:oops:Zlob DNSchanger has taken over hii guys please help
- Thread starter sexy_ladii05
- Start date
- Status
sexy_ladii05
New member
lol srry there a new log on top of yuh lol
but here it is again
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:29, on 17/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\AIM\AIMWDInstall.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: fdkowvbp - {AE7F9E1E-0A21-46C0-91D9-01F9D1ACB887} - (no file)
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Third Mapi.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [643d5b23] rundll32.exe "C:\WINDOWS\system32\fwgvlrty.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O21 - SSODL: mZUCnvnJwQdJ - {643D5B8D-CE97-F127-8EAA-33AA7BB4B098} - C:\WINDOWS\system32\zgj.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 4918 bytes
but here it is again
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:29, on 17/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\AIM\AIMWDInstall.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: fdkowvbp - {AE7F9E1E-0A21-46C0-91D9-01F9D1ACB887} - (no file)
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Third Mapi.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [643d5b23] rundll32.exe "C:\WINDOWS\system32\fwgvlrty.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O21 - SSODL: mZUCnvnJwQdJ - {643D5B8D-CE97-F127-8EAA-33AA7BB4B098} - C:\WINDOWS\system32\zgj.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 4918 bytes
Once you post the uninstall list please do this:
Download Gmer from here:
http://www.gmer.net/gmer.zip
Unzip it to its own folder.
Disconnect from internet & shut down Antivirus to prevent conflicts.
Shut down also any other unneeded apps including any open browser windows.
The less stuff we got running the less chance of false positives in log.
Double click gmer.exe to run it.
Allow driver to install if asked (gmer.sys)
You may get a warning at program start that there is possible rootkit activity and do you want to run scan.
Say OK to run scan.
If no warning, just click "scan".
Let the scan finish.
Once done press "save"
In the new window that pops up, give the log a name and save it someplace handy.
Press save.
Re-enable your antivirus, re-connect to internet & post that log here
Let me know if Gmer gives any problems.
Thanks
**
I have to head out for a couple hours. I'll be back tho ok?
Mom needs me for a bit.
Download Gmer from here:
http://www.gmer.net/gmer.zip
Unzip it to its own folder.
Disconnect from internet & shut down Antivirus to prevent conflicts.
Shut down also any other unneeded apps including any open browser windows.
The less stuff we got running the less chance of false positives in log.
Double click gmer.exe to run it.
Allow driver to install if asked (gmer.sys)
You may get a warning at program start that there is possible rootkit activity and do you want to run scan.
Say OK to run scan.
If no warning, just click "scan".
Let the scan finish.
Once done press "save"
In the new window that pops up, give the log a name and save it someplace handy.
Press save.
Re-enable your antivirus, re-connect to internet & post that log here
Let me know if Gmer gives any problems.
Thanks
**
I have to head out for a couple hours. I'll be back tho ok?
Mom needs me for a bit.
sexy_ladii05
New member
i dont think my computer likes me i click save list then the program shuts down should i try 2 run program under safe mde
sexy_ladii05
New member
the second part on the other 1
---- System - GMER 1.0.14 ----
SSDT spvr.sys ZwCreateKey [0xF9A110E0]
SSDT spvr.sys ZwEnumerateKey [0xF9A2FCA2]
SSDT spvr.sys ZwEnumerateValueKey [0xF9A30030]
SSDT spvr.sys ZwOpenKey [0xF9A110C0]
SSDT spvr.sys ZwQueryKey [0xF9A30108]
SSDT spvr.sys ZwQueryValueKey [0xF9A2FF88]
SSDT spvr.sys ZwSetValueKey [0xF9A3019A]
INT 0x3A ? 826E2BF8
INT 0x3E ? 82774BF8
INT 0x3F ? 82774BF8
---- Kernel code sections - GMER 1.0.14 ----
? spvr.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F97AF62C 5 Bytes JMP 826E21D8
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 827792D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F9A42C4C] spvr.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9A42CA0] spvr.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9A12040] spvr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F9A1213C] spvr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F9A120BE] spvr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F9A127FC] spvr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F9A126D2] spvr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9A22048] spvr.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 826E22D8
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Fastfat \FatCdrom 827721F8
Device \Driver\usbuhci \Device\USBPDO-0 826E11F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 827751F8
Device \Driver\dmio \Device\DmControl\DmConfig 827751F8
Device \Driver\dmio \Device\DmControl\DmPnP 827751F8
Device \Driver\dmio \Device\DmControl\DmInfo 827751F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 827761F8
Device \Driver\Cdrom \Device\CdRom0 8272F1F8
Device \Driver\Cdrom \Device\CdRom1 8272F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 827741F8
Device \Driver\atapi \Device\Ide\IdePort0 827741F8
Device \Driver\atapi \Device\Ide\IdePort1 827741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 827741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 827741F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 826391F8
Device \Driver\NetBT \Device\NetbiosSmb 826391F8
Device \Driver\usbuhci \Device\USBFDO-0 826E11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 826311F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 826311F8
Device \Driver\Ftdisk \Device\FtControl 827761F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2F13C5B1-BB9C-4EC3-AD9B-C44E0106AD62} 826391F8
Device \FileSystem\Fastfat \Fat 827721F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 823BF1F8
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAB 0xEE 0x03 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x87 0x4E 0x37 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAB 0xEE 0x03 0xDC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x87 0x4E 0x37 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs ttdewk.dll,vuwofs.dll,jouuki.dll nlrybv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\.7z@ WinRAR
Reg HKLM\SOFTWARE\Classes\.ace@ WinRAR
Reg HKLM\SOFTWARE\Classes\.aim@ .aim
Reg HKLM\SOFTWARE\Classes\.aim@Content Type application/x-aim
Reg HKLM\SOFTWARE\Classes\.amo@ amofile
Reg HKLM\SOFTWARE\Classes\.amo@Content Type application/x-aim+amo
Reg HKLM\SOFTWARE\Classes\.amo@ContentType application/x-amo
Reg HKLM\SOFTWARE\Classes\.arj@ WinRAR
Reg HKLM\SOFTWARE\Classes\.blt@ bltfile
Reg HKLM\SOFTWARE\Classes\.blt@ContentType application/x-blt
Reg HKLM\SOFTWARE\Classes\.bz@ WinRAR
Reg HKLM\SOFTWARE\Classes\.bz2@ WinRAR
Reg HKLM\SOFTWARE\Classes\.cab@ WinRAR
Reg HKLM\SOFTWARE\Classes\.cdf@ ChannelFile
Reg HKLM\SOFTWARE\Classes\.cdf@Content Type application/x-cdf
Reg HKLM\SOFTWARE\Classes\.disabled@ SpybotSD.DisabledFile
Reg HKLM\SOFTWARE\Classes\.eps@Content Type application/postscript
Reg HKLM\SOFTWARE\Classes\.eps\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.eps\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.gz@ WinRAR
Reg HKLM\SOFTWARE\Classes\.hqx@Content Type application/mac-binhex40
Reg HKLM\SOFTWARE\Classes\.hqx\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.hqx\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.iso@ WinRAR
Reg HKLM\SOFTWARE\Classes\.jar@ WinRAR
Reg HKLM\SOFTWARE\Classes\.lha@ WinRAR
Reg HKLM\SOFTWARE\Classes\.lzh@ WinRAR
Reg HKLM\SOFTWARE\Classes\.ocp@ AOL.ocpcontrol
Reg HKLM\SOFTWARE\Classes\.ocp@Content Type text/ocp
Reg HKLM\SOFTWARE\Classes\.pic\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.pic\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.prf@ prffile
Reg HKLM\SOFTWARE\Classes\.prf@Content Type application/pics-rules
Reg HKLM\SOFTWARE\Classes\.r00@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r01@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r02@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r03@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r04@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r05@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r06@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r07@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r08@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r09@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r10@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r11@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r12@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r13@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r14@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r15@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r16@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r17@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r18@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r19@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r20@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r21@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r22@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r23@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r24@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r25@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r26@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r27@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r28@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r29@ WinRAR
Reg HKLM\SOFTWARE\Classes\.rar@ WinRAR
Reg HKLM\SOFTWARE\Classes\.rar\ShellNew
Reg HKLM\SOFTWARE\Classes\.rar\ShellNew@FileName C:\Program Files\WinRAR\rarnew.dat
Reg HKLM\SOFTWARE\Classes\.rev@ WinRAR.REV
Reg HKLM\SOFTWARE\Classes\.sbe@ SpybotSD.SBEFile
Reg HKLM\SOFTWARE\Classes\.sbi@ SpybotSD.SBIFile
Reg HKLM\SOFTWARE\Classes\.sbs@ SpybotSD.SBSFile
Reg HKLM\SOFTWARE\Classes\.tar@ WinRAR
Reg HKLM\SOFTWARE\Classes\.taz@ WinRAR
