Thread: Computer has been hijacked - IE/Firefox inoperable
View Single Post
Old 08-09-2008, 10:22 AM   #4 (permalink)
rath
Registered User
 
Join Date: Jan 2007
Posts: 22
OS: xp pro


Re: Computer has been hijacked - IE/Firefox inoperable
Hi Reid,
Thanks for the help. Sorry for my lack of technical terminology! The laptop started back up after I went on in safe mode and deleted a startup process that didn't look right. I hope that didn't make this a bigger mess than it already is! Here's the DSS log:



Deckard's System Scanner v20071014.68
Run by THOMAS DEMENTI on 2008-08-09 11:57:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x0000013D


-- Last 5 Restore Point(s) --
138: 2008-08-07 20:43:45 UTC - RP1011 - Printer Driver Foxit PDF Printer Driver Installed
137: 2008-08-07 16:51:45 UTC - RP1010 - Software Distribution Service 3.0
136: 2008-08-07 07:00:22 UTC - RP1009 - Software Distribution Service 3.0
135: 2008-08-06 20:14:20 UTC - RP1008 - Installed Easy Resume Creator Pro
134: 2008-08-06 07:00:20 UTC - RP1007 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-12 03:21:16 UTC - RP874 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as THOMAS DEMENTI.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:32 AM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\THOMAS DEMENTI\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\THOMAS DEMENTI.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cvrmls.marketlinx.com/Login/L...?ReturnUrl=%2f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mxlivemedia browser optimizer - {17ff672b-70fd-452a-a669-d84d2c1497f2} - C:\WINDOWS\system32\qihdhapgap.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [{1a5163e5-12c4-dd30-6a7b-52415beaa843}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\qihdhapgap.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://rein.mlxchange.com/Control/Mu...ctComboBox.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.onlinegis.net/download/Mg...B/mgaxctrl.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://rein.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://rein.mlxchange.com/3.0.10.88/...l/IRCSharc.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O21 - SSODL: tfnslopk - {C1212488-CF10-4965-A004-CD64BD60FEAB} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9634 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 VNUSB (VN Series Device) - c:\windows\system32\drivers\vnusb.sys <Not Verified; OLYMPUS IMAGING CORP.; VVRUSB Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

S4 Coafdiu -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 11:00:00 504 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-08-09 02:22:27 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-06 08:32:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-08 16:40:40 0 dr-h----- C:\Documents and Settings\THOMAS DEMENTI\Recent
2008-08-08 15:09:23 0 d-------- C:\Program Files\Trend Micro
2008-08-08 13:49:06 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-08 12:52:39 0 d-------- C:\Program Files\Lavasoft
2008-08-08 12:52:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-08 12:52:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-07 17:25:46 0 d-------- C:\Program Files\Windows Defender
2008-08-07 16:52:29 64362 --a------ C:\WINDOWS\system32\olcdfuyknfsw.exe
2008-08-07 16:52:25 0 d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-07 16:50:33 139264 --a------ C:\WINDOWS\edsa.exe
2008-08-07 16:50:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Secure Solutions
2008-08-07 10:17:13 0 d-------- C:\Program Files\Foxit Software
2008-08-06 16:16:48 0 d-------- C:\Documents and Settings\THOMAS DEMENTI\Application Data\Sarm Software
2008-08-06 16:14:34 0 d-------- C:\Program Files\Sarm Software
2008-08-05 09:45:51 0 d-------- C:\Program Files\RamBooster 2.0
2008-08-04 18:01:17 0 d-------- C:\Program Files\iPod
2008-08-04 18:01:13 0 d-------- C:\Program Files\iTunes
2008-07-21 17:44:33 0 d-------- C:\Program Files\Bonjour
2008-07-21 17:43:23 0 d-------- C:\Program Files\QuickTime
2008-07-21 14:03:30 0 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-07-21 14:01:44 0 d-------- C:\Program Files\Canon
2008-07-21 13:59:52 0 d-------- C:\Program Files\Common Files\Canon
2008-07-21 10:05:48 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-14 09:14:12 158208 --a------ C:\WINDOWS\system32\qihdhapgap.dll


