Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Searches Redirected in IE, Google Chrome.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Bahamut47

Bahamut47

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 29 March 2011 - 07:07 PM

Search results in Google Chrome and Internet Explorer are redirected to other websites, Mevio is the most common website. I have used Google.com and yahoo.com to search, both website results are redirected. Search results done in safari do not seem to be redirected. Thank you for your help!


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Staff at 16:18:07.57 on Tue 03/29/2011
internet explorer: 8.0.6001.18702
browserjavaversion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.905 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Drop Box\dds.scr
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Drop Box\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
NoUpdateCheck REG_DWORD 1 (0x1)
NoJITSetup REG_DWORD 1 (0x1)
Disable Script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ Http://www.google.com
Use_DlgBox_Colors REG_SZ yes
XMLHTTP REG_DWORD 1 (0x1)
UseClearType REG_SZ yes
AlwaysShowMenus REG_DWORD 1 (0x1)
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0 (0x0)
FullScreen REG_SZ no
SearchMigrated REG_DWORD 1 (0x1)
Window_Placement REG_BINARY 2c0000000200000003000000ffffffffffffffffffffffffffffffff00000000000000002003000036020000
Use FormSuggest REG_SZ no
NotifyDownloadComplete REG_SZ no
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
IE8RunOnceLastShown REG_DWORD 1 (0x1)
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 46e60c9ca860ca01
IE8TourShown REG_DWORD 1 (0x1)
IE8TourShownTime REG_BINARY 069404832920ca01
IE8RunOncePerInstallCompleted REG_DWORD 1 (0x1)
IE8RunOnceCompletionTime REG_BINARY be0256cda860ca01
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\Default Feeds
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\FeatureControl
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\WindowsSearch
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0a000000
Delete_Temp_Files_On_Exit REG_SZ yes
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1a000000
Placeholder_Height REG_BINARY 1a000000
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\ErrorThresholds
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\FeatureControl
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\UrlTemplate
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0 (0x0)
MigrateProxy REG_DWORD 1 (0x1)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 1 (0x1)
PrivacyAdvanced REG_DWORD 0 (0x0)
EnableNegotiate REG_DWORD 1 (0x1)
ProxyEnable REG_DWORD 0 (0x0)
UrlEncoding REG_DWORD 0 (0x0)
SecureProtocols REG_DWORD 40 (0x28)
PrivDiscUiShown REG_DWORD 1 (0x1)
ZonesSecurityUpgradeDone REG_DWORD 1 (0x1)
DisableCachingOfSSLPages REG_DWORD 0 (0x0)
WarnonZoneCrossing REG_DWORD 0 (0x0)
CertificateRevocation REG_DWORD 1 (0x1)
GlobalUserOffline REG_DWORD 0 (0x0)
EnableAutodial REG_BINARY 00000000
ZonesSecurityUpgrade REG_BINARY c66bcbb1bff2c901
MaxConnectionsPerServer REG_DWORD 10 (0xa)
MaxConnectionsPer1_0Server REG_DWORD 10 (0xa)
ProxyOverride REG_SZ *.local
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Activities
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Cache
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Connections
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Lockdown_Zones
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\P3P
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Passport
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\TemplatePolicies
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\ZoneMap
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Zones
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
Error: Key: software\microsoft\internet explorer\search does not exist!
.
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
Error: Key: software\microsoft\internet explorer\urlsearchhooks does not exist!URLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
Error: Key: .default\software\microsoft\internet explorer\urlsearchhooks does not exist!URLSearchHooks: H - No File
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ Staff
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ c:\WINDOWS\system32e\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ Staff
AltDefaultDomainName REG_SZ DOCTOR
AutoAdminLogon REG_SZ 0
DefaultDomainName REG_SZ DOCTOR
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
Taskman REG_SZ
SfcDisabled REG_DWORD 0 (0x0)
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon
ParseAutoexec REG_SZ 1
ExcludeProfileDirs REG_SZ Local Settings;Temporary Internet Files;History;Temp
BuildNumber REG_DWORD 2600 (0xa28)
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
DebugOptions REG_SZ 2048
Documents REG_SZ
DosPrint REG_SZ no
load REG_SZ
NetMessage REG_SZ no
NullPort REG_SZ None
Programs REG_SZ com exe bat pif cmd
Run REG_SZ
Device REG_SZ \\OFFICE\Brother MFC-7340 Printer,winspool,Ne04:
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