Reg HKLM\SOFTWARE\Classes\.tbz@ WinRAR
Reg HKLM\SOFTWARE\Classes\.tbz2@ WinRAR
Reg HKLM\SOFTWARE\Classes\.tgz@ WinRAR
Reg HKLM\SOFTWARE\Classes\.tif\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.tif\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.tiff\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.tiff\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.tnfo@ SpybotSD.TInfoFile
Reg HKLM\SOFTWARE\Classes\.uti@ SpybotSD.UTIFile
Reg HKLM\SOFTWARE\Classes\.uts@ SpybotSD.UTSFile
Reg HKLM\SOFTWARE\Classes\.uu@ WinRAR
Reg HKLM\SOFTWARE\Classes\.uue@ WinRAR
Reg HKLM\SOFTWARE\Classes\.xml@ xmlfile
Reg HKLM\SOFTWARE\Classes\.xml@Content Type text/xml
Reg HKLM\SOFTWARE\Classes\.xml\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.xml\OpenWithProgIds@Opera.HTML
Reg HKLM\SOFTWARE\Classes\.xsl@ xslfile
Reg HKLM\SOFTWARE\Classes\.xsl@Content Type text/xml
Reg HKLM\SOFTWARE\Classes\.xxe@ WinRAR
Reg HKLM\SOFTWARE\Classes\.z@ WinRAR
Reg HKLM\SOFTWARE\Classes\aAvgAPI.AvgBro@ AvgBro Object
Reg HKLM\SOFTWARE\Classes\aAvgAPI.AvgBro\Clsid
Reg HKLM\SOFTWARE\Classes\aAvgAPI.AvgBro\Clsid@ {18B30EBF-6B58-425E-AC54-831C05D91B5A}
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr@ ActionBvr Class
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr\CurVer@ ActionBvr.ActionBvr.1
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1@ ActionBvr Class
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1\CLSID@ {58A2E406-8304-11D2-9533-0060b0C3C4F4}
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr@ ActorBvr Class
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr\CurVer@ ActorBvr.ActorBvr.1
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1@ ActorBvr Class
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1\CLSID@ {6DDE3061-736C-11D2-A5E8-00A0C967A25F}
Reg HKLM\SOFTWARE\Classes\aim@ URL: AOL Instant Messenger Protocol
Reg HKLM\SOFTWARE\Classes\aim@URL Protocol
Reg HKLM\SOFTWARE\Classes\aim\shell
Reg HKLM\SOFTWARE\Classes\aim\shell\open
Reg HKLM\SOFTWARE\Classes\aim\shell\open\command
Reg HKLM\SOFTWARE\Classes\aim\shell\open\command@ "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp %1
Reg HKLM\SOFTWARE\Classes\amofile@ AIM Module Plugin
Reg HKLM\SOFTWARE\Classes\amofile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\amofile\DefaultIcon@ C:\Program Files\AIM6\services\imApp\ver6_8_10_1\resources\en-US\amo.ico
Reg HKLM\SOFTWARE\Classes\amofile\shell
Reg HKLM\SOFTWARE\Classes\amofile\shell\open
Reg HKLM\SOFTWARE\Classes\amofile\shell\open\command
Reg HKLM\SOFTWARE\Classes\amofile\shell\open\command@ "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp "%1"
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim@ EEActiveXShim Class
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim\CLSID
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim\CLSID@ {9DD15EDF-E5A6-46ac-A44F-1D5D52109C8C}
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim\CurVer
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim\CurVer@ AOL.EEActiveXShim.1
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim.1@ EEActiveXShim Class
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim.1\CLSID@ {9DD15EDF-E5A6-46ac-A44F-1D5D52109C8C}
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol@ OcpDocHandler Class
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol\CLSID
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol\CLSID@ {E3120548-905E-4431-8590-614ABED7F315}
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol\CurVer
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol\CurVer@ AOL.ocpcontrol.1
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol.1@ OcpDocHandler Class
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol.1\CLSID@ {E3120548-905E-4431-8590-614ABED7F315}
Reg HKLM\SOFTWARE\Classes\AOLEE.EESvcMgrGate.1@
Reg HKLM\SOFTWARE\Classes\AOLEE.EESvcMgrGate.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLEE.EESvcMgrGate.1\CLSID@ {10AF3945-2E81-4C59-AF6E-B8B428E34074}
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook@ AOLSearchHook Class
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook\CLSID
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook\CLSID@ {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook\CurVer
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook\CurVer@ AOLSearch.AOLSearchHook.1
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook.1@ AOLSearchHook Class
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook.1\CLSID@ {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch@ AOLTBSearch Class
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch\CLSID@ {EA756889-2338-43DB-8F07-D1CA6FB9C90D}
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch\CurVer
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch\CurVer@ AOLTB.AOLTBSearch.1
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch.1@ AOLTBSearch Class
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch.1\CLSID@ {EA756889-2338-43DB-8F07-D1CA6FB9C90D}
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand@ AOLToolBand Class
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand\CLSID@ {DE9C389F-3316-41A7-809B-AA305ED9D922}
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand\CurVer
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand\CurVer@ AOLTB.AOLToolBand.1
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand.1@ AOLToolBand Class
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand.1\CLSID@ {DE9C389F-3316-41A7-809B-AA305ED9D922}
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader@ Downloader Class
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader\CLSID@ {DEE471AA-AD6C-4B87-A0AC-0D3361185523}
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader\CurVer
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader\CurVer@ AOLTB.Downloader.1
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader.1@ Downloader Class
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader.1\CLSID@ {DEE471AA-AD6C-4B87-A0AC-0D3361185523}
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams@ ToolbarParams Class
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams\CLSID@ {63610B21-6B0D-46C5-909D-3BD000B9A5A9}
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams\CurVer
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams\CurVer@ AOLTB.ToolbarParams.1
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams.1@ ToolbarParams Class
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams.1\CLSID@ {63610B21-6B0D-46C5-909D-3BD000B9A5A9}
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper@ AolToolbarHelper Class
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper\CLSID
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper\CLSID@ {7DD783A7-DF05-4D9E-AC2E-6A71A0704E1D}
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper\CurVer
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper\CurVer@ AolTbServer.AolToolbarHelper.1
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper.1@ AolToolbarHelper Class
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper.1\CLSID@ {7DD783A7-DF05-4D9E-AC2E-6A71A0704E1D}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control@ ActiveScan 2.0 Control Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control\CLSID@ {9cab0a33-96f5-428d-9123-2333f2479aa2}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control\CurVer
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control\CurVer@ AS2StubIE.Control.1
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control.1@ ActiveScan 2.0 Control Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control.1\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control.1\CLSID@ {9cab0a33-96f5-428d-9123-2333f2479aa2}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller@ ActiveScan 2.0 InnerInstaller Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller\CLSID@ {bdc09965-f837-4dbc-8128-03f0cc0a8802}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller\CurVer
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller\CurVer@ AS2StubIE.InnerInstaller.1
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller.1@ ActiveScan 2.0 InnerInstaller Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller.1\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller.1\CLSID@ {bdc09965-f837-4dbc-8128-03f0cc0a8802}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer@ ActiveScan 2.0 Installer Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer\CLSID@ {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer\CurVer
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer\CurVer@ AS2StubIE.Installer.3
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer.3@ ActiveScan 2.0 Installer Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer.3\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer.3\CLSID@ {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8}
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin@ Ask Toolbar Settings Plugin
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin\CLSID
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin\CLSID@ {F0D4B23B-DA4B-4daf-81E4-DFEE4931A4AA}
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin\CurVer
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin\CurVer@ AskSBar.SettingsPlugin.1
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin.1@ Ask Toolbar Settings Plugin
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin.1\CLSID
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin.1\CLSID@ {F0D4B23B-DA4B-4daf-81E4-DFEE4931A4AA}
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin@ Ask Toolbar Plugin
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin\CLSID
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin\CLSID@ {B15FD82E-85BC-430d-90CB-65DB1B030510}
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin\CurVer
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin\CurVer@ AskSBar.ToolbarPlugin.1
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin.1@ Ask Toolbar Plugin
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin.1\CLSID