-- Find3M Report ---------------------------------------------------------------

2008-08-08 13:48:21 0 d-------- C:\Program Files\Symantec
2008-08-08 13:48:10 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-08 13:48:06 0 d-------- C:\Program Files\Symantec AntiVirus
2008-08-08 12:52:10 0 d-------- C:\Program Files\Common Files
2008-08-08 12:46:37 0 d-------- C:\Documents and Settings\THOMAS DEMENTI\Application Data\uTorrent
2008-08-07 16:44:48 6262 --a------ C:\Documents and Settings\THOMAS DEMENTI\Application Data\wklnhst.dat
2008-08-06 10:46:07 0 d-------- C:\Documents and Settings\THOMAS DEMENTI\Application Data\Adobe
2008-08-04 18:02:56 0 d-------- C:\Program Files\Apple Software Update
2008-07-27 18:41:47 0 d-------- C:\Program Files\Full Tilt Poker
2008-07-26 13:15:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-21 10:05:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-17 08:24:37 0 d-------- C:\Program Files\IrfanView
2008-07-08 15:45:42 0 d-------- C:\Documents and Settings\THOMAS DEMENTI\Application Data\Logitech
2008-07-08 15:44:27 0 d-------- C:\Program Files\Common Files\Logishrd
2008-07-08 15:40:02 0 d-------- C:\Program Files\Logitech
2008-06-19 16:42:39 0 d-------- C:\Documents and Settings\THOMAS DEMENTI\Application Data\Mozilla
2008-06-03 10:09:22 6081 --a----c- C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17ff672b-70fd-452a-a669-d84d2c1497f2}]
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservicesonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce
HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce
HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices
HKEY_USERS\.default\software\microsoft\windows\currentversion\runservicesonce
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/8/2008 3:40:53 PM]
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer

Written by Bobbi Flekman 2006 (C)
GeneralFlags REG_DWORD 5 (0x5)
RestoredStateInfo REG_BINARY 180000006a02000023000000a40000009a00000001000000

REGEDIT4
"DefaultDomainName"="HAL"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions]
"NoGPOListChanges"=dword:00000001
2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
00
"MaxNoGPOListChangesInterval"=dword:00000001
00
"RequiresSuccessfulRegistry"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
74,61,6c,6c,65,72,2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00
"NoGPOListChanges"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify]
"Logoff"="ChainWlxLogoffEvent"
"Logoff"="CryptnetWlxLogoffEvent"
"Asynchronous"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
"Logoff"="IntelUserLogoff"
"Shutdown"="OnShutdown"
"StartShell"="LBTWLgn_STARTSHELL"
"LoginDomain"=""
"Asynchronous"=dword:00000001
"Logoff"="SchedEventLogOff"
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00
"Asynchronous"=dword:00000001
"Disconnect"="TSEventDisconnect"
"Event"=dword:00000002
ed,22,fc,bc,7d,4f,83,44,c1,14,64,b2
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts]
"ASPNET"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials]
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ cscdll.dll
!d;s/.*t//;s/
[hkey.*/n
!d;s/.*t//;s/
[hkey.*/n
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
!d;s/.*t//;s/
[hkey.*/n
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn
!d;s/.*t//;s/
[hkey.*/n
LoginDomain REG_SZ
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ wlnotify.dll
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Logoff REG_SZ WLEventLogoff
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ WlNotify.dll
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Logon REG_SZ WLEventLogon
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ wlnotify.dll