urun: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Statice\CLIStart.exe
urun: [LightScribe Control Panel] c:\Program Files\Common Files\LightScribee\LightScribeControlPanel.exe -hidden
urun: [ctfmon.exe] c:\WINDOWS\system32e\ctfmon.exe
urun: [SUPERAntiSpyware] c:\Program Files\SUPERAntiSpywaree\SUPERAntiSpyware.exe
mrun: [MsmqIntCert] regsvr32 /s mqrt.dll
mrun: [SoundMAX] c:\Program Files\Analog Devices\SoundMAXe\Smax4.exe /tray
mrun: [SynTPEnh] c:\Program Files\Synaptics\SynTPe\SynTPEnh.exe
mrun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mrun: [Windows Defender] "c:\Program Files\Windows Defendere\MSASCui.exe" -hide
mrun: [SoundMAXPnP] c:\Program Files\Analog Devices\Coree\smax4pnp.exe
mrun: [HP Software Update] c:\Program Files\Hp\HP Software Updatee\HPWuSchd2.exe
mrun: [Scheduler] c:\WINDOWS\SMINSTe\Scheduler.exe
mrun: [IntelliPoint] "c:\Program Files\Microsoft IntelliPointe\ipoint.exe"
mrun: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bine\ASTSVCC.dll,RegisterModule
mrun: [PDF Complete] "c:\Program Files\PDF Completee\pdfsty.exe"
mrun: [MSC] "c:\Program Files\Microsoft Security Cliente\msseces.exe" -hide -runkey
mrun: [SunJavaUpdateSched] "c:\Program Files\Common Files\Java\Java Updatee\jusched.exe"
mrun: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Readere\Reader_sl.exe"
mrun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mrun: [Tyizoqibuz] rundll32.exe "c:\WINDOWSe\efonubesida.dll",Startup
drun: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DWe\dwtrig20.exe" -t
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Softwaree\BTTray.exe
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Program Files\Windows Desktop Searche\WindowsSearch.exe
.
ie: SteelWerX Registry Console Tool 2.0
ie: Written by Bobbi Flekman 2006 ©
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\&AOL Toolbar Search
ie: contexts REG_DWORD 16 (0x10)
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\E&xport to Microsoft Excel
ie: <NO NAME> REG_SZ res://c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE/3000
ie: Contexts REG_DWORD 1 (0x1)
.
ie: {SteelWerX Registry Console Tool 2.0
ie: {Written by Bobbi Flekman 2006 ©
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ie: { Icon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\REFBAR.ICO
ie: { HotIcon - REG_SZ c:\PROGRA~1\MICROS~2\Office12e\REFBARH.ICO
ie: { ButtonText - REG_SZ Research
ie: { Default Visible - REG_SZ Yes
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
ie: { MenuText - REG_SZ @xpsp3res.dll,-20001
ie: { Exec - REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ie: { ButtonText - REG_SZ Messenger
ie: { Default Visible - REG_SZ Yes
ie: { Exec - REG_SZ c:\Program Files\Messengere\msmsgs.exe
ie: { HotIcon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,302
ie: { Icon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,301
ie: { MenuText - REG_SZ Windows Messenger
ie: { ToolTip - REG_SZ Windows Messenger
IE: { CLSID - REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - {e0dd6cab-2d10-11d2-8f1a-0000f87abd16}\inprocserver32 does not exist!
IE: { BandCLSID - REG_SZ {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - {ff059e31-cc5a-4e2e-bf3b-96e929d65503}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{215B8138-A3CF-44C5-803F-8226143CFC0A}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{215B8138-A3CF-44C5-803F-8226143CFC0A}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{215B8138-A3CF-44C5-803F-8226143CFC0A}\Contains\Files
c:\WINDOWS\system32e\msvcrt.dll REG_SZ
c:\WINDOWS\system32e\mfc42.dll REG_SZ
c:\WINDOWS\system32e\olepro32.dll REG_SZ
c:\WINDOWS\system32e\msvcp60.dll REG_SZ
c:\WINDOWS\Downloaded Program Filese\Housecall_ActiveX.dll REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{215B8138-A3CF-44C5-803F-8226143CFC0A}\DownloadInformation
CODEBASE REG_SZ http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\hcImpl.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{215B8138-A3CF-44C5-803F-8226143CFC0A}\InstalledVersion
<NO NAME> REG_SZ 6,51,0,1028
LastModified REG_SZ Fri, 02 May 2008 11:23:10 GMT
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.24
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation
CODEBASE REG_SZ http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\erma.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\InstalledVersion
<NO NAME> REG_SZ 1,0,0,25
LastModified REG_SZ Tue, 04 Dec 2007 00:40:37 GMT
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.0
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.5
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.24
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.24
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters
NameServer REG_SZ
appinit_dlls: APSHook.dll
ssodl: wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\WINDOWS\system32e\WPDShServiceObj.dll
Microsoft AntiMalware ShellExecuteHook
.
Written by Bobbi Flekman 2006 ©
.
<NO NAME> REG_SZ Microsoft AntiMalware ShellExecuteHook
.
<NO NAME> REG_SZ c:\Program Files\Windows Defendere\MpShHook.dll
.