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin.1\CLSID@ {B15FD82E-85BC-430d-90CB-65DB1B030510}
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel@ Avg Kernel Class
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel\CLSID
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel\CLSID@ {41564737-3200-1071-989B-0000E87B4FB1}
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel\CurVer
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel\CurVer@ AVG.AvgKernel.7
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel.7@ Avg Kernel Class
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel.7\CLSID
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel.7\CLSID@ {41564737-3200-1071-989B-0000E87B4FB1}
Reg HKLM\SOFTWARE\Classes\AVG.Office@ AVG plugin for the Microsoft Office
Reg HKLM\SOFTWARE\Classes\AVG.Office\CLSID
Reg HKLM\SOFTWARE\Classes\AVG.Office\CLSID@ {04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
Reg HKLM\SOFTWARE\Classes\AVG.Office\CurVer
Reg HKLM\SOFTWARE\Classes\AVG.Office\CurVer@ AVG.Office.8
Reg HKLM\SOFTWARE\Classes\AVG.Office.8@ AVG plugin for the Microsoft Office
Reg HKLM\SOFTWARE\Classes\AVG.Office.8\CLSID
Reg HKLM\SOFTWARE\Classes\AVG.Office.8\CLSID@ {04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
Reg HKLM\SOFTWARE\Classes\bltfile@ AIM Buddy List File
Reg HKLM\SOFTWARE\Classes\bltfile\shell
Reg HKLM\SOFTWARE\Classes\bltfile\shell\open
Reg HKLM\SOFTWARE\Classes\bltfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\bltfile\shell\open\command@ "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp "%1"
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM@ BrowseWM Class
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM\CLSID
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM\CLSID@ {8610e1b4-57c3-441b-9821-c81c51c3ac08}
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM\CurVer
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM\CurVer@ Browse.BrowseWM.1
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM.1@ BrowseWM Class
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM.1\CLSID
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM.1\CLSID@ {8610e1b4-57c3-441b-9821-c81c51c3ac08}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute@ Attribute Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute\CLSID@ {54BA1E8F-818D-407F-949D-BAE1692C5C18}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute\CurVer@ CAPICOM.Attribute.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute.1@ Attribute Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute.1\CLSID@ {54BA1E8F-818D-407F-949D-BAE1692C5C18}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate@ Certificate Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate\CLSID@ {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate\CurVer@ CAPICOM.Certificate.3
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.1@ Certificate Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.1\CLSID@ {E38FD381-6404-4041-B5E9-B2739258941F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.2@ Certificate Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.2\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.2\CLSID@ {E38FD381-6404-4041-B5E9-B2739258941F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.3@ Certificate Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.3\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.3\CLSID@ {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates@ Certificates Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates\CLSID@ {3605B612-C3CF-4ab4-A426-2D853391DB2E}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates\CurVer@ CAPICOM.Certificates.4
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.1@ Certificates Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.1\CLSID@ {FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.2@ Certificates Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.2\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.2\CLSID@ {FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.3@ Certificates Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.3\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.3\CLSID@ {17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.4@ Certificates Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.4\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.4\CLSID@ {3605B612-C3CF-4ab4-A426-2D853391DB2E}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain@ Chain Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain\CLSID@ {550C8FFB-4DC0-4756-828C-862E6D0AE74F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain\CurVer@ CAPICOM.Chain.3
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.1@ Chain Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.1\CLSID@ {65104D73-BA60-4160-A95A-4B4782E7AA62}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.2@ Chain Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.2\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.2\CLSID@ {65104D73-BA60-4160-A95A-4B4782E7AA62}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.3@ Chain Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.3\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.3\CLSID@ {550C8FFB-4DC0-4756-828C-862E6D0AE74F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData@ EncryptedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData\CLSID@ {A440BD76-CFE1-4D46-AB1F-15F238437A3D}
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData\CurVer@ CAPICOM.EncryptedData.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData.1@ EncryptedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData.1\CLSID@ {A440BD76-CFE1-4D46-AB1F-15F238437A3D}
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData@ EnvelopedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData\CLSID@ {F3A12E08-EDE9-4160-8B51-334D982A9AD0}
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData\CurVer@ CAPICOM.EnvelopedData.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData.1@ EnvelopedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData.1\CLSID@ {F3A12E08-EDE9-4160-8B51-334D982A9AD0}
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty@ ExtendedProperty Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty\CLSID@ {9E7EA907-5810-4FCA-B817-CD0BBA8496FC}
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty\CurVer@ CAPICOM.ExtendedProperty.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty.1@ ExtendedProperty Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty.1\CLSID@ {9E7EA907-5810-4FCA-B817-CD0BBA8496FC}
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData@ HashedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData\CLSID@ {CE32ABF6-475D-41F6-BF82-D27F03E3D38B}
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData\CurVer@ CAPICOM.HashedData.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData.1@ HashedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData.1\CLSID@ {CE32ABF6-475D-41F6-BF82-D27F03E3D38B}
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID@ OID Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID\CLSID@ {7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID\CurVer@ CAPICOM.OID.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID.1@ OID Class
---- System - GMER 1.0.14 ----
SSDT spvr.sys ZwCreateKey [0xF9A110E0]
SSDT spvr.sys ZwEnumerateKey [0xF9A2FCA2]
SSDT spvr.sys ZwEnumerateValueKey [0xF9A30030]
SSDT spvr.sys ZwOpenKey [0xF9A110C0]
SSDT spvr.sys ZwQueryKey [0xF9A30108]
SSDT spvr.sys ZwQueryValueKey [0xF9A2FF88]
SSDT spvr.sys ZwSetValueKey [0xF9A3019A]
INT 0x3A ? 826E2BF8
INT 0x3E ? 82774BF8
INT 0x3F ? 82774BF8
---- Kernel code sections - GMER 1.0.14 ----
? spvr.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F97AF62C 5 Bytes JMP 826E21D8
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 827792D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F9A42C4C] spvr.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9A42CA0] spvr.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9A12040] spvr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F9A1213C] spvr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F9A120BE] spvr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F9A127FC] spvr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F9A126D2] spvr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9A22048] spvr.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 826E22D8
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Fastfat \FatCdrom 827721F8
Device \Driver\usbuhci \Device\USBPDO-0 826E11F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 827751F8
Device \Driver\dmio \Device\DmControl\DmConfig 827751F8
Device \Driver\dmio \Device\DmControl\DmPnP 827751F8
Device \Driver\dmio \Device\DmControl\DmInfo 827751F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 827761F8
Device \Driver\Cdrom \Device\CdRom0 8272F1F8
Device \Driver\Cdrom \Device\CdRom1 8272F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 827741F8
Device \Driver\atapi \Device\Ide\IdePort0 827741F8
Device \Driver\atapi \Device\Ide\IdePort1 827741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 827741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 827741F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 826391F8
Device \Driver\NetBT \Device\NetbiosSmb 826391F8
Device \Driver\usbuhci \Device\USBFDO-0 826E11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 826311F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 826311F8
Device \Driver\Ftdisk \Device\FtControl 827761F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2F13C5B1-BB9C-4EC3-AD9B-C44E0106AD62} 826391F8
Device \FileSystem\Fastfat \Fat 827721F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 823BF1F8
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAB 0xEE 0x03 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x87 0x4E 0x37 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAB 0xEE 0x03 0xDC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x87 0x4E 0x37 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs ttdewk.dll,vuwofs.dll,jouuki.dll nlrybv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\.7z@ WinRAR
