9a7b90c04ee9a4d6759d5c095cd2a20c05d4f98fcad35641e903897ebc1b59299446043366a9727d114ef45704027595c390f2cda14602d145e04be61d100dcd82ccefd03f0ec3803ada1894f02fe94c04e744b68d2554e66162df2805b1aeae5649964adf4ac2abecc146ec86f39ed7979f39675df38db17792a1803558986621a9c9a6b901906e736ae5e92cf0db62b7abf2ee936f6b67137fdb5f2252c0b3c5f547df6a54f93a708eada60bad8922774fd44e1ff770ebf4ee6cc75c314ea8b0ce2198fcc291e5fe164199b1137cd48dc79c7b9555274807b79073ca57548edc48db4b1818f0a10bba751409d536a46496ad5b84a16ef96eebf2623096d66e1965cad2c2f0c4f2a8eb367611fd5643cb4efeb713473652842fddae2a55a7513a606458a33fc809c98e1fcfbaece8f41bb3be833ce399d8387a7eee777a2c390a6285536a79bb8eca8de9bd8e35cc16b68571e46320bd10982123f37f0b03cefc01dad151cf0c2fce19716b2d8b750d3f27813ad39df9709d5dcf78e0d7785188ee07a288207ad633126275a75380ed2783eda6b38cf30360378730e344c6f34c04019a74bb8be9bd48fb264c3a3caa24799d4e5eac0621e0bc8b956d3b53525f52ef631dbdb33fcadab71894ea4ad03868283d4ad3fbec14eb3ded8634218eb8062059f974fbcf332e9520d5f7fa8fe6f02427f208d3d1dcf9c348f3902d12158a9648c6978c9d71ebdabce3639444db7e09cb95f877ab5138848421350ce6cbd28e0bf8fd121db74a1de14d1081bcb95ea652e41f2247dc59d1520e2a3b1d7e0330f42e248144d8e3ea41ce53c3b8816b91fc887027a03299cc2f6c8a9d2cbfb7e24121a6b978f5d8c770e80928d21aebd22743b58ff3df0d02950c76636dae9fe5fbea9c89efa48fa8c2dd1c2b3c8284f184e4d7735187ffe3a3360bdce99c32e56889181331666d4bdd7834310c75870fb4665f5f2c523079977cd467ec0c2199a893cd3ebd62c2f935bc0c7707c80e5a7d251dc7ce0679f6d64d4fd96a215d33ce7aedb7ec9957fd5b0c4ac6888fdf25aee3cdf9135808eee4a2dea49b9a3bc26b691e2d141a8a7a6af9f12d24d27c9b291330409b31e6ad2a1fe8087edc83c20f1670648df8c38a7661adc0885ec858f1164b202cc12e25fad932125b0d3f37063de9f6361f2034155cfc41ebfca653ae976598ef246108081e6289b50e9802d7ac12c62566ac16c464fa97dbdbf9a08e87393a90695b77e6fa0179acbf001efaf618d7297afee6c70fd786093444e4f6f5996e0a30309a197a29dc9308e1b86f75ed1e057f5f7eafef91478fd3b36379310a083b1614b2ccf305461ec20bcbcb0c2421588c58a967953b8d83d3aeb8b0f2c4fe580d7d73737ee5a6c2574486a6ae5c5029de0205debddc6e7300ee637b6f7e171804d0c43928c4a9dff0a38a4a6c9bb07c612196149556961eaba6e4242b74ed0a37c9017b56be98b48f04d801791b370f57fb20499774637140843dd81dc623cd2ad27ac76be05a92613552f8ad23c94d1800c9833ef35c51d457ccaaa122fe5f0bd710da8ccd43a54ef4e02bba91397e3082acfec226177ca1d8c66c2e99328ca1a4ee4598f32de6503937cf530965cb6d9c02b71e1d697d104cceedc3c12fef681593266b46e183073d33c03ec8d25e975afcfb82f63d3e359fb0b2128a507225b0c6d25483307637ac39c51d7c71dc428c2c49810b6908d39f8b20a0fddac61c773ea21abde38945467e75c3dbc7e215e1afe4e59ab1d6b7328b4dd6f3da516a5715316a2f83dd251742a05607fdcff1e23e13897431ae16b6eea9581ee737794d920e93a7da41b80b102276adc61ea8824d55a38fd15d7ff1b5d5826416c9d76ace5ac9d75bb9029aaad0aff22ff9bf81073dfd75b66eb9fb44e123acb4c2ae0d0a9b3af749b7d36176df6da9a6d3cf7dfdd7e20ec5e805ecdd4bc8453d5c13e6a21aac19d6dd72284acea480782c90c79b0be7a8e681b44f9e86d99ed864a8204e27c3523511a2cd0c1e6ab1ebe6fc9ee2d60c92219fcc359eae44a9d645e9361866c572edccce244ec1fe5197902fa350f2750898fea4065fb61db3971e3ba08df2c88cd5bf97cd9f816a8088c3b7a8e15bb75a8eee103112563c1532e8919340a66ced2092b73578a1110f013b6f6188d778b97ac6dcf4d3b48fb1c8e8e96f00e0cf0133e2f53ce556abcbc5111983630e51465cd98afb2dc84746fdcb239acdd872dee15ac362744ebf9eeaa3279de1aa16f8c54a82608e3624f4ece1c24ecb4f1ed679bdccdebd1ce86c7c0a3db15686aa9244646db6faa7d27507ce1a3ca4c069eb5c1d78c801502850d128022e092774e07dcced2ad06a1e79feb3c866dfd7674541109e745c897bc722d905c6e8e9bf0f8cd9b3f594dad7c9db4179cd00d71c856dd417e151b44589478ab7e39e47c822c5eb3ad80fdb2d95db0175e4909e7e968d8989d26efd868e680cb909f742114d35874f0286f8a89a000352bc2275d68cae18d59c1e37c31b6ba5627bd36cedc5846a4efd2475419b88faca3ea53f45c8d686bfcd2cbfd2b2632bca1e397b97d0c090f33f250446ea9a7cada8d660340c9c878102663a513c2ad8423724bd1417cf2573039f2161aad9e794c7c19727e65e71ac1e51ce1b8d5e21dee98f36940b74862a1608591cedd8d56b3018582181d8da81fc36a6aa73791f67d9720629bc86e207a4cc9b78435e74af7b9d31903acf6e645b657595ec3627ebb7c07f28539a1abfa134f2cbab7b9f6a95c5258ea1139f128f868ec7dd207f82659492417f0495a7105b1e28e735913d9029b85d6c7834005affe3575d100a7ab7d875e4f29912c5ebbdd05fb8712f59707ec9d4698e83d74ae77c14eb286e68d84f6eb9dbea41736f9f89108e4885aade28cff16ebef5d3e9c20b382ace4aa82ab054a48eb8264dce1824208a338a33e67ada446a1e10facff13f50ac528bcee9dd2e4728ad0de813e171fa6056775815f0ab94d9c0046d9f17695ffc46db56e6ff3fef7bcc0904e64a9f9582ae778c1857d811066a73c76a98aeb45d838f56289050bd4ce88edbded29977171206c6ae2aa0b4c5edf249c38122e7f33e3ab2381ec988e89f3192e54a8c0b3ff2c0ca4f25beef57f18f6a8352aa6ca19dbfced8f2025d8f942662130b710470340dad42043f0f0006b335959ddb231429608e974c461edf6452dc39e3c6ace0676d8445f2bd9d7f35b12099dfa01e9aec4097689c96b376fa0ae4d8c11e74c98bf35281701aad9925a9df8708ebda195b8380f7a99e2bfd8bea4facaf5f17facd7267d2b7b6c1d21a62528a21599089b07588ae27e3e044faf267aac747548de5b15ba3f224533fc8743a6f6e89c875315d39014a8baafe96e9284f329d42b4507346374b169e7d6bce1320d03e8c2615a634d4cf961ad470f0bf263a1dcc7531c1a0185d6a3ca3015cc33a822fece40e03c2576fa7cd8cfeb1a2ea12c9ff8eb68615f639833c4096755f223cba61d51a9a15f01391beb445ac8ca5e01dc098e5dc0d5114215d83edcedc2d258f77d91d9df8b4cc1cb50691845eecb09eaf05411779238fc17c7424e571c5c83eb5c870fa6acae746bf35a2b0ad0d44a8e50d91d3e56db0c4d1eb112857bf0e240c072d529e8640a02188fb976b0520db1990346c4f04bd4f314d13eadee8d3682e053f4a9ca7399fd9c067ad36e21cd1912bf34f8b10998b49e8dd455a6de307076bf3cab8d06d44f1c7235aa7f8167b201c8c879f4ae694b75ee8d8ae46dfd0651b76956da39275c18163cb4b0fef05d4260e2cfce4c77080f5a7f052dc6677938d6724984c697c57f06ff3e0846aad975e5a3f96322dbd018f854811527a4b4ccd9d96de5e43690cad93800a42fe038c22be9a565fb42144f443f0ebac9f849b38f6b206f1ef7ffaada649137ff01e4b380ad5352c6c2ce2dd9b179bc9f5c1cce0edcc68ca8f509600bbd3d68cd41ecf5ce62f68635e9543c7787b088622eeaa7c7f9c5e500f3fbf200a3c305208ef8235c4ce0cd6a5a6512bb0f8d7c71ab7d173bd72487e49a9af989e66c4b88e66e8415d6c6869643efb7a546209c73f72e68d6a25e9fc22e62251eb065dc796d3a6e27607ef152951344be82d3939819b7894498e3fca2d034e473393a5763ff09a75459bc18eba9d7f56342365ce5b4724d4edfa9b7df3ca57edfd996ff00152b0e85d208cef3ed6fc83b88f4fb6cdb0bf175ea5bd590cf4631443be9b9e5427f16dacb23fb052ff2f9d284c0d3389d9363a24a86cd8f0c98ea944b3cb346ed964c9f2450e2d33c5094fee545604d2b82df983ed2586621386536a6258b0192f72086dfd609bedff887cccadcda62d2381641e80b74ddb8708852208e1e108c3d54f7c16ad262668c2fbfe7bc7d0d3b576f1d5e97845823dd3efdb1eef101531182f8aa0a3d4199154be481876be266a11a31f797363fc86fd0368d5f8bd392c22ba98fda7a312a9d4f56cc73831991e205c37ab71edb8f1fcba1ffa1a7c0a7cc4b23e1a7b111ba04a78d74eb7c2f6f2348f0da1bc67aaea29092abe9945c33c4511e09f7ecd952667422e9fe8ff18ab4ce96bd4111aca33a053c24e711b6b175da6aa39b1c427ef7974c8d02b113575b653922b572ecc4fae1f0e58de1a1fc48d4b624389311e9d024243eb08e527d7d509fc488a5e593384c7cb1d5054b5a06424c999ec1d6e4c78fba8a8f3f607e5ea72afaaea3d19c105d4b1e38c8c0809c14e041d5501d7d4f1687ed755437c7b8702c12fc1debc8c835a5c094059e297a0184f3a892947f63c05f7f463c624fd746a9ce4483f3deead0081cda49bcfa5db6b0761344f54029e14461c3abd6dbf09426bb6451da3fa5c4c73f998c6db76919164fafc4a755715b08c4dce3a3c3eb09768acfff98974cbbd41780bdf72f5a9a3074612cdb53cfde57c0b3bae400d0a7a85db441598946d3634c4e73ef61b19ca3f355d196b6628f405a2a9e62e4688d68b6801b546cc94a35758119a1ac85a6a245446b7d9e3a29c5dfed6ac9adb4a2ad48b80f07d80c77eb354bf248ffbd29919397829cd7431a1e36158d084631b19856bc4f46670db6c1e323b4149c48f740c64683eba123cc8e9f2f3e54c4b321182eecec488deea6443731d4744152a1bf171cc19260387c1be56704d920f9ab4b1cb6f63a3b5abec67f7c224b7e30085116c5414086d63a026ee1c5d5840afcd57d3abbccae89c7acf82c9c7839e5a20b343c7d0300e8624c9df72327713b160822b6f42b85bb7b29b27ec9648ca5170ed856799a7aa033c977534572513344a4b4f30adb1213bc2f491e5d9af4f383f71a9f2c00746a1b1019dd1c65d32b90941b8feae437d4631419e40a94375ccbc7c91c5089774075bf741ad9e9b23c16c2b2cfa17df1d9026f1ea07e4f62d84805581b261e2fbdc2959d529f57c47a2b831092c05d7c222e6e12e04a14232274088094237f32a16cf51c42ccb7b5f0799e62574881da3cd77d9bcbf6cf304d878cfc3225f4219609bae12add4be2d2d3b07cf37ec85250cd47b5717b521b61d40eaa7210ec95cdbe8776d997dd4020a2deef76cdb65aa9ffb31ced0789c1cbfbe15f19a4217cc140f8ebeceb899b8af342225c0a5720d733a08931fc891640f61f6780da836fe49ed36cdccdf27a954b2ec6f8c523cc88aceb2f5224c1df74c64f84c1feb0e2360af80bb1db133b4b3275015ee70f33a8dad0cb94607819a27fdcea69d4ad118e0dc0aafb5a3c13ecd8902d2899ea16d951e474d8f8668936e0f1ac4da382f0dd61b7648550405c41894dd48f10ca01aa9876b4009881bf7daca5be8fda9e534844bc448c7ed7d963b057e1981a43cbd94c5338a5de5f682fdc23657c13759f3db446b961fc875cee26f23775fb1e2e504b5e2924c29e7be968c1158652e557f1891e9e6bbdf3becc30a76fe69feed91985e590a3c6b7cf18d8a0a4e674415929471cbaf5792d51cb652f468e0126467de6eed7d19ec7f9d447bdb26cb15ba0aa81026da4304d08c525da36d62bef42bb4fbb67423a25247d18c1ad8692072718e0aab64eb6fba15c36cb5a5bc46647fa0b498a9e827e0fe247f49ca63c902c13a923de95f47af6af418d3ffb791ba65d521c2032fab60cf8f159648570c7af16f5e37643dfbb8c94f61c63f2a5202da81bb45ebed97037cb45701d63b68d7fb2af5c05a0d1e04fe5815def92cf03d31f0eda67b61f04fba516fb0a3c11256c75c5cae569bc8bfc9b6421476c8336956d90029086401865ac0e4ebc0422ac3edcbc1d0c16b7bb039c1af6af2aa6d2c58593eef78886453f3fa3c8b5114cc66d9c1007ed440c0f7110395ea6dd455c3c1e725a99a499eabd99ef61c735396c35677bbe7f4247ac767f590b6874b1bcbc67bbdbfffd12d2bf9c07c0fa42ee957c46606624a16c7b815ef57f79613605e53493b0a2a72f6229607dc598c65e0c06f579fbbaba9b6cf2cb98dd63f18aad8891e24e4bc77e5483daab92980bb236d73879ba244523275426d6398cd82ccbf7943c9acab5afa11cc7058ca7a56d7d01a2aa15930e50572367a057c83bcc158b82776ee92cfc3a5b16b1e90ce1993a374b5fa04d5bfcfe067bf7b56810a87f4c315e6bfd005ab0bf9b7146fc66f50216677b638369f66aebe03a5d74d54933019556b20b7db58a1a60a53882e04ec6b0f070ab7a82636eb3b8fa3bfe5cc9e0d10feb1279d446223c7709d80bcb846b26758b97c1664d155f18e612bf20788ecfe4cf8287355969225926f3c60d2f8902cf04769b7c6ea65345ae0ce5417800f71109aafe2e1e3f802492cfa5d58da4e58e12ef127e58ea2e9c21ca197829d46d0ca3ff5e3c62cb6389a9d27f5f17e12d2d6283dd82a1e4bf967a6fa6a00339a60521241552ba387a56c710a861e278a282dbd84be8fe26af48dcaa08cd2aae2be9c552b0096722f7a8f0eff0726d646eb844993fcbb09fdaf2ea198e836ac0b122472b532fb1fb5a8c10256896a5c5c1151049d8fc1ce2b8bd00186d5406f4c74db98bc466f6b187820b2be873b94e9a0906971f8c7020953a7bade0ef6a400ec5ee2f7fdea828a6c891eb0885d2a7492f54a47f45fc35edac2ae473acbfe2c005373b3b309f55e43b3cfe5336d41233c822f5c87640c9cc63eae11c80377204c07b5d68106ab33bbf768