[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: Main\\"Local Page" -> \blank.htm ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: Main\\"Start Page" ->
http://www.ask.com/?o=13920&l=dis ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: "ProxyEnable" -> 1 ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: "ProxyOverride" -> <local> ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: "ProxyServer" -> http=127.0.0.1:5555 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Toni\Application Data\Mozilla\FireFox\Profiles\r8se12d9.default\prefs.js ->
browser.search.defaultenginename -> "Ask" ->
browser.search.order.1 -> "Ask" ->
browser.search.selectedEngine -> "Ask" ->
browser.startup.homepage -> "
www.google.com" ->
extensions.enabledItems ->
[email protected]:1.0 ->
extensions.enabledItems ->
[email protected]:1.0.0.%(version)s ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 ->
extensions.enabledItems ->
[email protected]:1.0.12514 ->
keyword.URL -> "
http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=" ->
network.proxy.no_proxies_on -> "*.local" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/12 20:30:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/04 12:39:39 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Toni\Application Data\Mozilla\Extensions -> [2009/01/29 11:53:42 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions -> [2010/04/12 14:27:47 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/07/05 18:47:02 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
ask.xml -> C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\searchplugins\ask.xml -> [2009/10/09 13:45:36 | 000,000,681 | ---- | M | MD5 = 7742DCC23BE1CEC91CCDB4851D366DAF] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/04/12 07:37:57 | 000,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\
[email protected] -> [2010/04/12 20:32:15 | 000,000,000 | ---D | M]
< HOSTS File > ([2004/08/04 08:00:00 | 000,000,734 | ---- | M | MD5 = DE1CBFE6C3086010AF115A1F00909B01] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2003/05/15 04:47:54 | 000,050,376 | ---- | M | MD5 = 0C0E1B2BCAED8DF401BE94D538BCB412] (Adobe Systems Incorporated)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M | MD5 = F655CDD5506FBB4C40C08C9C6A66F7C8] (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [2003/05/15 05:03:46 | 000,147,456 | ---- | M | MD5 = 44BCFF08947790E74BD7CC7532D2B793] ()
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M | MD5 = 28455424E3C8B81661C5A40E18066BB1] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M | MD5 = 28455424E3C8B81661C5A40E18066BB1] (Microsoft Corporation)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2003/05/15 05:03:46 | 000,147,456 | ---- | M | MD5 = 44BCFF08947790E74BD7CC7532D2B793] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M | MD5 = 28455424E3C8B81661C5A40E18066BB1] (Microsoft Corporation)
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2003/05/15 05:03:46 | 000,147,456 | ---- | M | MD5 = 44BCFF08947790E74BD7CC7532D2B793] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"Ad-Watch" -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2010/01/27 06:15:13 | 000,788,880 | ---- | M | MD5 = 17B7EE982055EE0660A3C512D07E5111] (Lavasoft)
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 06:43:00 | 000,069,632 | R--- | M | MD5 = 8B4CBBA1EA526830C7F97E7822E2493A] (Realtek Semiconductor Corp.)
"cafw" -> C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl] -> [2009/01/28 14:26:17 | 000,771,312 | ---- | M | MD5 = ADEADCD30EF7B161F42E68B5BD648459] (CA, Inc.)
"capfasem" -> C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe] -> [2009/01/28 14:26:17 | 000,173,296 | ---- | M | MD5 = 7A2C8D52EFFC7DCFAFDF6A90AE8B3235] (CA, Inc.)
"capfupgrade" -> C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe] -> [2009/01/28 14:26:17 | 000,259,312 | ---- | M | MD5 = A437B5E4D65978867CD0B647DCCBBD48] (CA, Inc.)
"CAVRID" -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe ["C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"] -> [2009/11/29 17:15:27 | 000,230,640 | ---- | M | MD5 = 604F59EF3BF029BC092F8196A7996AD7] (CA, Inc.)
"cctray" -> C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe ["C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"] -> [2009/05/21 20:14:48 | 000,181,488 | ---- | M | MD5 = 76AC1FBBB28054EDFA6ABB85E24B32EB] (CA, Inc.)