Reg HKLM\SOFTWARE\Classes\.ace@ WinRAR
Reg HKLM\SOFTWARE\Classes\.aim@ .aim
Reg HKLM\SOFTWARE\Classes\.aim@Content Type application/x-aim
Reg HKLM\SOFTWARE\Classes\.amo@ amofile
Reg HKLM\SOFTWARE\Classes\.amo@Content Type application/x-aim+amo
Reg HKLM\SOFTWARE\Classes\.amo@ContentType application/x-amo
Reg HKLM\SOFTWARE\Classes\.arj@ WinRAR
Reg HKLM\SOFTWARE\Classes\.blt@ bltfile
Reg HKLM\SOFTWARE\Classes\.blt@ContentType application/x-blt
Reg HKLM\SOFTWARE\Classes\.bz@ WinRAR
Reg HKLM\SOFTWARE\Classes\.bz2@ WinRAR
Reg HKLM\SOFTWARE\Classes\.cab@ WinRAR
Reg HKLM\SOFTWARE\Classes\.cdf@ ChannelFile
Reg HKLM\SOFTWARE\Classes\.cdf@Content Type application/x-cdf
Reg HKLM\SOFTWARE\Classes\.disabled@ SpybotSD.DisabledFile
Reg HKLM\SOFTWARE\Classes\.eps@Content Type application/postscript
Reg HKLM\SOFTWARE\Classes\.eps\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.eps\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.gz@ WinRAR
Reg HKLM\SOFTWARE\Classes\.hqx@Content Type application/mac-binhex40
Reg HKLM\SOFTWARE\Classes\.hqx\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.hqx\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.iso@ WinRAR
Reg HKLM\SOFTWARE\Classes\.jar@ WinRAR
Reg HKLM\SOFTWARE\Classes\.lha@ WinRAR
Reg HKLM\SOFTWARE\Classes\.lzh@ WinRAR
Reg HKLM\SOFTWARE\Classes\.ocp@ AOL.ocpcontrol
Reg HKLM\SOFTWARE\Classes\.ocp@Content Type text/ocp
Reg HKLM\SOFTWARE\Classes\.pic\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.pic\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.prf@ prffile
Reg HKLM\SOFTWARE\Classes\.prf@Content Type application/pics-rules
Reg HKLM\SOFTWARE\Classes\.r00@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r01@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r02@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r03@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r04@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r05@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r06@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r07@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r08@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r09@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r10@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r11@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r12@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r13@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r14@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r15@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r16@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r17@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r18@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r19@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r20@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r21@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r22@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r23@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r24@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r25@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r26@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r27@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r28@ WinRAR
Reg HKLM\SOFTWARE\Classes\.r29@ WinRAR
Reg HKLM\SOFTWARE\Classes\.rar@ WinRAR
Reg HKLM\SOFTWARE\Classes\.rar\ShellNew
Reg HKLM\SOFTWARE\Classes\.rar\ShellNew@FileName C:\Program Files\WinRAR\rarnew.dat
Reg HKLM\SOFTWARE\Classes\.rev@ WinRAR.REV
Reg HKLM\SOFTWARE\Classes\.sbe@ SpybotSD.SBEFile
Reg HKLM\SOFTWARE\Classes\.sbi@ SpybotSD.SBIFile
Reg HKLM\SOFTWARE\Classes\.sbs@ SpybotSD.SBSFile
Reg HKLM\SOFTWARE\Classes\.tar@ WinRAR
Reg HKLM\SOFTWARE\Classes\.taz@ WinRAR
Reg HKLM\SOFTWARE\Classes\.tbz@ WinRAR
Reg HKLM\SOFTWARE\Classes\.tbz2@ WinRAR
Reg HKLM\SOFTWARE\Classes\.tgz@ WinRAR
Reg HKLM\SOFTWARE\Classes\.tif\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.tif\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.tiff\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.tiff\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.tnfo@ SpybotSD.TInfoFile
Reg HKLM\SOFTWARE\Classes\.uti@ SpybotSD.UTIFile
Reg HKLM\SOFTWARE\Classes\.uts@ SpybotSD.UTSFile
Reg HKLM\SOFTWARE\Classes\.uu@ WinRAR
Reg HKLM\SOFTWARE\Classes\.uue@ WinRAR
Reg HKLM\SOFTWARE\Classes\.xml@ xmlfile
Reg HKLM\SOFTWARE\Classes\.xml@Content Type text/xml
Reg HKLM\SOFTWARE\Classes\.xml\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.xml\OpenWithProgIds@Opera.HTML
Reg HKLM\SOFTWARE\Classes\.xsl@ xslfile
Reg HKLM\SOFTWARE\Classes\.xsl@Content Type text/xml
Reg HKLM\SOFTWARE\Classes\.xxe@ WinRAR
Reg HKLM\SOFTWARE\Classes\.z@ WinRAR
Reg HKLM\SOFTWARE\Classes\aAvgAPI.AvgBro@ AvgBro Object
Reg HKLM\SOFTWARE\Classes\aAvgAPI.AvgBro\Clsid
Reg HKLM\SOFTWARE\Classes\aAvgAPI.AvgBro\Clsid@ {18B30EBF-6B58-425E-AC54-831C05D91B5A}
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr@ ActionBvr Class
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr\CurVer@ ActionBvr.ActionBvr.1
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1@ ActionBvr Class
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1\CLSID@ {58A2E406-8304-11D2-9533-0060b0C3C4F4}
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr@ ActorBvr Class
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr\CurVer@ ActorBvr.ActorBvr.1
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1@ ActorBvr Class
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1\CLSID@ {6DDE3061-736C-11D2-A5E8-00A0C967A25F}
Reg HKLM\SOFTWARE\Classes\aim@ URL: AOL Instant Messenger Protocol
Reg HKLM\SOFTWARE\Classes\aim@URL Protocol
Reg HKLM\SOFTWARE\Classes\aim\shell
Reg HKLM\SOFTWARE\Classes\aim\shell\open
Reg HKLM\SOFTWARE\Classes\aim\shell\open\command
Reg HKLM\SOFTWARE\Classes\aim\shell\open\command@ "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp %1
Reg HKLM\SOFTWARE\Classes\amofile@ AIM Module Plugin
Reg HKLM\SOFTWARE\Classes\amofile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\amofile\DefaultIcon@ C:\Program Files\AIM6\services\imApp\ver6_8_10_1\resources\en-US\amo.ico
Reg HKLM\SOFTWARE\Classes\amofile\shell
Reg HKLM\SOFTWARE\Classes\amofile\shell\open
Reg HKLM\SOFTWARE\Classes\amofile\shell\open\command
Reg HKLM\SOFTWARE\Classes\amofile\shell\open\command@ "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp "%1"
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim@ EEActiveXShim Class
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim\CLSID
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim\CLSID@ {9DD15EDF-E5A6-46ac-A44F-1D5D52109C8C}
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim\CurVer
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim\CurVer@ AOL.EEActiveXShim.1
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim.1@ EEActiveXShim Class
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOL.EEActiveXShim.1\CLSID@ {9DD15EDF-E5A6-46ac-A44F-1D5D52109C8C}
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol@ OcpDocHandler Class
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol\CLSID
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol\CLSID@ {E3120548-905E-4431-8590-614ABED7F315}
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol\CurVer
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol\CurVer@ AOL.ocpcontrol.1
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol.1@ OcpDocHandler Class
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOL.ocpcontrol.1\CLSID@ {E3120548-905E-4431-8590-614ABED7F315}
Reg HKLM\SOFTWARE\Classes\AOLEE.EESvcMgrGate.1@
Reg HKLM\SOFTWARE\Classes\AOLEE.EESvcMgrGate.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLEE.EESvcMgrGate.1\CLSID@ {10AF3945-2E81-4C59-AF6E-B8B428E34074}
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook@ AOLSearchHook Class
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook\CLSID
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook\CLSID@ {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook\CurVer
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook\CurVer@ AOLSearch.AOLSearchHook.1
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook.1@ AOLSearchHook Class
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLSearch.AOLSearchHook.1\CLSID@ {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch@ AOLTBSearch Class
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch\CLSID@ {EA756889-2338-43DB-8F07-D1CA6FB9C90D}
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch\CurVer
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch\CurVer@ AOLTB.AOLTBSearch.1
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch.1@ AOLTBSearch Class
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLTBSearch.1\CLSID@ {EA756889-2338-43DB-8F07-D1CA6FB9C90D}
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand@ AOLToolBand Class
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand\CLSID@ {DE9C389F-3316-41A7-809B-AA305ED9D922}
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand\CurVer
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand\CurVer@ AOLTB.AOLToolBand.1
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand.1@ AOLToolBand Class
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.AOLToolBand.1\CLSID@ {DE9C389F-3316-41A7-809B-AA305ED9D922}
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader@ Downloader Class
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader\CLSID@ {DEE471AA-AD6C-4B87-A0AC-0D3361185523}
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader\CurVer
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader\CurVer@ AOLTB.Downloader.1
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader.1@ Downloader Class
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.Downloader.1\CLSID@ {DEE471AA-AD6C-4B87-A0AC-0D3361185523}
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams@ ToolbarParams Class
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams\CLSID@ {63610B21-6B0D-46C5-909D-3BD000B9A5A9}
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams\CurVer