652185e272099d8ab58007f18cc3d75d49204b2db9a132a6efa84ddf5932b6484799befe0cb35d993b2ecb5a4fa8f858dee71962843e539f93d24b3ace63e42133b2f5fdbae9e3cb900a99f66e0793e68cd18767788db19d8d02d2d01cceb7024e2aa3bea39d2b37d1d646dbea7bfd1eaab3b10c72ffe5c4b32363dfc353da40546ab70711db4ee13b09597410469220870f7971fe630a56125272beb99365414de3b93d006bd7460c91800ec4044139f7bd4a5dcbf128943bc80f619d65f18d80e509409963eead7bef425a0f79d4d8728da79e1524573a03ad4bdbffe645252a2738a05fcfc0a8d5b3bee2f8b0ba864e60b910f8fb61db71220d6660b865ba279f62dc72f50dc39b1001fd9f90c24b655f957027b54704bba55e6a68ba15609c27749ee63e0a5bb0d8d573669d4e98633f144b337d5256c4e51571e167dc6b1ede5d76ee455c12c4694044f370bb69d1908dda99d1e070f4112a360caa620fe8731a3a0a6a3d2954f1d8fa3ed245cee3be920366d2ddb7512f502b3ceb4f9a9016f7b40aa6149bc8662ed6f2bb303b9490d2711d414b910500f8d8c7739d6adc44ab782409cf96ca22587606c347d81dab5932ca4752051555fcad050f6dc3fb6a82a0f8174812fcf381fdcb0be806c7f906119e4fc1fd8aa0496ad3c2c1ca4841bd9ba7d84b1d6c2ffe0e45a0737bfe2d28eaa0ec42f14f7f6ac0830608913e3def861bfc8cfce9eccc3eefeb30b4c3faec60775bd64078184a03651ebd01f69d769c547a50bf3050151ee73515e263999a6a31047d6e681ba94badfa9ba81ad532a1149e043f5ac5e1bd351dcaa9631a0ee37120767aa531375e19a0a65553bf9b5984fb0ab0af076ecf9cb635f450da403c7bd40f9e17027e0e17a916970d8cd1d77b3ceda4c0d98ac9846728d9939478ac8730a72754a5136d6f9ca183dd3c62a68ae226df92c370a052a5d1e42ad3a79408715714a3e67904609f753aea9cc90df50e1502169b3a7c3c4e03c0a6f71295458f9afc5e88ed2bfa3373c34920c3add58cc2fcd42daed040725cd82a2c717fadb2f11bce5556854c8c8b95753a49b43cc38e940b00dd9b0c9a4854440b765e0644f474dd71e6975a6ff5bec18cb9d7b9aaabbcad88f31887aef4f3a8a66f634f58175f83fec3cca404295b35ae4b65b205ccc02976f34eba4d2c88f31d81578a853f9d47cded8f38ca1c704587e6a977c3f18d14f4000d584897b9edf34359c300de42cf5dcaf9e23974ae3513d1dbb04d07dd9de703c7c39788ed5df596c19adb3d5d3bbcaea42dbbda1334cc07807ff473dd101162c4594b967912395f2465a4ed9dd75bdefac56f77f744ca975570cef209e36ea5233920a4bb458e77c1c5d50602e00249f76108eb73bb5539c9e57afd9b3219b790a540483bfe6b4e8f9777c9d78334318eefb90cce202172c229d9ce4a2fa6159e82018d2f72545bf623f28f3dd3e18b8222c446f0d711e9a7f0307abd7bdd25816baf295ee9d3b277240bd42b6353b4fa71165fc89ba53e892a70fe9cd69ba38aeafddbed91fbd0bba04b66ccd756efeda65fa67c41c72de3830f42fb75bedefb9bbfa776d1a1ff6c303ae44cc99b2f318401ff9db43eccfafef31d72545eddbfb4c4fcc55f3479755913e7a4fb2c76bc08b1a1d8365f3babe0bdf119200ef313566d46dfa8fed33765224bd69bf37345757b7e6b0704dc5675a4a0171299436fac73114b8aceff339298c986ada5772cc0316fc1326cbc606b82919494520c2c5e14f09b77d89b56a509eb94cfbd81ef7c4c7314b720f6dd16938e000fa20f0a476e0fd701b6d0148187b0ccf0df72fc336dc1cba7b140386b019207d5bbd61a8f85bd4cf7c2c3547001ca915c9c93aab8dc109095424c606e4531170a3400433fa923ae5e3cea7bed7e5af9dd22beac22229ca2447700bbbcea76239cb09803a8fa647469cf904d5dd8463020ede265f038fb4b74b30d92b4562e0cf6047315ff4fabce4d4541177655e6c5a7281a75f1001c7c40e7c2181035c4faf057dcf4a70459cdcd6316aa97017a52a41f3243877e2ff922401dd62e9dfc115b727732dff8c122fbb7b5eb36986553d1b7be45481cfa6f0931d6231028dded48db5dada0d5388b732f83975ee7b9cc7df48d2ccbfb01c228cc8f77260f5b5161f6f0dacf70db9f9cb6ee5c7fb9a3232ef7e5b84144d398b444036fca83998c0b9b00f28c64b785d9bf14884fb441c0fbdaf8282868cbcf6973d619acc732c6106886242a0c5aa8cd40ed1a93f5a291694bdbe6ef2aaefde8e5fca5ef38fde0299c5e1709b3e4f69ac614775a1599bfaad7d3a0e494eda3b15e5e780a82eebc44e70ab5fa032998048990c825c2cb55335c93071c4873f4fb1b82c0c4a191e752a1a52ab4c6b985b37e6d8c5906fb65283fa925d9b5ba859ea23e1227c40c6eefffc4d5739a3d92155a6a4e49e6d35787bdd2430629b47a4f5367f7391f25955b1595972960b4fe194e30cb32a9f9c51589ae188f26d0f3
2 REG_BINARY 22f7e8702cfa5096ed8adaf926e547f2db46c5c87696ae6c009dbd715b04bee789d9387234989703414a5f67d08a1cb3f1346ca48547f32eb0baeeb6d3
7 REG_BINARY 3f10c388a674badd
8 REG_BINARY 1bd05cdfe2665f7624ce331f9fc18a66db3b8789cd2dd64737259f7969d00fba4bb30eca440f9bfc4a61fb459da5ceea0a8e
1 REG_BINARY 4fc41d31fe
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Activities
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Cache
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Connections
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Lockdown_Zones
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\P3P
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Passport
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\ZoneMap
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Zones
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
Error: Key: software\microsoft\internet explorer\search does not exist!
.
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_USERS\.default\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ S-X77KYUR7FRZNA
DefaultUserName REG_SZ Marteezy
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ c:\WINDOWS\system32e\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Marteezy
AltDefaultDomainName REG_SZ S-X77KYUR7FRZNA
EnableConcurrentSessions REG_DWORD 0 (0x0)
DomainName REG_BINARY 53002d005800370037004b005900550052003700460052005a004e0041000000
UserName REG_BINARY 4d00610072007400650065007a0079000000
Password REG_BINARY 6d006f00720065006e006f000000