<NO NAME> REG_SZ c:\PROGRA~1\WIFD1F~1e\MpShHook.dll
ThreadingModel REG_SZ Both
HKEY_CLASSES_ROOT\clsid\{091eb208-39dd-417d-a5dd-7e2c2d8fb9cb}\ProgID
<NO NAME> REG_SZ Microsoft.AntiMalware.ShellExecuteHook.1
HKEY_CLASSES_ROOT\clsid\{091eb208-39dd-417d-a5dd-7e2c2d8fb9cb}\Programmable
.
<NO NAME> REG_SZ {879BD313-38C7-4052-9663-20BF58113873}
.
<NO NAME> REG_SZ Microsoft.AntiMalware.ShellExecuteHook
.
SteelWerX Registry Console Tool 2.0
.
HKEY_CLASSES_ROOT\clsid\{56f9679e-7826-4c84-81f3-532071a8bcc5}
AppID REG_SZ {320E4F5F-683B-44BE-8AD3-CD494F4EA77C}
.
<NO NAME> REG_SZ c:\Program Files\Windows Desktop Searche\MSNLNamespaceMgr.dll
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\clsid\{56f9679e-7826-4c84-81f3-532071a8bcc5}\ProgID
<NO NAME> REG_SZ MSNLNamespaceMgr.NamespaceMgr.1
HKEY_CLASSES_ROOT\clsid\{56f9679e-7826-4c84-81f3-532071a8bcc5}\TypeLib
<NO NAME> REG_SZ {ACC00AA1-73BA-4E89-A650-345A7E254A60}
HKEY_CLASSES_ROOT\clsid\{56f9679e-7826-4c84-81f3-532071a8bcc5}\VersionIndependentProgID
seh: <NO NAME> REG_SZ MSNLNamespaceMgr.NamespaceMgr
.
SteelWerX Registry Console Tool 2.0
.
HKEY_CLASSES_ROOT\clsid\{5ae067d3-9afb-48e0-853a-ebb7f4a000da}
AppID REG_SZ {C615554D-7B87-4275-84FF-8E0BA2AD071B}
.
<NO NAME> REG_SZ c:\Program Files\SUPERAntiSpywaree\SASSEH.DLL
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\clsid\{5ae067d3-9afb-48e0-853a-ebb7f4a000da}\ProgID
<NO NAME> REG_SZ ShellExecuteHook.SABShellExecuteHook.1
HKEY_CLASSES_ROOT\clsid\{5ae067d3-9afb-48e0-853a-ebb7f4a000da}\Programmable
.
<NO NAME> REG_SZ {D01E70E5-2E5A-4EDC-B8A7-84FA45346E34}
.
<NO NAME> REG_SZ ShellExecuteHook.SABShellExecuteHook
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
d; /.* /!d; s//securityproviders: /
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Authentication Packages REG_MULTI_SZ msv1_0
Bounds REG_BINARY 0030000000200000
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 1 (0x1)
LsaPid REG_DWORD 980 (0x3d4)
SecureBoot REG_DWORD 1 (0x1)
auditbaseobjects REG_DWORD 0 (0x0)
crashonauditfail REG_DWORD 0 (0x0)
disabledomaincreds REG_DWORD 0 (0x0)
everyoneincludesanonymous REG_DWORD 0 (0x0)
fipsalgorithmpolicy REG_DWORD 0 (0x0)
forceguest REG_DWORD 0 (0x0)
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 1 (0x1)
lmcompatibilitylevel REG_DWORD 0 (0x0)
nodefaultadminowner REG_DWORD 1 (0x1)
nolmhash REG_DWORD 0 (0x0)
restrictanonymous REG_DWORD 0 (0x0)
restrictanonymoussam REG_DWORD 1 (0x1)
Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems
windows REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\DOCUME~1\Staff\APPLIC~1\Mozilla\Firefox\Profiles\o2kcra2d.defaulte\
# Mozilla User Preferences
.
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/
.