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams\CurVer@ AOLTB.ToolbarParams.1
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams.1@ ToolbarParams Class
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams.1\CLSID
Reg HKLM\SOFTWARE\Classes\AOLTB.ToolbarParams.1\CLSID@ {63610B21-6B0D-46C5-909D-3BD000B9A5A9}
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper@ AolToolbarHelper Class
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper\CLSID
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper\CLSID@ {7DD783A7-DF05-4D9E-AC2E-6A71A0704E1D}
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper\CurVer
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper\CurVer@ AolTbServer.AolToolbarHelper.1
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper.1@ AolToolbarHelper Class
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\AolTbServer.AolToolbarHelper.1\CLSID@ {7DD783A7-DF05-4D9E-AC2E-6A71A0704E1D}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control@ ActiveScan 2.0 Control Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control\CLSID@ {9cab0a33-96f5-428d-9123-2333f2479aa2}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control\CurVer
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control\CurVer@ AS2StubIE.Control.1
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control.1@ ActiveScan 2.0 Control Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control.1\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Control.1\CLSID@ {9cab0a33-96f5-428d-9123-2333f2479aa2}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller@ ActiveScan 2.0 InnerInstaller Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller\CLSID@ {bdc09965-f837-4dbc-8128-03f0cc0a8802}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller\CurVer
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller\CurVer@ AS2StubIE.InnerInstaller.1
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller.1@ ActiveScan 2.0 InnerInstaller Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller.1\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.InnerInstaller.1\CLSID@ {bdc09965-f837-4dbc-8128-03f0cc0a8802}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer@ ActiveScan 2.0 Installer Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer\CLSID@ {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8}
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer\CurVer
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer\CurVer@ AS2StubIE.Installer.3
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer.3@ ActiveScan 2.0 Installer Class
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer.3\CLSID
Reg HKLM\SOFTWARE\Classes\AS2StubIE.Installer.3\CLSID@ {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8}
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin@ Ask Toolbar Settings Plugin
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin\CLSID
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin\CLSID@ {F0D4B23B-DA4B-4daf-81E4-DFEE4931A4AA}
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin\CurVer
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin\CurVer@ AskSBar.SettingsPlugin.1
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin.1@ Ask Toolbar Settings Plugin
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin.1\CLSID
Reg HKLM\SOFTWARE\Classes\AskSBar.SettingsPlugin.1\CLSID@ {F0D4B23B-DA4B-4daf-81E4-DFEE4931A4AA}
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin@ Ask Toolbar Plugin
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin\CLSID
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin\CLSID@ {B15FD82E-85BC-430d-90CB-65DB1B030510}
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin\CurVer
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin\CurVer@ AskSBar.ToolbarPlugin.1
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin.1@ Ask Toolbar Plugin
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin.1\CLSID
Reg HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin.1\CLSID@ {B15FD82E-85BC-430d-90CB-65DB1B030510}
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel@ Avg Kernel Class
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel\CLSID
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel\CLSID@ {41564737-3200-1071-989B-0000E87B4FB1}
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel\CurVer
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel\CurVer@ AVG.AvgKernel.7
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel.7@ Avg Kernel Class
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel.7\CLSID
Reg HKLM\SOFTWARE\Classes\AVG.AvgKernel.7\CLSID@ {41564737-3200-1071-989B-0000E87B4FB1}
Reg HKLM\SOFTWARE\Classes\AVG.Office@ AVG plugin for the Microsoft Office
Reg HKLM\SOFTWARE\Classes\AVG.Office\CLSID
Reg HKLM\SOFTWARE\Classes\AVG.Office\CLSID@ {04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
Reg HKLM\SOFTWARE\Classes\AVG.Office\CurVer
Reg HKLM\SOFTWARE\Classes\AVG.Office\CurVer@ AVG.Office.8
Reg HKLM\SOFTWARE\Classes\AVG.Office.8@ AVG plugin for the Microsoft Office
Reg HKLM\SOFTWARE\Classes\AVG.Office.8\CLSID
Reg HKLM\SOFTWARE\Classes\AVG.Office.8\CLSID@ {04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
Reg HKLM\SOFTWARE\Classes\bltfile@ AIM Buddy List File
Reg HKLM\SOFTWARE\Classes\bltfile\shell
Reg HKLM\SOFTWARE\Classes\bltfile\shell\open
Reg HKLM\SOFTWARE\Classes\bltfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\bltfile\shell\open\command@ "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp "%1"
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM@ BrowseWM Class
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM\CLSID
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM\CLSID@ {8610e1b4-57c3-441b-9821-c81c51c3ac08}
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM\CurVer
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM\CurVer@ Browse.BrowseWM.1
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM.1@ BrowseWM Class
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM.1\CLSID
Reg HKLM\SOFTWARE\Classes\Browse.BrowseWM.1\CLSID@ {8610e1b4-57c3-441b-9821-c81c51c3ac08}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute@ Attribute Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute\CLSID@ {54BA1E8F-818D-407F-949D-BAE1692C5C18}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute\CurVer@ CAPICOM.Attribute.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute.1@ Attribute Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Attribute.1\CLSID@ {54BA1E8F-818D-407F-949D-BAE1692C5C18}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate@ Certificate Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate\CLSID@ {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate\CurVer@ CAPICOM.Certificate.3
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.1@ Certificate Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.1\CLSID@ {E38FD381-6404-4041-B5E9-B2739258941F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.2@ Certificate Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.2\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.2\CLSID@ {E38FD381-6404-4041-B5E9-B2739258941F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.3@ Certificate Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.3\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificate.3\CLSID@ {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates@ Certificates Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates\CLSID@ {3605B612-C3CF-4ab4-A426-2D853391DB2E}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates\CurVer@ CAPICOM.Certificates.4
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.1@ Certificates Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.1\CLSID@ {FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.2@ Certificates Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.2\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.2\CLSID@ {FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.3@ Certificates Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.3\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.3\CLSID@ {17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.4@ Certificates Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.4\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Certificates.4\CLSID@ {3605B612-C3CF-4ab4-A426-2D853391DB2E}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain@ Chain Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain\CLSID@ {550C8FFB-4DC0-4756-828C-862E6D0AE74F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain\CurVer@ CAPICOM.Chain.3
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.1@ Chain Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.1\CLSID@ {65104D73-BA60-4160-A95A-4B4782E7AA62}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.2@ Chain Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.2\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.2\CLSID@ {65104D73-BA60-4160-A95A-4B4782E7AA62}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.3@ Chain Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.3\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Chain.3\CLSID@ {550C8FFB-4DC0-4756-828C-862E6D0AE74F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData@ EncryptedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData\CLSID@ {A440BD76-CFE1-4D46-AB1F-15F238437A3D}
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData\CurVer@ CAPICOM.EncryptedData.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData.1@ EncryptedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.EncryptedData.1\CLSID@ {A440BD76-CFE1-4D46-AB1F-15F238437A3D}
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData@ EnvelopedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData\CLSID@ {F3A12E08-EDE9-4160-8B51-334D982A9AD0}
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData\CurVer@ CAPICOM.EnvelopedData.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData.1@ EnvelopedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.EnvelopedData.1\CLSID@ {F3A12E08-EDE9-4160-8B51-334D982A9AD0}