LegalNotice Text REG_SZ
Taskman REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon
ParseAutoexec REG_SZ 1
ExcludeProfileDirs REG_SZ Local Settings;Temporary Internet Files;History;Temp
BuildNumber REG_DWORD 2600 (0xa28)
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
DebugOptions REG_SZ 2048
Documents REG_SZ
DosPrint REG_SZ no
NetMessage REG_SZ no
NullPort REG_SZ None
Programs REG_SZ com exe bat pif cmd
Run REG_SZ
Load REG_SZ
Device REG_SZ HP Officejet J5700 Series (Copy 2),winspool,Ne03:
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
urun: [Logitech Vid] "c:\Program Files\Logitech\Logitech Vide\vid.exe" -bootmode
urun: [Google Update] "c:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Updatee\GoogleUpdate.exe" /c
urun: [QuickTime Task] "c:\Program Files\QuickTimee\QTTask.exe" -atboottime
urun: [ctfmon.exe] c:\WINDOWS\system32e\ctfmon.exe
urun: [MSMSGS] "c:\Program Files\Messengere\msmsgs.exe" /background
urun: [SUPERAntiSpyware] c:\Program Files\SUPERAntiSpywaree\SUPERAntiSpyware.exe
mrun: [NvCplDaemon] RUNDLL32.EXE c:\WINDOWS\System32e\NvCpl.dll,NvStartup
mrun: [nwiz] nwiz.exe /install
mrun: [NvMediaCenter] RUNDLL32.EXE c:\WINDOWS\System32e\NvMcTray.dll,NvTaskbarInit
mrun: [HP Software Update] c:\Program Files\HP\HP Software Updatee\HPWuSchd2.exe
mrun: [SunJavaUpdateSched] "c:\Program Files\Common Files\Java\Java Updatee\jusched.exe"
mrun: [LogitechQuickCamRibbon] "c:\Program Files\Logitech\Logitech WebCam Softwaree\LWS.exe" /hide
mrun: [AVP] "c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\avp.exe"
mrun: [QuickTime Task] "c:\Program Files\QuickTimee\QTTask.exe" -atboottime
mrun: [iTunesHelper] "c:\Program Files\iTunese\iTunesHelper.exe"
mrun: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Readere\Reader_sl.exe"
mrun: [Adobe ARM] "c:\Program Files\Common Files\Adobe\ARM\1.0e\AdobeARM.exe"
mrun: [Ccubelu] rundll32.exe "c:\WINDOWSe\ojiyibewe.dll",Startup
c:\DOCUME~1\Marteezy\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files\LimeWiree\LimeWire.exe
c:\DOCUME~1\Marteezy\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office12e\ONENOTEM.EXE
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files\HP\Digital Imaging\bine\hpqtra08.exe
.
ie: SteelWerX Registry Console Tool 2.0
ie: Written by Bobbi Flekman 2006 ©
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\E&xport to Microsoft Excel
ie: <NO NAME> REG_SZ res://c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE/3000
ie: Contexts REG_DWORD 1 (0x1)
.
ie: {SteelWerX Registry Console Tool 2.0
ie: {Written by Bobbi Flekman 2006 ©
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}
ie: { KeyPath - REG_SZ Yes
ie: { ButtonText - REG_SZ Send to OneNote
ie: { MenuText - REG_SZ S&end to OneNote
ie: { ToolTip - REG_SZ Send to OneNote
ie: { Default Visible - REG_SZ Yes
ie: { HotIcon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\ONBttnIE.dll,103
ie: { Icon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\ONBttnIE.dll,103
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{4248FE82-7FCB-46AC-B270-339F08212110}
ie: { ButtonText - REG_SZ &Virtual keyboard
ie: { HotIcon - REG_SZ c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\kbrd.ico
ie: { Icon - REG_SZ c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\kbrd.ico
ie: { Default Visible - REG_SZ YES
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ie: { Icon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\REFBAR.ICO
ie: { HotIcon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\REFBARH.ICO
ie: { ButtonText - REG_SZ Research
ie: { Default Visible - REG_SZ Yes
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{CCF151D8-D089-449F-A5A4-D9909053F20F}
ie: { ButtonText - REG_SZ URLs c&heck
ie: { HotIcon - REG_SZ c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\logo.ico
ie: { Icon - REG_SZ c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\logo.ico
ie: { Default Visible - REG_SZ YES
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ie: { ButtonText - REG_SZ Messenger
ie: { Default Visible - REG_SZ Yes
ie: { Exec - REG_SZ c:\Program Files\Messengere\msmsgs.exe
ie: { HotIcon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,302
ie: { Icon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,301
ie: { MenuText - REG_SZ Windows Messenger
ie: { ToolTip - REG_SZ Windows Messenger
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { ClsidExtension - REG_SZ {48E73304-E1D6-4330-914C-F5F514E3486C} - {48e73304-e1d6-4330-914c-f5f514e3486c}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { ClsidExtension - REG_SZ {4248FE82-7FCB-46AC-B270-339F08212110} - {4248fe82-7fcb-46ac-b270-339f08212110}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - {e0dd6cab-2d10-11d2-8f1a-0000f87abd16}\inprocserver32 does not exist!
IE: { BandCLSID - REG_SZ {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - {ff059e31-cc5a-4e2e-bf3b-96e929d65503}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { ClsidExtension - REG_SZ {CCF151D8-D089-449F-A5A4-D9909053F20F} - {ccf151d8-d089-449f-a5a4-d9909053f20f}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
.