user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1275496517);
user_pref("app.update.lastUpdateTime.background-update-timer", 1275496517);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1275496517);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1275496517);
user_pref("app.update.lastUpdateTime.places-maintenance-timer", 1275496517);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1275496517);
user_pref("browser.download.lastDir", "c:\\Documents and Settings\\Staff\e\Desktop");
user_pref("browser.download.manager.alertOnEXEOpen", true);
user_pref("browser.download.manager.retention", 0);
user_pref("browser.formfill.enable", false);
user_pref("browser.history_expire_days", 0);
user_pref("browser.history_expire_days.mirror", 180);
user_pref("browser.migration.version", 1);
user_pref("browser.places.importBookmarksHTML", false);
user_pref("browser.places.importDefaults", false);
user_pref("browser.places.leftPaneFolderId", -1);
user_pref("browser.places.migratePostDataAnnotations", false);
user_pref("browser.places.smartBookmarksVersion", 1);
user_pref("browser.places.updateRecentTagsUri", false);
user_pref("browser.rights.3.shown", true);
user_pref("browser.sessionstore.resume_session_once", true);
user_pref("browser.shell.checkDefaultBrowser", false);
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.7");
user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{20a82645-c095-46ed-80e3-08825760534b}:1.1,jqs@sun.com:1.0,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0,{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7");
user_pref("extensions.lastAppVersion", "3.5.7");
user_pref("extensions.update.notifyUser", true);
user_pref("general.useragent.extra.microsoftdotnet", "(.NET CLR 3.5.30729)");
user_pref("idle.lastDailyNotification", 1275503893);
user_pref("intl.charsetmenu.browser.cache", "us-ascii, windows-1252, Shift_JIS, ISO-8859-1, UTF-8");
user_pref("microsoft.CLR.auto_install", false);
user_pref("network.cookie.prefsMigrated", true);
user_pref("print.print_printer", "PDF Complete");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_bgcolor", false);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_bgimages", false);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_command", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts", false);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_left", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_right", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_top", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_evenpages", true);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footercenter", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footerleft", "&PT");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footerright", "&D");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headercenter", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headerleft", "&T");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headerright", "&U");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_in_color", true);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom", "0.5");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_left", "0.5");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_right", "0.5");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_top", "0.5");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_oddpages", true);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_orientation", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_pagedelay", 500);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_data", 1);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_height", " 11.00");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_width", " 8.50");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_reversed", false);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_scaling", " 1.00");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit", true);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_to_file", false);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_to_filename", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top", 0);
user_pref("print.printer_PDF_Complete.print_bgcolor", false);
user_pref("print.printer_PDF_Complete.print_bgimages", false);
user_pref("print.printer_PDF_Complete.print_command", "");
user_pref("print.printer_PDF_Complete.print_downloadfonts", false);
user_pref("print.printer_PDF_Complete.print_edge_bottom", 0);
user_pref("print.printer_PDF_Complete.print_edge_left", 0);
user_pref("print.printer_PDF_Complete.print_edge_right", 0);
user_pref("print.printer_PDF_Complete.print_edge_top", 0);
user_pref("print.printer_PDF_Complete.print_evenpages", true);
user_pref("print.printer_PDF_Complete.print_footercenter", "");
user_pref("print.printer_PDF_Complete.print_footerleft", "&PT");
user_pref("print.printer_PDF_Complete.print_footerright", "&D");
user_pref("print.printer_PDF_Complete.print_headercenter", "");
user_pref("print.printer_PDF_Complete.print_headerleft", "&T");
user_pref("print.printer_PDF_Complete.print_headerright", "&U");
user_pref("print.printer_PDF_Complete.print_in_color", true);
user_pref("print.printer_PDF_Complete.print_margin_bottom", "0.5");
user_pref("print.printer_PDF_Complete.print_margin_left", "0.5");
user_pref("print.printer_PDF_Complete.print_margin_right", "0.5");
user_pref("print.printer_PDF_Complete.print_margin_top", "0.5");
user_pref("print.printer_PDF_Complete.print_oddpages", true);
user_pref("print.printer_PDF_Complete.print_orientation", 0);
user_pref("print.printer_PDF_Complete.print_pagedelay", 500);
user_pref("print.printer_PDF_Complete.print_paper_data", 1);
user_pref("print.printer_PDF_Complete.print_paper_height", " 11.00");
user_pref("print.printer_PDF_Complete.print_paper_size_type", 0);
user_pref("print.printer_PDF_Complete.print_paper_size_unit", 0);
user_pref("print.printer_PDF_Complete.print_paper_width", " 8.50");
user_pref("print.printer_PDF_Complete.print_reversed", false);
user_pref("print.printer_PDF_Complete.print_scaling", " 1.00");
user_pref("print.printer_PDF_Complete.print_shrink_to_fit", true);
user_pref("print.printer_PDF_Complete.print_to_file", false);
user_pref("print.printer_PDF_Complete.print_to_filename", "");
user_pref("print.printer_PDF_Complete.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_PDF_Complete.print_unwriteable_margin_left", 0);
user_pref("print.printer_PDF_Complete.print_unwriteable_margin_right", 0);
user_pref("print.printer_PDF_Complete.print_unwriteable_margin_top", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_bgcolor", false);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_bgimages", false);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_command", "");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_downloadfonts", false);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_edge_bottom", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_edge_left", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_edge_right", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_edge_top", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_evenpages", true);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_footercenter", "");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_footerleft", "&PT");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_footerright", "&D");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_headercenter", "");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_headerleft", "&T");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_headerright", "&U");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_in_color", true);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_margin_bottom", "0.5");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_margin_left", "0.5");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_margin_right", "0.5");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_margin_top", "0.5");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_oddpages", true);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_orientation", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_pagedelay", 500);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_paper_data", 1);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_paper_height", " 11.00");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_paper_size_type", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_paper_size_unit", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_paper_width", " 8.50");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_reversed", false);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_scaling", " 1.00");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_shrink_to_fit", true);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_to_file", false);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_to_filename", "");