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty@ ExtendedProperty Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty\CLSID@ {9E7EA907-5810-4FCA-B817-CD0BBA8496FC}
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty\CurVer@ CAPICOM.ExtendedProperty.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty.1@ ExtendedProperty Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.ExtendedProperty.1\CLSID@ {9E7EA907-5810-4FCA-B817-CD0BBA8496FC}
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData@ HashedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData\CLSID@ {CE32ABF6-475D-41F6-BF82-D27F03E3D38B}
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData\CurVer@ CAPICOM.HashedData.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData.1@ HashedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.HashedData.1\CLSID@ {CE32ABF6-475D-41F6-BF82-D27F03E3D38B}
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID@ OID Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID\CLSID@ {7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID\CurVer@ CAPICOM.OID.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID.1@ OID Class
sexy_ladii05
New member
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID.1\CLSID@ {7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey@ PrivateKey Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey\CLSID@ {03ACC284-B757-4B8F-9951-86E600D2CD06}
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey\CurVer@ CAPICOM.PrivateKey.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey.1@ PrivateKey Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey.1\CLSID@ {03ACC284-B757-4B8F-9951-86E600D2CD06}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings@ Settings Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings\CLSID@ {A996E48C-D3DC-4244-89F7-AFA33EC60679}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings\CurVer@ CAPICOM.Settings.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings.1@ Settings Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings.1\CLSID@ {A996E48C-D3DC-4244-89F7-AFA33EC60679}
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode@ SignedCode Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode\CLSID@ {8C3E4934-9FA4-4693-9253-A29A05F99186}
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode\CurVer@ CAPICOM.SignedCode.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode.1@ SignedCode Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode.1\CLSID@ {8C3E4934-9FA4-4693-9253-A29A05F99186}
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData@ SignedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData\CLSID@ {94AFFFCC-6C05-4814-B123-A941105AA77F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData\CurVer@ CAPICOM.SignedData.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData.1@ SignedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData.1\CLSID@ {94AFFFCC-6C05-4814-B123-A941105AA77F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer@ Signer Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer\CLSID@ {60A9863A-11FD-4080-850E-A8E184FC3A3C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer\CurVer@ CAPICOM.Signer.2
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.1@ Signer Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.1\CLSID@ {60A9863A-11FD-4080-850E-A8E184FC3A3C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.2@ Signer Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.2\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.2\CLSID@ {60A9863A-11FD-4080-850E-A8E184FC3A3C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store@ Store Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store\CLSID@ {91D221C4-0CD4-461C-A728-01D509321556}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store\CurVer@ CAPICOM.Store.3
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.1@ Store Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.1\CLSID@ {78E61E52-0E57-4456-A2F2-517492BCBF8F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.2@ Store Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.2\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.2\CLSID@ {78E61E52-0E57-4456-A2F2-517492BCBF8F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.3@ Store Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.3\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.3\CLSID@ {91D221C4-0CD4-461C-A728-01D509321556}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities@ Utilities Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities\CLSID@ {22A85CE1-F011-4231-B9E4-7E7A0438F71B}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities\CurVer@ CAPICOM.Utilities.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities.1@ Utilities Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities.1\CLSID@ {22A85CE1-F011-4231-B9E4-7E7A0438F71B}
Reg HKLM\SOFTWARE\Classes\ChannelFile@ Channel File
Reg HKLM\SOFTWARE\Classes\ChannelFile@FriendlyTypeName @%SystemRoot%\System32\cdfview.dll,-4610
Reg HKLM\SOFTWARE\Classes\ChannelFile\CLSID
Reg HKLM\SOFTWARE\Classes\ChannelFile\CLSID@ {f39a0dc0-9cc8-11d0-a599-00c04fd64433}
Reg HKLM\SOFTWARE\Classes\ChannelFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ChannelFile\DefaultIcon@ %1
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell@ Subscribe
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit@ Edit
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit\Command@ notepad.exe %1
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Explore
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Explore\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Explore\Command@ explorer /e,/root,{f39a0dc0-9cc8-11d0-a599-00c04fd64433},%L
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Open
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Open\Command@ explorer /root,{f39a0dc0-9cc8-11d0-a599-00c04fd64433},%L
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel@ Open Channel
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel\Command@ rundll32 cdfview.dll,OpenChannel %L
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe@ Make Available Offline
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe\Command@ rundll32 cdfview.dll,Subscribe %L
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\IconHandler
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\IconHandler@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{000214EE-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{000214EE-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{00021500-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellFolder
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellFolder@Attributes 0xA0 0x01 0x00 0xA0
Reg HKLM\SOFTWARE\Classes\ChannelShortcut@ Channel Shortcut
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\CLSID
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\CLSID@ {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\DefaultIcon@ %1
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell@ Open Channel
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel@ Open Channel
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel\Command
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel\Command@ rundll32 cdfview.dll,OpenChannel %L
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\ContextMenuHandlers\{f3da0dc0-9cc8-11d0-a599-00c04fd64437}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\ContextMenuHandlers\{f3da0dc0-9cc8-11d0-a599-00c04fd64437}@
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\IconHandler
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\IconHandler@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\PropertySheetHandlers\{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\PropertySheetHandlers\{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}@
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{000214EE-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{000214EE-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{00021500-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{D4029EC0-0920-11d1-9A0B-00C04FC2D6C1}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{D4029EC0-0920-11d1-9A0B-00C04FC2D6C1}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellFolder
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellFolder@Attributes 0xA0 0x01 0x00 0xA0
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\InprocServer@ ole2disp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\InprocServer32@ oleaut32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{D025DE9F-3F20-6C9E-268E-CC902C926229}\InprocServer32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{D025DE9F-3F20-6C9E-268E-CC902C926229}\ProgID@ file
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr@ ColorBvr Class
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr\CurVer@ ColorBvr.ColorBvr.1
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1@ ColorBvr Class
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1\CLSID@ {3845A174-EB30-11D1-9A23-00A0C879FE5F}
Reg HKLM\SOFTWARE\Classes\Content.mbcontent@ mbcontent Class
Reg HKLM\SOFTWARE\Classes\Content.mbcontent\CLSID
Reg HKLM\SOFTWARE\Classes\Content.mbcontent\CLSID@ {52ca3bcf-3b9b-419e-a3d6-5d28c0b0b50c}
Reg HKLM\SOFTWARE\Classes\Content.mbcontent\CurVer
Reg HKLM\SOFTWARE\Classes\Content.mbcontent\CurVer@ Content.mbcontent.1
Reg HKLM\SOFTWARE\Classes\Content.mbcontent.1@ mbcontent Class
Reg HKLM\SOFTWARE\Classes\Content.mbcontent.1\CLSID
Reg HKLM\SOFTWARE\Classes\Content.mbcontent.1\CLSID@ {52ca3bcf-3b9b-419e-a3d6-5d28c0b0b50c}
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory@ Cr Behavior Factory
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory\CurVer
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory\CurVer@ CR.CrBehaviorFactory.1
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1@ Cr Behavior Factory
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1\CLSID@ {754FF233-5D4E-11d2-875B-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\DAEMON.Tools.Lite@ DAEMON Tools Pro files
Reg HKLM\SOFTWARE\Classes\DAEMON.Tools.Lite\DefaultIcon