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes
<NO NAME> REG_SZ DirectAnimation Java Classes
SystemComponent REG_DWORD 1 (0x1)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes\Contains\Java
com.ms.dxmedia REG_SZ
com.ms.dxmedia.rawcom REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes\DownloadInformation
CODEBASE REG_SZ file://c:\WINDOWS\Java\classese\dajava.cab
OSD REG_SZ c:\WINDOWS\Downloaded Program Filese\DirectAnimation Java Classes.osd
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes\InstalledVersion
<NO NAME> REG_SZ 5,1,15,1014
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java
<NO NAME> REG_SZ Microsoft XML Parser for Java
SystemComponent REG_DWORD 1 (0x1)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java\Contains\Java
com.ms.xml.dso REG_SZ
com.ms.xml.om REG_SZ
com.ms.xml.parser REG_SZ
com.ms.xml.util REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java\DownloadInformation
CODEBASE REG_SZ file://c:\WINDOWS\Java\classese\xmldso.cab
OSD REG_SZ c:\WINDOWS\Downloaded Program Filese\Microsoft XML Parser for Java.osd
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java\InstalledVersion
<NO NAME> REG_SZ 1,0,9,2
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\Contains\Files
c:\WINDOWS\system32e\LegitCheckControl.DLL REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation
CODEBASE REG_SZ http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\LegitCheckControl.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\InstalledVersion
<NO NAME> REG_SZ 1,9,42,0
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\Contains\Files
c:\WINDOWS\System32e\wuweb.dll REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\DownloadInformation
CODEBASE REG_SZ http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265529029687
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\wuweb.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\InstalledVersion
<NO NAME> REG_SZ 7,4,7600,226
LastModified REG_SZ Fri, 07 Aug 2009 03:58:59 GMT
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.18
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.18
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.18
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Contains\Files
c:\WINDOWS\Downloaded Program Files\CONFLICT.1e\FP_AX_CAB_INSTALLER.exe REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation
CODEBASE REG_SZ http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Files\CONFLICT.1e\swflash.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InstalledVersion
<NO NAME> REG_SZ 10,1,53,64
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
Error: Value: "NameServer" does not exist!
.
.
SteelWerX Registry Console Tool 2.0
.
HKEY_CLASSES_ROOT\clsid\{5ae067d3-9afb-48e0-853a-ebb7f4a000da}
AppID REG_SZ {C615554D-7B87-4275-84FF-8E0BA2AD071B}
.
<NO NAME> REG_SZ c:\Program Files\SUPERAntiSpywaree\SASSEH.DLL
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\clsid\{5ae067d3-9afb-48e0-853a-ebb7f4a000da}\ProgID
<NO NAME> REG_SZ ShellExecuteHook.SABShellExecuteHook.1
HKEY_CLASSES_ROOT\clsid\{5ae067d3-9afb-48e0-853a-ebb7f4a000da}\Programmable
.
<NO NAME> REG_SZ {D01E70E5-2E5A-4EDC-B8A7-84FA45346E34}
.
<NO NAME> REG_SZ ShellExecuteHook.SABShellExecuteHook
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
d; /.* /!d; s//securityproviders: /
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Authentication Packages REG_MULTI_SZ msv1_0
Bounds REG_BINARY 0030000000200000
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest
LsaPid REG_DWORD 1364 (0x554)
SecureBoot REG_DWORD 1 (0x1)
auditbaseobjects REG_DWORD 0 (0x0)
crashonauditfail REG_DWORD 0 (0x0)
disabledomaincreds REG_DWORD 0 (0x0)
everyoneincludesanonymous REG_DWORD 0 (0x0)
fipsalgorithmpolicy REG_DWORD 0 (0x0)
forceguest REG_DWORD 1 (0x1)
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0 (0x0)
lmcompatibilitylevel REG_DWORD 0 (0x0)
nodefaultadminowner REG_DWORD 1 (0x1)
nolmhash REG_DWORD 0 (0x0)
restrictanonymous REG_DWORD 0 (0x0)
restrictanonymoussam REG_DWORD 1 (0x1)
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Notification Packages REG_MULTI_SZ scecli
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 1 (0x1)
enabledcom REG_SZ y
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems
windows REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
127.0.0.1 localhost
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\WINDOWS\system32\driverse\klbg.sys [2010-11-23 36880]
R1 kl1;Kl1;c:\WINDOWS\system32\driverse\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\WINDOWS\system32\driverse\klif.sys [2010-11-23 315408]
R1 SASDIFSV;SASDIFSV;c:\Program Files\SUPERAntiSpywaree\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\Program Files\SUPERAntiSpywaree\SASKUTIL.SYS [2010-5-10 67656]
R2 AVP;Kaspersky Anti-Virus;c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010e\avp.exe [2009-10-20 340456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\WINDOWS\system32\driverse\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\WINDOWS\system32\driverse\klmouflt.sys [2009-10-2 19472]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\WINDOWS\system32\driverse\lne100v5.sys [2010-2-5 36224]
.
=============== File Associations ===============
.
acrobat="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" /u "%1"
AcroExch.acrobatsecuritysettings.1="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.Document="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.Document.7="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.FDFDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.pdfxml.1="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.RMFFile="c:\Program Files\Adobe\Acrobat 5.0\Readere\AcroRd32.exe" "%1"
AcroExch.XDPDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.XFDFDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
acwfile=%SystemRoot%\system32\accwiz.exe %1
Adobe.SVGCtl="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
AIFFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
Application.Manifest=rundll32.exe dfshim.dll,ShOpenVerbApplication %1
Application.Reference=rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
ASFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
ASXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AUFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AVIFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:8 /Open "%L"
avsfile=notepad.exe "%1"
avs_auto_file=notepad.exe "%1"
!d
Briefcase=explorer.exe %1
callto=rundll32.exe msconf.dll,CallToProtocolHandler %l
CATFile=rundll32.exe cryptext.dll,CryptExtOpenCAT %1
cdafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
CERFile=rundll32.exe cryptext.dll,CryptExtOpenCER %1
CertificateStoreFile=rundll32.exe cryptext.dll,CryptExtOpenSTR %1
certificate_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /certificate %1
cfxxefile="%1" %*
!d
ChromeHTML="c:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Applicatione\chrome.exe" -- "%1"
ChromeHTML.cool kid="c:\Documents and Settings\cool kid\Local Settings\Application Data\Google\Chrome\Applicatione\chrome.exe" -- "%1"
ChromeHTML.Marteezy="c:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Applicatione\chrome.exe" -- "%1"
clpfile=clipbrd.exe %1
!d
!d
CompressedFolder=rundll32.exe zipfldr.dll,RouteTheCall %L
ConferenceLink=rundll32.exe msconf.dll,OpenConfLink %l
Connection Manager Profile=c:\WINDOWS\System32e\CMMGR32.EXE "%1"
CRLFile=rundll32.exe cryptext.dll,CryptExtOpenCRL %1
daap=c:\Program Files\iTunese\iTunes.exe /url "%1"
DocShortcut=rundll32 %SystemRoot%\System32\shscrap.dll,OpenScrap_RunDLL /r /x %1
dqyfile=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE
dunfile=%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1
DVDFlick="c:\Program Files\DVD Flicke\dvdflick.exe" -load "%1"
emffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
Excel.Addin="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.AddInMacroEnabled="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Backup="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Chart=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE /e
Excel.CSV="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Macrosheet="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.OpenDocumentSpreadsheet.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Sheet.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Sheet.8="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SheetBinaryMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SheetMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SLK="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Template="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Template.8="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.TemplateMacroEnabled="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Workspace="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.XLL="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excelhtmlfile="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE"
Excelhtmltemplate="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE"
!d
FirefoxHTML="c:\Program Files\Mozilla Firefoxe\firefox.exe" -requestPending -osint -url "%1"
FirefoxURL="c:\Program Files\Mozilla Firefoxe\firefox.exe" -requestPending -osint -url "%1"
fndfile=%SystemRoot%\Explorer.exe
Folder=%SystemRoot%\Explorer.exe /idlist,%I,%L
fonfile=%SystemRoot%\System32\fontview.exe %1
ftp="c:\Program Files\Internet Explorere\IEXPLORE.EXE" %1
giffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
gopher="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
h323file="rundll32.exe" msconf.dll,NewMediaPhone %l
HCP=%SystemRoot%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -FromHCP -url "%1"
helpfile=winhlp32.exe %1
hlpfile=%SystemRoot%\System32\winhlp32.exe %1
htafile=c:\WINDOWS\system32e\mshta.exe "%1" %*
htfile="c:\Program Files\Windows NTe\HYPERTRM.EXE" %1
htmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
HTTP="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
https="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
iiifile="rundll32.exe" msconf.dll,NewMediaPhone %l
!d
!d
InternetShortcut="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\ieframe.dll",OpenURL %l
InterTrustSPOP="c:\Program Files\Internet Explorere\iexplore.exe" -nohome %1
iqyfile=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE /e
itls=c:\Program Files\iTunese\iTunes.exe /url "%1"
itms=c:\Program Files\iTunese\iTunes.exe /url "%1"
itmss=c:\Program Files\iTunese\iTunes.exe /url "%1"
itpc=c:\Program Files\iTunese\iTunes.exe /url "%1"
ITS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
iTunes=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.aa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aax="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aif="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aifc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aiff="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.AssocProtocol.itls=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.cda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.cdda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipsw="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itdb="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ite="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itl="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itlp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itms="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itpc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u8="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4a="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4b="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4p="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4r="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4v="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mov="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp2="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp3="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpeg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pcast="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.rmp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wav="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wave="c:\Program Files\iTunese\iTunes.exe" /open "%L"
jarfile="c:\Program Files\Java\jre6\bine\javaw.exe" -jar "%1" %*
JNLPFile="c:\Program Files\Java\jre6\bine\javaws.exe" "%1"
jpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
LDAP="c:\Program Files\Outlook Expresse\wab.exe" /ldap:%1
Logitech.VideoEffectPackageHandler=c:\PROGRA~1\COMMON~1\Logishrd\LQCVFXe\MODELF~1.EXE "%1"
m3ufile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