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_unwriteable_margin_left", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_unwriteable_margin_right", 0);
user_pref("print.printer_\\\\FRONTDESK\\HP_LaserJet_1020.print_unwriteable_margin_top", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_bgcolor", false);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_bgimages", false);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_command", "");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_downloadfonts", false);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_edge_bottom", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_edge_left", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_edge_right", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_edge_top", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_evenpages", true);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_footercenter", "");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_footerleft", "&PT");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_footerright", "&D");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_headercenter", "");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_headerleft", "&T");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_headerright", "&U");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_in_color", true);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_margin_bottom", "0.5");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_margin_left", "0.5");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_margin_right", "0.5");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_margin_top", "0.5");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_oddpages", true);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_orientation", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_pagedelay", 500);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_paper_data", 1);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_paper_height", " 11.00");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_paper_size_type", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_paper_size_unit", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_paper_width", " 8.50");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_reversed", false);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_scaling", " 1.00");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_shrink_to_fit", true);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_to_file", false);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_to_filename", "");
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_unwriteable_margin_left", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_unwriteable_margin_right", 0);
user_pref("print.printer_\\\\OFFICE\\Brother_MFC-7340_Printer.print_unwriteable_margin_top", 0);
user_pref("privacy.clearOnShutdown.offlineApps", true);
user_pref("privacy.clearOnShutdown.passwords", true);
user_pref("privacy.item.cookies", true);
user_pref("privacy.item.offlineApps", true);
user_pref("privacy.item.passwords", true);
user_pref("privacy.sanitize.didShutdownSanitize", true);
user_pref("privacy.sanitize.migrateFx3Prefs", true);
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("privacy.sanitize.timeSpan", 0);
user_pref("security.warn_viewing_mixed", false);
user_pref("spellchecker.dictionary", "en-US");
user_pref("symantec.browser.sessionstore.resume_from_crash.toggle", false);
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1278088221);
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.103", "");
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
Access.ACCDAExtension.12=c:\PROGRA~1\MICROS~2\Office12e\MSACCESS.EXE /NOSTARTUP "%1"
Access.ACCDCFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.ACCDEFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.ACCDRFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /RUNTIME "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.ACCDTFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.ADEFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.Application.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.BlankDatabaseTemplate.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1"
Access.BlankProjectTemplate.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1"
Access.Extension.12=c:\PROGRA~1\MICROS~2\Office12e\MSACCESS.EXE /NOSTARTUP "%1"
Access.MDBFile="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.MDEFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.Project.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9
Access.Shortcut.DataAccessPage.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%1"]
Access.Shortcut.Diagram.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDiagram "%1"]
Access.Shortcut.Form.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%1"]
Access.Shortcut.Function.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /SHELLSYSTEM [OpenFunction "%1"]
Access.Shortcut.Macro.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%1"]
Access.Shortcut.Module.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenModule "%1"]
Access.Shortcut.Query.1=c:\PROGRA~1\MICROS~2\Office12e\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenQuery "%1"]
Access.Shortcut.Report.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%1", 2]
Access.Shortcut.StoredProcedure.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%1"]
Access.Shortcut.Table.1=c:\PROGRA~1\MICROS~2\Office12e\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenTable "%1"]
Access.Shortcut.View.1="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenView "%1"]
Access.WizardDataFile.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.WizardUserDataFile.12="c:\PROGRA~1\MICROS~2\Office12e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.Workgroup.12="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE" /NOSTARTUP "%1"
accesshtmlfile="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE"
accessthmltemplate="c:\Program Files\Microsoft Office\Office12e\MSACCESS.EXE"
acrobat="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" /u "%1"
AcroExch.acrobatsecuritysettings.1="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.Document="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.Document.7="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.FDFDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.pdfxml.1="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.XDPDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.XFDFDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
acwfile=%SystemRoot%\system32\accwiz.exe %1
AIFFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AIR.InstallerPackage=c:\PROGRA~1\COMMON~1\ADOBEA~1\Versions\1.0e\ADOBEA~1.EXE "%1"
Application.Manifest=rundll32.exe dfshim.dll,ShOpenVerbApplication %1
Application.Reference=rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
ASFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
ASXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AUFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AVIFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:8 /Open "%L"
!d
Briefcase=explorer.exe %1
c2dRCCopy33.File="c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Maine\Roxio_Central33.exe" "%1"
callto=rundll32.exe msconf.dll,CallToProtocolHandler %l
CATFile=rundll32.exe cryptext.dll,CryptExtOpenCAT %1
cclaunch="c:\Program Files\CCleanere\ccleaner.exe" /%1
cdafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
CERFile=rundll32.exe cryptext.dll,CryptExtOpenCER %1
CertificateStoreFile=rundll32.exe cryptext.dll,CryptExtOpenSTR %1
certificate_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /certificate %1
!d
ChromeHTML="c:\Documents and Settings\Staff\Local Settings\Application Data\Google\Chrome\Applicatione\chrome.exe" -- "%1"
clpfile=clipbrd.exe %1
!d
!d
CompressedFolder=rundll32.exe zipfldr.dll,RouteTheCall %L
ConferenceLink=rundll32.exe msconf.dll,OpenConfLink %l
Coverpage=%systemroot%\system32\fxscover.exe "%1"
CRLFile=rundll32.exe cryptext.dll,CryptExtOpenCRL %1
cueRCCopy33.File="c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Maine\Roxio_Central33.exe" "%1"
daap=c:\Program Files\iTunese\iTunes.exe /url "%1"
divx_asf_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_avi_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_divx_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_div_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_mkv_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_mov_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_mp4_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_mpeg_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_mpg_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_qt_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_tix_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_vob_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_wmv_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
divx_xvid_file="c:\Program Files\DivX\DivX Plus Playere\DivX Plus Player.exe" "%1"
DocShortcut=rundll32 %SystemRoot%\System32\shscrap.dll,OpenScrap_RunDLL /r /x %1
dqyfile=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE
dunfile=%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1
emffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
Excel.Addin="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.AddInMacroEnabled="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Backup="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Chart=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE /e
Excel.CSV="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Macrosheet="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.OpenDocumentSpreadsheet.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Sheet.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Sheet.8="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SheetBinaryMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SheetMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.SLK="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Template="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Template.8="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.TemplateMacroEnabled="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.Workspace="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excel.XLL="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE" /e
Excelhtmlfile="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE"
Excelhtmltemplate="c:\Program Files\Microsoft Office\Office12e\EXCEL.EXE"
!d
feed="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
feeds="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
FirefoxHTML="c:\Program Files\Mozilla Firefoxe\firefox.exe" -requestPending -osint -url "%1"
FirefoxURL="c:\Program Files\Mozilla Firefoxe\firefox.exe" -requestPending -osint -url "%1"
fndfile=%SystemRoot%\Explorer.exe
Folder=%SystemRoot%\Explorer.exe /idlist,%I,%L
fonfile=%SystemRoot%\System32\fontview.exe %1
ftp="c:\Program Files\Internet Explorere\IEXPLORE.EXE" %1
giffile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
giRCCopy33.File="c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Maine\Roxio_Central33.exe" "%1"
gopher="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
h323file="rundll32.exe" msconf.dll,NewMediaPhone %l
HCP=%SystemRoot%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -FromHCP -url "%1"
helpfile=winhlp32.exe %1
hlpfile=%SystemRoot%\System32\winhlp32.exe %1
htafile=c:\WINDOWS\system32e\mshta.exe "%1" %*
htfile="c:\Program Files\Windows NTe\HYPERTRM.EXE" %1
htmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
HTTP="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
https="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
iiifile="rundll32.exe" msconf.dll,NewMediaPhone %l
!d
!d
InternetShortcut="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\ieframe.dll",OpenURL %l
iqyfile=c:\PROGRA~1\MICROS~2\Office12e\EXCEL.EXE /e
isoRCCopy33.File="c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Maine\Roxio_Central33.exe" "%1"
itls=c:\Program Files\iTunese\iTunes.exe /url "%1"
itms=c:\Program Files\iTunese\iTunes.exe /url "%1"
itmss=c:\Program Files\iTunese\iTunes.exe /url "%1"
itpc=c:\Program Files\iTunese\iTunes.exe /url "%1"
ITS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
ItTalsnap.File=ASRunDll.exe ittalsnap.dll, DllRestoreIdentity %1
iTunes=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.aa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aax="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aif="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aifc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aiff="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.AssocProtocol.itls=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.cda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.cdda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipsw="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itdb="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ite="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itl="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itlp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itms="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itpc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u8="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4a="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4b="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4p="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4r="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4v="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mov="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp2="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp3="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpeg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pcast="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.rmp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wav="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wave="c:\Program Files\iTunese\iTunes.exe" /open "%L"
Ivi.MediaFile="c:\Program Files\InterVideo\WinDVDe\WinDVD.exe" %1
iwin="c:\Program Files\iWin Gamese\iWinGames.exe" "%1"
jarfile="c:\Program Files\Java\jre6\bine\javaw.exe" -jar "%1" %*
JNLPFile="c:\Program Files\Java\jre6\bine\javaws.exe" "%1"
jpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
LDAP="c:\Program Files\Outlook Expresse\wab.exe" /ldap:%1
m3ufile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
MacromediaFlashPaper.MacromediaFlashPaper="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome "%1"
mailto="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" -c IPM.Note /m "%1"
mbam.script="c:\Program Files\Malwarebytes' Anti-Malwaree\mbam.exe" %1
MediaPackageFile="c:\Program Files\Microsoft Office\Office12e\MSTORE.EXE" "%1"
MedicalImagingSystem.Document=D:\eFilmLt.exe /dde
mhtmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
Microsoft Internet Mail Message="%ProgramFiles%\Outlook Express\msimn.exe" /eml:%1
Microsoft Internet News Message="%ProgramFiles%\Outlook Express\msimn.exe" /nws:%1
Microsoft.InformationCard=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
Microsoft.PowerShellConsole.1="c:\WINDOWS\system32\WindowsPowerShell\v1.0e\powershell.exe" -p "%1"
Microsoft.WindowsCardSpaceBackup=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
MIDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
MITrain.Document=c:\WINDOWS\Help\SBSI\Traininge\ORUN32.EXE -f "%1"
MMS="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMST="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMSU="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
mp3file="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
mpegfile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:9 /Open "%L"
MPlayer=mplay32.exe /play /close "%L"
msbackupfile=%SystemRoot%\system32\ntbackup.exe
MSBD="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MSCFile=%SystemRoot%\system32\mmc.exe "%1" %*
MSDASC=Rundll32.exe c:\PROGRA~1\COMMON~1\System\OLEDB~1e\oledb32.dll,OpenDSLFile %1
Msi.Package="%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Patch="%SystemRoot%\System32\msiexec.exe" /p "%1" %*
MSInfo.Document=c:\Program Files\Common Files\Microsoft Shared\MSInfoe\MSInfo32.exe /msinfo_file %1
MSProgramGroup=c:\WINDOWS\system32e\grpconv.exe %1
MsRcIncident=%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"
msstylesfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"
MyDVD9.Project="c:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoUI 9e\MyDVD9.exe" "%1"
news="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
nntp="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
OfficeListShortcut="c:\Program Files\Microsoft Office\Office12e\MSPUB.EXE" %1
OfficeTheme.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
oms=rundll32.exe c:\PROGRA~1\MICROS~2\Office12e\OMSMAIN.DLL, OmsProtocolHandler %1
ooostub.CalcDocument.1="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.DatabaseDocument.1="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.DrawDocument.1="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.Extension.1="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" gui "%1"
ooostub.ImpressDocument.1="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.MathDocument.1="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.StarCalcDocument.6="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.StarDrawDocument.6="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.StarImpressDocument.6="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.StarMathDocument.6="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.StarWriterDocument.6="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.StarWriterGlobalDocument.6="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.WriterDocument.1="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.WriterGlobalDocument.1="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
ooostub.WriterWebTemplate.1="c:\Program Files\Sun\OpenOffice.org Installer 1.0e\ooostub.exe" -o "%1"
otffile=%SystemRoot%\System32\fontview.exe %1
Outlook.File.hol="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /hol "%1"
Outlook.File.ibc="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /v "%1"
Outlook.File.ics="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /ical "%1"
Outlook.File.msg="c:\Program Files\Microsoft Office\Office12e\OUTLOOK.EXE" /f "%1"
Outlook.File.vcf="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /v "%1"
Outlook.File.vcs="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /vcal "%1"
Outlook.Template="c:\Program Files\Microsoft Office\Office12e\OUTLOOK.EXE" /t "%1"
Outlook.URL.feed="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
Outlook.URL.mailto="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" -c IPM.Note /m "%1"
Outlook.URL.stssync="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
Outlook.URL.webcal="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
outlookfeed="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
outlookfeeds="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
P7RFile=rundll32.exe cryptext.dll,CryptExtOpenP7R %1
P7SFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
Paint.Picture=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pbkfile=%SystemRoot%\system32\rasphone.exe -f "%1"
pcast=c:\Program Files\iTunese\iTunes.exe /url "%1"
pdfvista.Document.3="c:\Program Files\PDF Completee\pdfvista.exe"
PerfFile=%SystemRoot%\system32\perfmon.exe %1
pfmfile=%SystemRoot%\System32\fontview.exe %1
!d
pjpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pngfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
PowerPoint.Addin.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Addin.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.OpenDocumentPresentation.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Show.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Show.4=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Show.7=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Show.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.ShowMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Slide.12=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.4=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.7=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.Slide.8=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.SlideMacroEnabled.12=c:\PROGRA~1\MICROS~2\Office12e\POWERPNT.EXE "%1"
PowerPoint.SlideShow.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShow.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShowMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" /s "%1"
PowerPoint.Template.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Template.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.TemplateMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
PowerPoint.Wizard.8="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE" "%1"
powerpointhtmlfile="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
powerpointhtmltemplate="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
powerpointxmlfile="c:\Program Files\Microsoft Office\Office12e\POWERPNT.EXE"
prffile="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\msrating.dll",ClickedOnPRF %1
Publisher.Document.12="c:\Program Files\Microsoft Office\Office12e\MSPUB.EXE" %1
Publishing Folder=explorer.exe /idlist,%I,%L
QuickTime.3g2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gpp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aac=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.ac3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.adts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aifc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aiff=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.amc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.AMR=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.au=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.avi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.bmp=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.bwf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.caf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cdda=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cel=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dib=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.dif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.flc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.fli=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gsm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.jp2=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpe=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpeg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.kar=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m15=