Written by Bobbi Flekman 2006 (C)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000007000b000000000007000b0000003f000000020000000400010001000000000000000000000000000000440000000100560061007200460069006c00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f006e00000000000904e404f0030000010053007400720069006e006700460069006c00650049006e0066006f000000cc03000001003000340030003900300034004500340000004a001900010043006f006d006d0065006e007400730000004300720079007300740061006c002000530051004c002000440065007300690067006e0065007200200037002e0030000000000088003400010043006f006d00700061006e0079004e0061006d006500000000005300650061006700610074006500200053006f00660074007700610072006500200049006e0066006f0072006d006100740069006f006e0020004d0061006e006100670065006d0065006e0074002000470072006f00750070002c00200049006e0063002e000000ae00450001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000280063002900200031003900390031002d003100390039001000000000000000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 5409000054020000000200008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe000001000200a8112e0400000200a8112e0400003f000000200000000400000001000000000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c002000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300410050002000410047002c002000570061006c006c0064006f0072006600000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500320030002e0032002e0030002e003100300037003000000032000900010049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b00200033000000230054020000000200008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010003009e112604000003009e11260400003f000000200000000400000001000000000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c002000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300410050002000410047002c002000570061006c006c0064006f0072006600000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500310030002e0033002e0030002e003100300036003200000032000900010049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b0020003300000023005402000000020000200334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010000000400f003000000000400f00300003f0000000000000004000100010000000000000000000000000000007e020000010053007400720069006e006700460069006c00650049006e0066006f0000005a02000001003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f00770073000000000036000b000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002e003100300030003800000000002c000600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390033002d0031003900390037002000530041005000200041004700000000002800000001004c006500670061006c0054007200610064000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b0020003300000023005402000000020000180334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010000000400dd03000000000400dd0300003f00000000000000040001000100000000000000000000000000000078020000010053007400720069006e006700460069006c00650049006e0066006f0000005402000001003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f00770073000000000034000a000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002e0039003800390000002c000600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390033002d0031003900390037002000530041005000200041004700000000002800000001004c006500670061006c00540072006100640065006d000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b002000330000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 5802000054020000000200006c0734000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000000000000000000000000000cc060000010053007400720069006e006700460069006c00650049006e0066006f00000054030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009c003c0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000300000002000000530065007200760069006300650020005000610063006b002000340000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100010001000c000000010001000c00000000000000000000000400000001000000000000000000000000000000440000000000560061007200460069006c00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f006e00000000000904b004a4010000010053007400720069006e006700460069006c00650049006e0066006f00000080010000010030003400300039003000340042003000000040002000010043006f006d00700061006e0079004e0061006d00650000000000440065004c006f0072006d00650020004d0061007000700069006e0067000000440022000100500072006f0064007500630074004e0061006d006500000000005200650067002000280044004c0069006200620079005c006d0073006600290000000000340014000100460069006c006500560065007200730069006f006e000000000031002e00300031002e0030003000310032000000380014000100500072006f006400750063007400560065007200730069006f006e00000031002e00300031002e003000300031003200000034001200010049006e007400650072006e0061006c004e0061006d00650000004d004e00470052004500470033003200000000000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b002000330000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
GlobalFlag REG_SZ 0x00200000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
GlobalFlag REG_SZ 0x00200000
DisableHeapLookAside REG_SZ 1
DisableHeapLookAside REG_SZ 1