MacromediaFlashPaper.MacromediaFlashPaper="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome "%1"
mailto="%ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%1
MediaPackageFile="c:\Program Files\Microsoft Office\Office12e\MSTORE.EXE" "%1"
mhtmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
Microsoft Internet Mail Message="%ProgramFiles%\Outlook Express\msimn.exe" /eml:%1
Microsoft Internet News Message="%ProgramFiles%\Outlook Express\msimn.exe" /nws:%1
Microsoft.InformationCard=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
Microsoft.WindowsCardSpaceBackup=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
MIDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
MMS="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMST="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMSU="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
mp3file="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
mpegfile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:9 /Open "%L"
MPlayer=mplay32.exe /play /close "%L"
msbackupfile=%SystemRoot%\system32\ntbackup.exe
MSBD="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MSCFile=%SystemRoot%\system32\mmc.exe "%1" %*
MSDASC=Rundll32.exe c:\PROGRA~1\COMMON~1\System\OLEDB~1e\oledb32.dll,OpenDSLFile %1
Msi.Package="%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Patch="%SystemRoot%\System32\msiexec.exe" /p "%1" %*
MSInfo.Document=c:\Program Files\Common Files\Microsoft Shared\MSInfoe\MSInfo32.exe /msinfo_file %1
MSProgramGroup=c:\WINDOWS\system32e\grpconv.exe %1
MsRcIncident=%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"
msstylesfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"
news="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:%1
nntp="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:%1
nView.Profile=rundll32.exe nview.dll,nViewCmd loadprofile shell "%1"
OfficeTheme.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
OneNote=c:\PROGRA~1\MICROS~2\Office12e\ONENOTE.EXE /hyperlink "%1"
OneNote.Package="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" "%1"
OneNote.Section.1="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" "%1"
OneNote.TableOfContents="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" /navigate "%1"
OneNote.TableOfContents.12="c:\Program Files\Microsoft Office\Office12e\ONENOTE.EXE" /navigate "%1"
otffile=%SystemRoot%\System32\fontview.exe %1
P7RFile=rundll32.exe cryptext.dll,CryptExtOpenP7R %1
P7SFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
Paint.Picture=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pbkfile=%SystemRoot%\system32\rasphone.exe -f "%1"
pcast=c:\Program Files\iTunese\iTunes.exe /url "%1"
PDXFileType="c:\Program Files\Adobe\Acrobat 5.0\Readere\AcroRd32.exe" "%1"
PerfFile=%SystemRoot%\system32\perfmon.exe %1
pfmfile=%SystemRoot%\System32\fontview.exe %1
!d
pjpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pngfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
PowerPoint.Addin.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Addin.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.OpenDocumentPresentation.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Show.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Show.4=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Show.7=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Show.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.ShowMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Slide.12=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.4=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.7=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.8=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.SlideMacroEnabled.12=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.SlideShow.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShow.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShowMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.Template.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Template.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.TemplateMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Wizard.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
powerpointhtmlfile="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
powerpointhtmltemplate="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
powerpointxmlfile="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
ppifile=%SystemRoot%\System32\msppcnfg.exe /Config %1
prffile="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\msrating.dll",ClickedOnPRF %1
Publishing Folder=explorer.exe /idlist,%I,%L
QuickTime.3g2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gpp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aac=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.ac3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.adts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aifc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aiff=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.amc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.AMR=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.au=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.avi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.bmp=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.bwf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.caf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cdda=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cel=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dib=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.dif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.flc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.fli=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gsm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.jp2=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpe=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpeg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.kar=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m15=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1s=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3u=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3url=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4b=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4p=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m75=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mac=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.mid=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.midi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mov=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp4=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpeg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mqv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.pct=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pic=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pict=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.png=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pnt=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pntg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.psd=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qcp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qht=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qhtm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qt=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qti=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtl=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.rgb=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.rts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.rtsp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sd2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sgi=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.smf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smil=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sml=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.snd=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.swa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.targa=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tga=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tiff=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.ulw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.vfw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.wav=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
rar_auto_file="c:\Program Files\iTunese\iTunes.exe" /open "%L"
ratfile="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\msrating.dll",ClickedOnRAT %1
!d
!d
rlogin="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
rtffile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
SavedDsQuery=rundll32 %SystemRoot%\System32\dsquery.dll,OpenSavedDsQuery %1
!d
scriptletfile="c:\WINDOWSe\NOTEPAD.EXE" "%1"
SHCmdFile=explorer.exe
Shell=%SystemRoot%\Explorer.exe /idlist,%I,%L
ShellScrap=rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
snews="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:%1
SoundRec="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
SPCFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
STLFile=rundll32.exe cryptext.dll,CryptExtOpenCTL %1
T126_Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" - "%1"
telnet=rundll32.exe url.dll,TelnetProtocolHandler %l
themefile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"
TIFImage.Document=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
tn3270="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
ttcfile=%SystemRoot%\System32\fontview.exe %1
ttffile=%SystemRoot%\System32\fontview.exe %1
!d
ulsfile="rundll32.exe" msconf.dll,NewMediaPhone %l
vcard_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /vcard %1
VisioViewer.Viewer="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" %1
WAXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
webpnpFile=%SystemRoot%\system32\wpnpinst.exe %1
Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" "%1"
Windows.CompositeFont="%WinDir%\System32\notepad.exe" "%1"
Windows.Movie.Maker=c:\Program Files\Movie Makere\moviemk.exe "%1"
Windows.XamlDocument="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
Windows.Xbap="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
WinRAR="c:\Program Files\WinRARe\WinRAR.exe" "%1"
WinRAR.REV="c:\Program Files\WinRARe\WinRAR.exe" "%1"
WinRAR.ZIP="c:\Program Files\WinRARe\WinRAR.exe" "%1"
wmafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:5 /Open "%L"
WMDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /WMPackage:"%L"
wmffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
WMP.DVR-MSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
WMSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
WMVFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
WMZFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
Word.Backup.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Document.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Document.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.DocumentMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.OpenDocumentText.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.RTF.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Template.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Template.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.TemplateMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
wordhtmlfile="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE"
wordhtmltemplate="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE"
Wordpad.Document.1="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
WPLFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
wrifile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
WVXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
x-internet-signup=%ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE %1
XEV.FailSafeApp=%SystemRoot%\system32\NOTEPAD.EXE %1
XEV.GenericApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
XEV.OriginalApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
xmlfile="c:\Program Files\Common Files\Microsoft Shared\OFFICE12e\MSOXMLED.EXE" /verb open "%1"
XPSViewer.Document.1="c:\WINDOWS\system32\XPSViewere\XPSViewer.exe" "%1" %*
xslfile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
zapfile=%SystemRoot%\system32\NOTEPAD.EXE %1
.bat
.cmd
.com
.exe
.scr
.reg
.txt
.
=============== Created Last 30 ================
.
2011-02-06 20:34:03 -------- d-----w- c:\DOCUME~1\ALLUSE~1\APPLIC~1e\hIoIcJe09000
.
==================== Find3M ====================
.
2011-03-01 22:07:48 118784 --sha-r- c:\WINDOWS\system32e\rcimlbye.dll
.
============= FINISH: 20:29:37.57 ===============