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1s=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3u=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3url=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4b=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4p=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m75=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mac=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.mid=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.midi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mov=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp4=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpeg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mqv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.pct=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pic=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pict=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.png=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pnt=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pntg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.psd=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qcp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qht=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qhtm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qt=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qti=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtl=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.rgb=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.rts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.rtsp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sd2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sgi=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.smf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smil=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sml=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.snd=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.swa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.targa=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tga=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tiff=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.ulw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.vfw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.wav=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
ratfile="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\msrating.dll",ClickedOnRAT %1
!d
!d
rlogin="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
RoxioCentral.File="c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Maine\Roxio_Central33.exe" "%1"
RoxioEMC9.DMSS="c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOMe\RoxWizardLauncher9.exe" /{3ABC61E2-5129-48CE-AD66-0A050A459D5D} "%1"
rtffile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
Safari.safariextz="c:\Program Files\Safarie\Safari.exe" "%1"
Safari.webarchive="c:\Program Files\Safarie\Safari.exe" "%1"
SafariDownload="c:\Program Files\Safarie\Safari.exe" -url "%1"
SafariHTML="c:\Program Files\Safarie\Safari.exe" -url "%1"
SafariURL="c:\Program Files\Safarie\Safari.exe" -url "%1"
SavedDsQuery=rundll32 %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1
!d
scriptletfile="c:\WINDOWSe\NOTEPAD.EXE" "%1"
Search-ms="c:\Program Files\Windows Desktop Searche\WindowsSearch.exe" /url "%1"
SHCmdFile=explorer.exe
Shell=%SystemRoot%\Explorer.exe /idlist,%I,%L
ShellScrap=rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
snews="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
SoundRec="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
SPCFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
STLFile=rundll32.exe cryptext.dll,CryptExtOpenCTL %1
stssync="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
T126_Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" - "%1"
telnet="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
themefile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"
TIFImage.Document=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
tn3270="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
ttcfile=%SystemRoot%\System32\fontview.exe %1
ttffile=%SystemRoot%\System32\fontview.exe %1
!d
ulsfile="rundll32.exe" msconf.dll,NewMediaPhone %l
vcard_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /vcard %1
VideoWave9.Project="c:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoUI 9e\VideoWave9.exe" /Edit %1
VisioViewer.Viewer="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
VroomSap.1=
wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" %1
WAXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
webcal="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
webcals="c:\PROGRA~1\MICROS~2\Office12e\OUTLOOK.EXE" /share "%1"
webpnpFile=%SystemRoot%\system32\wpnpinst.exe %1
Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" "%1"
Windows.CompositeFont="%WinDir%\System32\notepad.exe" "%1"
Windows.Movie.Maker="c:\Program Files\Movie Makere\moviemk.exe" %1
Windows.XamlDocument="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
Windows.Xbap="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
WinDVD.playback=c:\Program Files\InterVideo\WinDVDe\WinDVD.exe %1
wmafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:5 /Open "%L"
WMDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /WMPackage:"%L"
wmffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
WMP.DVR-MSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
WMSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
WMTContent=c:\Program Files\Windows Media Playere\wmplayer.exe "%L"
WMTMedia=c:\Program Files\Windows Media Playere\wmplayer.exe "%L"
WMVFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
WMZFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
Word.Backup.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Document.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Document.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.DocumentMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.OpenDocumentText.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.RTF.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Template.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.Template.8="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
Word.TemplateMacroEnabled.12="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE" /n /dde
wordhtmlfile="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE"
wordhtmltemplate="c:\Program Files\Microsoft Office\Office12e\WINWORD.EXE"
Wordpad.Document.1="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
WPLFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
wrifile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
WVXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
x-internet-signup=%ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE %1
XEV.FailSafeApp=%SystemRoot%\system32\NOTEPAD.EXE %1
XEV.GenericApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
XEV.OriginalApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
xmlfile="c:\Program Files\Common Files\Microsoft Shared\OFFICE12e\MSOXMLED.EXE" /verb open "%1"
XPSViewer.Document.1="c:\WINDOWS\system32\XPSViewere\XPSViewer.exe" "%1" %*
xslfile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
zapfile=%SystemRoot%\system32\NOTEPAD.EXE %1
.bat
.cmd
.com
.exe
.scr
.reg
.txt
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 16:21:18.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Bahamut47

Bahamut47
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 30 March 2011 - 03:49 PM

I believe I have taken care of the problem: TDL3 rootkit removed with TDSSKIller. I am conducting additional scans to make sure that nothing is left and am requesting this topic be closed. Thank you! :thumbsup:

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 30 March 2011 - 03:57 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users