"CPMonitor" -> C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ["C:\Program Files\Roxio 2010\5.0\CPMonitor.exe"] -> [2009/07/21 12:50:02 | 000,084,464 | ---- | M | MD5 = 5287A55084B154E6D7848E68E4B4834A] ()
"Desktop Disc Tool" -> C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ["C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"] -> [2009/06/23 02:18:52 | 000,494,064 | ---- | M | MD5 = C09AEE8C0BF3DBE298CBFF97E305DDD8] ()
"LogitechCommunicationsManager" -> C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> [2008/08/14 17:11:48 | 000,565,008 | ---- | M | MD5 = C68BD48274B8C6E4401CF9F71A0CA4BD] ()
"LogitechQuickCamRibbon" -> C:\Program Files\Logitech\QuickCam\Quickcam.exe ["C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide] -> [2008/08/14 17:15:46 | 002,407,184 | ---- | M | MD5 = CB619A546FCCBD72A2E9A7F3E0B22907] ()
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/09/18 03:55:00 | 013,574,144 | ---- | M | MD5 = 89C7169D6161D98585880E3079D721F3] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/09/18 03:55:00 | 000,086,016 | ---- | M | MD5 = C01F5EFFCF7D51921722D96AE4140727] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2008/09/18 03:55:00 | 001,657,376 | ---- | M | MD5 = 7ADC35508F0C8D21197DD9988BDD42A4] ()
"QOELOADER" -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe ["C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"] -> [2009/01/28 14:26:18 | 000,014,088 | ---- | M | MD5 = C6FDDD2C135C05CFC34C9A6AD66DC8C7] (CA)
"RoxWatchTray" -> C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe ["C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"] -> [2009/07/24 09:33:24 | 000,240,112 | ---- | M | MD5 = 11BA16C682931D089996ECDBC21809BB] (Sonic Solutions)
"SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2007/06/15 04:45:00 | 001,826,816 | R--- | M | MD5 = D373E15EB5E2E463EF01CF7BD8D7A1DF] (Realtek Semiconductor Corp.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/05/15 05:19:50 | 000,217,193 | ---- | M | MD5 = 78BFE3201ADA2FE02D1E35D2488E5F55] (Adobe Systems Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/27 02:19:14 | 000,123,904 | ---- | M | MD5 = B5C9F63C01FCFEC3F64EC6A0940A1825] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Toni Startup Folder > -> C:\Documents and Settings\Toni\Start Menu\Programs\Startup ->
C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 23:16:50 | 000,113,664 | ---- | M | MD5 = C2FF17734176CD15221C10044EF0BA1A] (Adobe Systems, Inc.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoCDBurning" ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"CDRAutoRun" ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"CDRAutoRun" ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M | MD5 = F008B25C34C98E4F207B00852E25E97D] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M | MD5 = F008B25C34C98E4F207B00852E25E97D] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}" [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M | MD5 = F008B25C34C98E4F207B00852E25E97D] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
cinemanow.com .[http] -> Trusted sites ->
cinemanow.com .[https] -> Trusted sites ->
qflix.com .[http] -> Trusted sites ->
roxio.com .[http] -> Trusted sites ->
redirect_sonic.com [http] -> Trusted sites ->
redirect2_sonic.com [http] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] ->
http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab [Office Genuine Advantage Validation Tool] ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] ->
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] ->
http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] ->
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] ->
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] ->
http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] ->
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] ->
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] ->
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.15.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{00CD242A-285D-4678-B089-A8855EEF0B2B}\\DhcpNameServer -> 192.168.15.1 (NVIDIA nForce Networking Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
PFW -> C:\WINDOWS\System32\UmxWNP.dll -> [2007/05/18 17:30:00 | 000,079,368 | ---- | M | MD5 = 09ECADCDDE96AB045B34AE8DCDFDDF3B] (CA)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 22:41:34 | 000,304,128 | ---- | M | MD5 = 994AD0D8550B8B26990A6E3AA0791502] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 13:05:30 | 001,169,224 | ---- | M | MD5 = F12BC57A34FA372F85FB1B6A2FE8C4A3] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" -> C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe [C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager] -> [2009/06/23 18:39:56 | 002,088,808 | ---- | M | MD5 = 2A896BC97DC2EFB4B7477030C5B3BFD5] (CinemaNow Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/05/12 09:34:58 | 000,151,635 | ---- | M | MD5 = 933F8525453829650D7959C8F56E28AE] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2005/05/24 03:34:36 | 000,057,344 | ---- | M | MD5 = E81BA0F9D470658FCCCB39F4F4179866] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2005/05/24 03:17:46 | 000,225,280 | ---- | M | MD5 = A6158B78B155041BAEAEEC8C31907189] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2005/05/24 03:18:00 | 000,040,960 | ---- | M | MD5 = 5B2E6895B8E30A9C29DD708060DD537D] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2005/05/24 03:13:32 | 000,081,920 | ---- | M | MD5 = A160625AFF3967321014ECFEC2ED41B6] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2005/05/24 03:42:00 | 000,172,032 | ---- | M | MD5 = 574353FF3FDEE2C5352761C744953CD0] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2005/05/24 03:18:52 | 000,458,752 | ---- | M | MD5 = 3680CD90BCE2B7C731B20E7CA9E8877F] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2005/03/15 16:17:50 | 000,704,512 | ---- | M | MD5 = 35E015E8FF8DDE3AB20177E71EECEF2B] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2005/03/15 16:12:10 | 000,417,792 | ---- | M | MD5 = 559F93648846D522B0AFE9C2A9A7E5C8] ()
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/07/13 14:02:56 | 014,074,656 | ---- | M | MD5 = F5BDBF356BC29A09C12F7BF576A7CD2E] (Apple Inc.)
"C:\Program Files\Roxio 2010\Venue\Venue.exe" -> C:\Program Files\Roxio 2010\Venue\Venue.exe [C:\Program Files\Roxio 2010\Venue\Venue.exe:*:Enabled:Roxio Venue] -> [2009/06/24 23:49:02 | 000,772,592 | ---- | M | MD5 = BD9D2496CED14E5B78FDA77F29BCCBF1] (Sonic Solutions)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2010/03/22 13:58:53 | 000,319,792 | ---- | M | MD5 = E5A1E18EC3158460A73D293241369C39] (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 13:05:30 | 001,169,224 | ---- | M | MD5 = F12BC57A34FA372F85FB1B6A2FE8C4A3] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/28 09:08:04 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ NTFS ] -> [2006/06/17 05:41:16 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
E:\Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ] -> E:\Autorun.inf [ FAT32 ] -> [2004/09/13 12:15:24 | 000,000,053 | -HS- | M | MD5 = A09D73C07892E2C770B865716C556949] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell
\E\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun
\E\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell
\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell\AutoRun
\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell\AutoRun\command
\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell\AutoRun\command\\"" -> K:\LaunchU3.exe [K:\LaunchU3.exe -a] -> File not found
\{5f0b48d7-ed54-11dd-b6f8-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f0b48d7-ed54-11dd-b6f8-806d6172696f}\Shell
\{5f0b48d7-ed54-11dd-b6f8-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f0b48d7-ed54-11dd-b6f8-806d6172696f}\Shell\AutoRun
\{5f0b48d7-ed54-11dd-b6f8-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->