Edited by Orange Blossom, 08 March 2011 - 06:02 PM.
Removed excess spaces. ~ OB


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:39 AM

Posted 13 March 2011 - 07:03 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 wukillalogic

wukillalogic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 14 March 2011 - 12:58 AM

Here is the OTL.txt log

OTL logfile created on: 3/13/2011 10:46:13 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Marteezy\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 391.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.72 Gb Total Space | 48.13 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

Computer Name: S-X77KYUR7FRZNA | User Name: Marteezy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 22:45:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marteezy\My Documents\Downloads\OTL (1).exe
PRC - [2011/03/10 23:50:03 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Marteezy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/02/18 12:05:46 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/20 21:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/03/24 13:40:52 | 000,237,665 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/13 22:45:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marteezy\My Documents\Downloads\OTL (1).exe
MOD - [2004/08/04 01:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WZCSVC)
SRV - File not found [Auto | Running] -- -- (Themes)
SRV - File not found [Auto | Running] -- -- (ShellHWDetection)
SRV - File not found [Disabled | Stopped] -- -- (RemoteAccess)
SRV - File not found [On_Demand | Running] -- -- (Netman)
SRV - File not found [Auto | Running] -- -- (lanmanworkstation)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [Auto | Running] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [Disabled | Stopped] -- -- (Alerter)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2009/10/20 21:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/03/24 13:40:52 | 000,237,665 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/11/23 21:59:11 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/14 22:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/07 01:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 01:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/02 20:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 15:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 16:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/03/24 13:40:52 | 001,392,498 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/09/20 19:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 19:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/05/14 23:03:24 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2003/10/15 17:52:00 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2002/08/28 23:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/10/24 17:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682003330-436374069-2147331303-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-682003330-436374069-2147331303-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-682003330-436374069-2147331303-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 38 10 A9 48 CB CB 01 [binary data]
IE - HKU\S-1-5-21-682003330-436374069-2147331303-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682003330-436374069-2147331303-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-682003330-436374069-2147331303-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-682003330-436374069-2147331303-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-682003330-436374069-2147331303-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 20 CD FE BA C1 CB 01 [binary data]
IE - HKU\S-1-5-21-682003330-436374069-2147331303-1005\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-682003330-436374069-2147331303-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-436374069-2147331303-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BC37D546-39CC-4AC8-B129-D427CC8A5FDE}: C:\Documents and Settings\Marteezy\Local Settings\Application Data\{BC37D546-39CC-4AC8-B129-D427CC8A5FDE} [2011/03/01 15:08:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/07 22:08:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/31 20:13:22 | 000,000,000 | ---D | M]

[2010/04/13 15:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marteezy\Application Data\Mozilla\Extensions
[2010/04/13 15:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marteezy\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/03 19:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marteezy\Application Data\Mozilla\Firefox\Profiles\9gp02cse.default\extensions
[2010/04/15 21:40:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marteezy\Application Data\Mozilla\Firefox\Profiles\9gp02cse.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/03 19:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/24 17:44:28 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2010/12/18 04:12:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKU\S-1-5-21-682003330-436374069-2147331303-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Ccubelu] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-682003330-436374069-2147331303-1003..\Run: [Ccubelu] File not found
O4 - HKU\S-1-5-21-682003330-436374069-2147331303-1005..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-682003330-436374069-2147331303-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\cool kid\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Marteezy\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-436374069-2147331303-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-436374069-2147331303-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-436374069-2147331303-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-436374069-2147331303-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-436374069-2147331303-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-436374069-2147331303-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-682003330-436374069-2147331303-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-682003330-436374069-2147331303-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-682003330-436374069-2147331303-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265529029687 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Marteezy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marteezy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/02 21:59:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - File not found
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: 6to4 - File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Netman - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Remoteaccess - File not found
NetSvcs: Themes - File not found
NetSvcs: WZCSVC - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: ShellHWDetection - File not found
NetSvcs: helpsvc - File not found
NetSvcs: SSHNAS - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/08 00:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/03 19:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/03 13:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marteezy\Application Data\SUPERAntiSpyware.com
[2011/03/03 13:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/03 13:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/03/03 13:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/03 13:38:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/03/01 15:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marteezy\Local Settings\Application Data\{BC37D546-39CC-4AC8-B129-D427CC8A5FDE}
[2011/02/28 22:39:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/02/19 17:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\47f375