Reg HKLM\SOFTWARE\Classes\DAEMON.Tools.Lite\shell
Reg HKLM\SOFTWARE\Classes\DAEMON.Tools.Lite\shell\open
Reg HKLM\SOFTWARE\Classes\DAEMON.Tools.Lite\shell\open\command
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray\CLSID@ {D17506C3-6B26-11D0-8914-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1\CLSID@ {D17506C3-6B26-11D0-8914-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2\CLSID@ {C46C1BCE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1\CLSID@ {C46C1BCE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3\CLSID@ {C46C1BDE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1\CLSID@ {C46C1BDE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior\CLSID@ {283807B8-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1\CLSID@ {283807B8-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean\CLSID@ {C46C1BC1-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1\CLSID@ {C46C1BC1-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera\CLSID@ {C46C1BE2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1\CLSID@ {C46C1BE2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor\CLSID@ {C46C1BC6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1\CLSID@ {C46C1BC6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle\CLSID@ {C46C1BF0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1\CLSID@ {C46C1BF0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle\CLSID@ {C46C1BEC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1\CLSID@ {C46C1BEC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent\CLSID@ {50B4791F-4731-11D0-8912-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1\CLSID@ {50B4791F-4731-11D0-8912-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle\CLSID@ {25B0F91C-D23D-11D0-9B85-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1\CLSID@ {25B0F91C-D23D-11D0-9B85-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry\CLSID@ {C46C1BE0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1\CLSID@ {C46C1BE0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage\CLSID@ {C46C1BD4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1\CLSID@ {C46C1BD4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle\CLSID@ {C46C1BEE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1\CLSID@ {C46C1BEE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle\CLSID@ {C46C1BF2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1\CLSID@ {C46C1BF2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte\CLSID@ {C46C1BD2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1\CLSID@ {C46C1BD2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone\CLSID@ {C46C1BE6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1\CLSID@ {C46C1BE6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage\CLSID@ {C46C1BD6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1\CLSID@ {C46C1BD6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber\CLSID@ {9CDE7341-3C20-11D0-A330-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1\CLSID@ {9CDE7341-3C20-11D0-A330-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair\CLSID@ {C46C1BF4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1\CLSID@ {C46C1BF4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2\CLSID@ {C46C1BD0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1\CLSID@ {C46C1BD0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2\CLSID@ {C46C1BC8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1\CLSID@ {C46C1BC8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3\CLSID@ {C46C1BD8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1\CLSID@ {C46C1BD8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound\CLSID@ {C46C1BE4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1\CLSID@ {C46C1BE4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics\CLSID@ {542FB453-5003-11CF-92A2-00AA00B8A733}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1\CLSID@ {542FB453-5003-11CF-92A2-00AA00B8A733}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString\CLSID@ {C46C1BC4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1\CLSID@ {C46C1BC4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2\CLSID@ {C46C1BCC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1\CLSID@ {C46C1BCC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3\CLSID@ {C46C1BDC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1\CLSID@ {C46C1BDC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple\CLSID@ {5DFB2651-9668-11D0-B17B-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1\CLSID@ {5DFB2651-9668-11D0-B17B-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData\CLSID@ {AF868304-AB0B-11D0-876A-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1\CLSID@ {AF868304-AB0B-11D0-876A-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2\CLSID@ {C46C1BCA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1\CLSID@ {C46C1BCA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3\CLSID@ {C46C1BDA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1\CLSID@ {C46C1BDA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView\CLSID@ {283807B5-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1\CLSID@ {283807B5-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl@ Microsoft DirectAnimation Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl\CurVer
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl\CurVer@ DirectAnimation.DirectAnimationIntegratedMediaControl.1
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1@ Microsoft DirectAnimation Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1\CLSID@ {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl@ Microsoft DirectAnimation Windowed Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl\CurVer
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl\CurVer@ DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1@ Microsoft DirectAnimation Windowed Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1\CLSID@ {69AD90EF-1C20-11d1-8801-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr@ EffectBvr Class
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr\CurVer
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr\CurVer@ EffectBvr.EffectBvr.1
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1@ EffectBvr Class
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1\CLSID@ {54274112-7A5E-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\fdkowvbp.balq@ fdkowvbp
Reg HKLM\SOFTWARE\Classes\fdkowvbp.balq\CLSID
Reg HKLM\SOFTWARE\Classes\fdkowvbp.balq\CLSID@ {AE7F9E1E-0A21-46C0-91D9-01F9D1ACB887}
Reg HKLM\SOFTWARE\Classes\fdkowvbp.balq\CurVer
Reg HKLM\SOFTWARE\Classes\fdkowvbp.balq\CurVer@ fdkowvbp.1
Reg HKLM\SOFTWARE\Classes\fdkowvbp.ToolBar.1@ fdkowvbp
Reg HKLM\SOFTWARE\Classes\fdkowvbp.ToolBar.1\CLSID
Reg HKLM\SOFTWARE\Classes\fdkowvbp.ToolBar.1\CLSID@ {AE7F9E1E-0A21-46C0-91D9-01F9D1ACB887}
Reg HKLM\SOFTWARE\Classes\gopher@Source Filter {E436EBB6-524F-11CE-9F53-0020AF0BA770}
Reg HKLM\SOFTWARE\Classes\gopher\shell
Reg HKLM\SOFTWARE\Classes\gopher\shell\open
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\command
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\command@ "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator@ aimlocator Class
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CLSID
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CLSID@ {BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA}
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CurVer
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CurVer@ isaim.aimlocator.1
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1@ aimlocator Class
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1\CLSID
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1\CLSID@ {BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA}
Reg HKLM\SOFTWARE\Classes\JavaPlugin.160_03\CLSID
Reg HKLM\SOFTWARE\Classes\JavaPlugin.160_03\CLSID@ {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine@
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine\CLSID
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine\CLSID@ {C533ADF1-0C80-11D1-8C54-00A02468F316}
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1@
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1\CLSID
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1\CLSID@ {C533ADF1-0C80-11D1-8C54-00A02468F316}
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr@ LM Auto Effect Behavior
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr\CurVer
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr\CurVer@ LM.AutoEffectBvr.1
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1@ LM Auto Effect Behavior
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1\CLSID@ {BB339A46-7C49-11d2-9BF3-00C04FA34789}
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory@ LM Behavior Factory
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory\CurVer
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory\CurVer@ LM.LMBehaviorFactory.1
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1@ LM Behavior Factory
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1\CLSID@ {B1549E58-3894-11D2-BB7F-00A0C999C4C1}
Reg HKLM\SOFTWARE\Classes\LM.LMReader@ LM Runtime Control
Reg HKLM\SOFTWARE\Classes\LM.LMReader\CurVer
Reg HKLM\SOFTWARE\Classes\LM.LMReader\CurVer@ LM.LMReader.1
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1@ LM Runtime Control
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.OID.1\CLSID@ {7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey@ PrivateKey Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey\CLSID@ {03ACC284-B757-4B8F-9951-86E600D2CD06}
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey\CurVer@ CAPICOM.PrivateKey.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey.1@ PrivateKey Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.PrivateKey.1\CLSID@ {03ACC284-B757-4B8F-9951-86E600D2CD06}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings@ Settings Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings\CLSID@ {A996E48C-D3DC-4244-89F7-AFA33EC60679}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings\CurVer@ CAPICOM.Settings.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings.1@ Settings Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Settings.1\CLSID@ {A996E48C-D3DC-4244-89F7-AFA33EC60679}