ApplicationGoo REG_BINARY 140200001002000000020000b40234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100350007000000000035000700000000003f00000000000000040000000100000000000000000000000000000012020000010053007400720069006e006700460069006c00650049006e0066006f000000ee010000010030003400300039003000340062003000000042001100010043006f006d00700061006e0079004e0061006d00650000000000500065006f0070006c00650053006f00660074002c00200049006e0063002e0000000000280000000100460069006c0065004400650073006300720069007000740069006f006e00000000002a0005000100460069006c006500560065007200730069006f006e000000000037002e0035003300000000009c003c0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900380038002d0031003900390038002000500065006f0070006c00650053006f00660074002c00200049006e0063002e002000200041006c006c00200052006900670068007400730020005200650073006500720076006500640000003c000a0001004f0072006900670069006e0061006c00460069006c0065006e0061006d00650000007000730064006d0074002e001000000000000000
DisableHeapLookAside REG_SZ 1
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000000000000000000000000000e4060000010053007400720069006e006700460069006c00650049006e0066006f00000060030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009e003d0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b0020003300000024005402000000020000a40834000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000004080000010053007400720069006e006700460069006c00650049006e0066006f000000f0030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000a600410001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b0020003300000024005402000000020000180434000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000078030000010053007400720069006e006700460069006c00650049006e0066006f00000054030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009a003b0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b002000330000002400
ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe000001001c0008000000000000000800000000003f00000000000000040000000100000000000000000000000000000064020000010053007400720069006e006700460069006c00650049006e0066006f00000040020000010030003400300039003000340062003000000044001200010043006f006d00700061006e0079004e0061006d0065000000000043006f00720065006c00200043006f00720070006f0072006100740069006f006e0000004e0013000100460069006c0065004400650073006300720069007000740069006f006e000000000043006f00720065006c002000530065007400750070002000570069007a00610072006400000000002c0006000100460069006c006500560065007200730069006f006e000000000038002e00300032003800000046001300010049006e007400650072006e0061006c004e0061006d006500000043006f00720065006c002000530065007400750070002000570069007a00610072006400000000006c00240001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390037002c00200043006f00720065006c00200043006f00720070006f0072000800000000000000
ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010002000a0001000a0002000a0001000a000000000000000000040001000100000000000000000000000000000098020000010053007400720069006e006700460069006c00650049006e0066006f0000007402000001003000340030003900300034004500340000004a001500010043006f006d00700061006e0079004e0061006d00650000000000530079006d0061006e00740065006300200043006f00720070006f0072006100740069006f006e000000000060001c000100460069006c0065004400650073006300720069007000740069006f006e0000000000530079006d0061006e007400650063002000530079006d006500760065006e007400200049006e007300740061006c006c0065007200000034000a000100460069006c006500560065007200730069006f006e0000000000310030002e0032002e00310030002e003100000030000800010049006e007400650072006e0061006c004e0061006d006500000053004500560049004e005300540000007e002d0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000530079006d0061006e00740065006300200043006f0072000100000000000000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 1402000010020000000200007c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000001000900260000000100090026003f000000000000000400000001000000000000000000000000000000dc020000010053007400720069006e006700460069006c00650049006e0066006f000000b8020000010030003400300039003000340062003000000066002700010043006f006d006d0065006e0074007300000042007500730069006e00650073007300200049006e00740065006c006c006900670065006e006300650020006f006e0020004500760065007200790020004400650073006b0074006f0070000000000048001400010043006f006d00700061006e0079004e0061006d0065000000000043006f0067006e006f007300200049006e0063006f00720070006f0072006100740065006400000060001c000100460069006c0065004400650073006300720069007000740069006f006e000000000043006f0067006e006f0073002000470065006e006500720069006300200049006e007300740061006c006c006100740069006f006e00000038000c000100460069006c006500560065007200730069006f006e000000000031002c00200030002c002000330038002c0020003900000030000800010049006e007400650072006e0061006c004e0061006d00650000000100000000000000
GlobalFlag REG_SZ 0x000010F0
ApplicationGoo REG_BINARY 140200001002000000020000a40234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000001000100000000000100010000003f00000000000000010001000100000000000000000000000000000004020000010053007400720069006e006700460069006c00650049006e0066006f000000e0010000010030003400300039003000340045003400000020000000010043006f006d00700061006e0079004e0061006d00650000000000580018000100460069006c0065004400650073006300720069007000740069006f006e000000000049004e005300540041004c004c0020004d004600430020004100700070006c00690063006100740069006f006e000000300008000100460069006c006500560065007200730069006f006e000000000031002e0030002e00300030003100000030000800010049006e007400650072006e0061006c004e0061006d006500000049004e005300540041004c004c0000002400000001004c006500670061006c0043006f00700079007200690067006800740000002800000001004c006500670061006c00540072006100640065006d00610072006b0073000000000040000c0001004f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049004e005300540041004c004c002e004500580045000000300008000800000000000000
"Notification Packages scecli