========== Files - Modified Within 30 Days ==========

[2011/03/13 22:40:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/13 22:39:16 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-436374069-2147331303-1005UA.job
[2011/03/13 22:30:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-436374069-2147331303-1004UA.job
[2011/03/13 22:27:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-436374069-2147331303-1006UA.job
[2011/03/13 19:57:12 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 19:57:12 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/13 19:52:28 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\tasks\vplj.job
[2011/03/13 19:52:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/13 00:30:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-436374069-2147331303-1004Core.job
[2011/03/12 18:27:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-436374069-2147331303-1006Core.job
[2011/03/12 18:24:43 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Marteezy.job
[2011/03/11 15:39:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-436374069-2147331303-1005Core.job
[2011/03/11 14:40:58 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Marteezy\Desktop\Google Chrome.lnk
[2011/03/11 14:40:58 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Marteezy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/08 00:17:42 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/07 23:54:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/06 21:25:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Marteezy\defogger_reenable
[2011/03/03 23:23:14 | 000,002,823 | ---- | M] () -- C:\Documents and Settings\Marteezy\Desktop\HiJackThis.lnk
[2011/03/03 13:50:52 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/01 15:08:18 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Djevisohuni.dat
[2011/03/01 15:08:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Cyuyabucuyaja.bin
[2011/03/01 15:07:48 | 000,118,784 | RHS- | M] () -- C:\WINDOWS\System32\rcimlbye.dll
[2011/02/21 15:05:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/18 00:08:02 | 000,343,987 | ---- | M] () -- C:\Documents and Settings\Marteezy\My Documents\houses.jpg

========== Files Created - No Company Name ==========

[2011/03/08 00:17:42 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/06 21:25:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marteezy\defogger_reenable
[2011/03/03 13:50:52 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/01 15:08:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cyuyabucuyaja.bin
[2011/03/01 15:07:51 | 000,000,318 | -HS- | C] () -- C:\WINDOWS\tasks\vplj.job
[2011/03/01 15:07:48 | 000,118,784 | RHS- | C] () -- C:\WINDOWS\System32\rcimlbye.dll
[2011/02/18 00:08:20 | 000,343,987 | ---- | C] () -- C:\Documents and Settings\Marteezy\My Documents\houses.jpg
[2010/12/18 03:58:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/18 03:58:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/18 03:58:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/18 03:58:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/18 03:58:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/23 22:07:12 | 000,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/11/23 22:07:12 | 000,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/11/07 01:00:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Djevisohuni.dat
[2010/07/09 16:48:12 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/09 16:48:11 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/09 16:48:07 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/09 16:48:07 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/09 16:48:07 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/07 22:34:40 | 000,200,704 | R--- | C] () -- C:\WINDOWS\sel3110.exe
[2010/07/07 22:34:40 | 000,040,960 | R--- | C] () -- C:\WINDOWS\CleanDev.exe
[2010/07/07 22:34:39 | 000,032,528 | R--- | C] () -- C:\WINDOWS\amcap.exe
[2010/07/02 01:43:40 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/28 23:41:12 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Marteezy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 20:22:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/21 14:35:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/15 21:15:35 | 000,135,150 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/02/07 00:21:19 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/02/02 22:02:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/02 21:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/02 13:50:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/02 13:48:52 | 000,153,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/09 20:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2007/10/04 17:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 17:14:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/04 17:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 17:14:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/04 17:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 17:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 17:14:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/04 17:14:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/04 17:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/08 03:43:03 | 000,010,335 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2007/02/27 19:19:55 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/08/29 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 05:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 05:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/08/29 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2002/08/29 05:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2002/08/29 05:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

< End of report >

#5 wukillalogic

wukillalogic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 14 March 2011 - 01:04 AM

I cannot find the Extra.txt log.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:39 AM

Posted 14 March 2011 - 09:06 AM

Hi,

please run a scan with Rootkit Unhooker next:
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 wukillalogic

wukillalogic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 14 March 2011 - 03:35 PM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xF6286000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 6856704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 163.75 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5783552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 163.75 )
0xF1473000 C:\WINDOWS\system32\drivers\kl1.sys 5373952 bytes (Kaspersky Lab, Kaspersky Unified Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF1AC8000 C:\WINDOWS\system32\drivers\sthda.sys 1335296 bytes (IDT, Inc., IDT PC Audio - SHANGHAI DEVELOPMENT CENTER)
0xF6910000 C:\WINDOWS\System32\DRIVERS\NVNRM.SYS 888832 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xF72F5000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF1244000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF13DE000 C:\WINDOWS\system32\DRIVERS\rt73.sys 446464 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)
0xF1373000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBA652000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF19B3000 C:\WINDOWS\system32\DRIVERS\klif.sys 331776 bytes (Kaspersky Lab, Klif Mini-Filter [fre_wnet_x86])
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBA06D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF61E5000 C:\WINDOWS\System32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF6219000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7438000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBA749000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72C8000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF12DB000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8B09000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF134B000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF73E2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF69E9000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF1AA4000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8CED000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6A0E000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6A31000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF1329000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBA540000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 139264 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xF1307000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF1223000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73AB000 fltmgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7408000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF72AD000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73CA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7382000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF625B000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBA7EB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6A54000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6272000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF13CB000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7399000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7427000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF624A000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF016C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76A7000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7687000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7657000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76B7000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF1A24000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7627000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7637000 C:\WINDOWS\System32\DRIVERS\NVENETFD.sys 57344 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xF74D7000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7487000 klbg.sys 53248 bytes (Kaspersky Lab, Kaspersky Lab Boot Guard Driver)
0xF76F7000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74B7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7597000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7697000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74A7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7507000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\klim5.sys 40960 bytes (Kaspersky Lab, Kaspersky Lab Intermediate Network Driver)
0xF7617000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76D7000 C:\WINDOWS\System32\DRIVERS\nvnetbus.sys 40960 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xF7527000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74C7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF5E0E000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF1F3E000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7677000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7497000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF1F2E000 C:\WINDOWS\system32\DRIVERS\klmouflt.sys 36864 bytes (Kaspersky Lab, KLMOUFLT Mouse Device Filter [fre_wnet_x86])
0xF76C7000 C:\WINDOWS\System32\DRIVERS\LNE100V5.sys 36864 bytes (LinkSys Group Inc., Linksys LNE100TX(v5) Fast Ethernet Adapter NDIS5 Driver)
0xF7517000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF5E2E000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB8EC4000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF5DFE000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF3490000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF1D3C000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77C7000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF34A8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77D7000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7807000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF3470000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xEED8D000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF34A0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77B7000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xEFC0C000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xF3498000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77F7000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77E7000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77CF000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xEF989000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF3526000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7943000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF795B000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF71AE000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF00CA000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF1457000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF353A000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF791B000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF3542000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7917000 C:\WINDOWS\System32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7993000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7991000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7995000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79A3000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7997000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79E3000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A2B000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AEF000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF1145000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A76000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8545CAF1 ?_empty_? 1295 bytes
0x8545CECC unknown_irp_handler 308 bytes
!!!!!!!!!!!Hidden driver: 0x85458810 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF73CA000 WARNING: suspicious driver modification [atapi.sys::0x8545CAF1]

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:39 AM

Posted 17 March 2011 - 07:53 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:39 AM

Posted 03 April 2011 - 07:36 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users