Written by Bobbi Flekman 2006 (C)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List
SOM REG_SZ Local
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List
WQL-Id REG_SZ
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-1005\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-1005\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-1005\GPLink-List
SOM REG_SZ Local
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-1005\GPO-List
WQL-Id REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-1005\Loopback-GPLink-List
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-1005\Loopback-GPO-List
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-500\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-500\GPLink-List
SOM REG_SZ Local
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-500\GPO-List
WQL-Id REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-500\Loopback-GPLink-List
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2737080713-4217204644-573995376-500\Loopback-GPO-List

Written by Bobbi Flekman 2006 (C)
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SaslProfiles
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\WDigest

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\File system]
@="Driver Group"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\RpcSs]
@="Service"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\vgasave.sys]
@="Driver"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder

!d;s/t.*t/=/;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
item REG_SZ Adobe Gamma Loader
!d;s/t.*t/=/;s/hkey.*/[&]/;/]/{x;p;x;}
path REG_SZ C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
!d;s/t.*t/=/;s/hkey.*/[&]/;/]/{x;p;x;}
backup REG_SZ C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE

!d;s/t.*t/=/;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^THOMAS DEMENTI^Start Menu^Programs^Startup^Product Registration.lnk
item REG_SZ Product Registration
!d;s/t.*t/=/;s/hkey.*/[&]/;/]/{x;p;x;}
path REG_SZ C:\Documents and Settings\THOMAS DEMENTI\Start Menu\Programs\Startup\Product Registration.lnk
!d;s/t.*t/=/;s/hkey.*/[&]/;/]/{x;p;x;}
backup REG_SZ C:\WINDOWS\pss\Product Registration.lnkStartup
location REG_SZ Startup
command REG_SZ C:\PROGRA~1\COMMON~1\Logishrd\eReg\SetPoint\eReg.exe

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ Adobe Reader Speed Launcher
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ AppleSyncNotifier
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ ccApp
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ ctfmon.exe
hkey REG_SZ HKCU
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ C:\WINDOWS\system32\ctfmon.exe
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ DSAgnt
hkey REG_SZ HKCU
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\DellSupport\DSAgnt.exe" /startup
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ tfswctrl
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ C:\WINDOWS\system32\dla\tfswctrl.exe
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ DVDLauncher
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ H/PC Connection Agent
hkey REG_SZ HKCU
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ hkcmd
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ C:\WINDOWS\system32\hkcmd.exe
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ ISUSPM Startup
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ issch
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ iTunesHelper
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ Kernel and Hardware Abstraction Layer
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ KHALMNPR.EXE
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ msmsgs
hkey REG_SZ HKCU
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ QuickTime Task
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ RealPlay
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ SunJavaUpdateSched
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ swg
hkey REG_SZ HKCU
inimapping REG_SZ 0
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ SynTPEnh
hkey REG_SZ HKLM
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
inimapping REG_SZ 0

!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ AdobeUpdateManager
hkey REG_SZ HKCU
!d;s/.*t//;s/hkey.*/[&]/;/]/{x;p;x;}
command REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
inimapping REG_SZ 0
!d;
"ERSvc"=2 (0x2)
!d;
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
!d;
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs







































Written by Bobbi Flekman 2006 (C)
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components
7,0,5730,0
*
6,0,5730,11
6,0,5730,11
1 (0x1)
2,0,0,0
EN
EN
Macromedia Shockwave Director 10.1
11,0,5721,5145
7,0,5730,0
11,0,5721,5145
DirectAnimation
Macromedia Shockwave Director 10.1
1,1,1,7
4,7,0,0320
*
1,397,2406,1
Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
6,0,2900,2180
1 (0x1)
EN
11,0,5721,5145
4,71,1113,0
7,0,5730,11
6,00,01,0223
5,6,0,8820
1 (0x1)
5,00,2918,1900
7,0,5730,11
C:\WINDOWS\system32\msieftp.dll
11,0,5721,5145
4,9,9,2
2,0,50727,0
10,0,0,1
WAB
en
en
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix
2 (0x2)
EN
1 (0x1)
7,0,5730,11

6,0,2800,2180
.NET Framework
6,0,5730,11
.NET Framework
4,71,1968,1
2,1,4026,0
EN
6,0,5730,11
5,0,00,0



-- End of Deckard's System Scanner: finished at 2008-08-09 11:59:46 ------------
Attached Files
File Type: txt extra.txt (30.0 KB, 3 views)
rath is offline