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode@ SignedCode Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode\CLSID@ {8C3E4934-9FA4-4693-9253-A29A05F99186}
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode\CurVer@ CAPICOM.SignedCode.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode.1@ SignedCode Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedCode.1\CLSID@ {8C3E4934-9FA4-4693-9253-A29A05F99186}
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData@ SignedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData\CLSID@ {94AFFFCC-6C05-4814-B123-A941105AA77F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData\CurVer@ CAPICOM.SignedData.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData.1@ SignedData Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.SignedData.1\CLSID@ {94AFFFCC-6C05-4814-B123-A941105AA77F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer@ Signer Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer\CLSID@ {60A9863A-11FD-4080-850E-A8E184FC3A3C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer\CurVer@ CAPICOM.Signer.2
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.1@ Signer Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.1\CLSID@ {60A9863A-11FD-4080-850E-A8E184FC3A3C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.2@ Signer Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.2\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Signer.2\CLSID@ {60A9863A-11FD-4080-850E-A8E184FC3A3C}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store@ Store Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store\CLSID@ {91D221C4-0CD4-461C-A728-01D509321556}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store\CurVer@ CAPICOM.Store.3
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.1@ Store Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.1\CLSID@ {78E61E52-0E57-4456-A2F2-517492BCBF8F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.2@ Store Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.2\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.2\CLSID@ {78E61E52-0E57-4456-A2F2-517492BCBF8F}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.3@ Store Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.3\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Store.3\CLSID@ {91D221C4-0CD4-461C-A728-01D509321556}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities@ Utilities Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities\CLSID@ {22A85CE1-F011-4231-B9E4-7E7A0438F71B}
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities\CurVer
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities\CurVer@ CAPICOM.Utilities.1
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities.1@ Utilities Class
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities.1\CLSID
Reg HKLM\SOFTWARE\Classes\CAPICOM.Utilities.1\CLSID@ {22A85CE1-F011-4231-B9E4-7E7A0438F71B}
Reg HKLM\SOFTWARE\Classes\ChannelFile@ Channel File
Reg HKLM\SOFTWARE\Classes\ChannelFile@FriendlyTypeName @%SystemRoot%\System32\cdfview.dll,-4610
Reg HKLM\SOFTWARE\Classes\ChannelFile\CLSID
Reg HKLM\SOFTWARE\Classes\ChannelFile\CLSID@ {f39a0dc0-9cc8-11d0-a599-00c04fd64433}
Reg HKLM\SOFTWARE\Classes\ChannelFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ChannelFile\DefaultIcon@ %1
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell@ Subscribe
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit@ Edit
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit\Command@ notepad.exe %1
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Explore
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Explore\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Explore\Command@ explorer /e,/root,{f39a0dc0-9cc8-11d0-a599-00c04fd64433},%L
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Open
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Open\Command@ explorer /root,{f39a0dc0-9cc8-11d0-a599-00c04fd64433},%L
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel@ Open Channel
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel\Command@ rundll32 cdfview.dll,OpenChannel %L
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe@ Make Available Offline
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe\Command@ rundll32 cdfview.dll,Subscribe %L
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\IconHandler
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\IconHandler@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{000214EE-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{000214EE-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{00021500-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellFolder
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellFolder@Attributes 0xA0 0x01 0x00 0xA0
Reg HKLM\SOFTWARE\Classes\ChannelShortcut@ Channel Shortcut
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\CLSID
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\CLSID@ {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\DefaultIcon@ %1
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell@ Open Channel
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel@ Open Channel
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel\Command
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel\Command@ rundll32 cdfview.dll,OpenChannel %L
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\ContextMenuHandlers\{f3da0dc0-9cc8-11d0-a599-00c04fd64437}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\ContextMenuHandlers\{f3da0dc0-9cc8-11d0-a599-00c04fd64437}@
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\IconHandler
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\IconHandler@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\PropertySheetHandlers\{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\PropertySheetHandlers\{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}@
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{000214EE-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{000214EE-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{00021500-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{D4029EC0-0920-11d1-9A0B-00C04FC2D6C1}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{D4029EC0-0920-11d1-9A0B-00C04FC2D6C1}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellFolder
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellFolder@Attributes 0xA0 0x01 0x00 0xA0
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\InprocServer@ ole2disp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\InprocServer32@ oleaut32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{D025DE9F-3F20-6C9E-268E-CC902C926229}\InprocServer32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{D025DE9F-3F20-6C9E-268E-CC902C926229}\ProgID@ file
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr@ ColorBvr Class
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr\CurVer@ ColorBvr.ColorBvr.1
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1@ ColorBvr Class
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1\CLSID@ {3845A174-EB30-11D1-9A23-00A0C879FE5F}
Reg HKLM\SOFTWARE\Classes\Content.mbcontent@ mbcontent Class
Reg HKLM\SOFTWARE\Classes\Content.mbcontent\CLSID
Reg HKLM\SOFTWARE\Classes\Content.mbcontent\CLSID@ {52ca3bcf-3b9b-419e-a3d6-5d28c0b0b50c}
Reg HKLM\SOFTWARE\Classes\Content.mbcontent\CurVer
Reg HKLM\SOFTWARE\Classes\Content.mbcontent\CurVer@ Content.mbcontent.1
Reg HKLM\SOFTWARE\Classes\Content.mbcontent.1@ mbcontent Class
Reg HKLM\SOFTWARE\Classes\Content.mbcontent.1\CLSID
Reg HKLM\SOFTWARE\Classes\Content.mbcontent.1\CLSID@ {52ca3bcf-3b9b-419e-a3d6-5d28c0b0b50c}
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory@ Cr Behavior Factory
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory\CurVer
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory\CurVer@ CR.CrBehaviorFactory.1
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1@ Cr Behavior Factory
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1\CLSID@ {754FF233-5D4E-11d2-875B-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\DAEMON.Tools.Lite@ DAEMON Tools Pro files
Reg HKLM\SOFTWARE\Classes\DAEMON.Tools.Lite\DefaultIcon
Reg HKLM\SOFTWARE\Classes\DAEMON.Tools.Lite\shell
Reg HKLM\SOFTWARE\Classes\DAEMON.Tools.Lite\shell\open
Reg HKLM\SOFTWARE\Classes\DAEMON.Tools.Lite\shell\open\command
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray\CLSID@ {D17506C3-6B26-11D0-8914-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1\CLSID@ {D17506C3-6B26-11D0-8914-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2\CLSID@ {C46C1BCE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1\CLSID@ {C46C1BCE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3\CLSID@ {C46C1BDE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1\CLSID@ {C46C1BDE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior\CLSID@ {283807B8-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1\CLSID@ {283807B8-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean\CLSID@ {C46C1BC1-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1\CLSID@ {C46C1BC1-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera\CLSID@ {C46C1BE2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1\CLSID@ {C46C1BE2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor\CLSID@ {C46C1BC6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1\CLSID@ {C46C1BC6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle\CLSID@ {C46C1BF0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1\CLSID@ {C46C1BF0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle\CLSID@ {C46C1BEC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1\CLSID@ {C46C1BEC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent\CLSID@ {50B4791F-4731-11D0-8912-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1\CLSID@ {50B4791F-4731-11D0-8912-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle\CLSID@ {25B0F91C-D23D-11D0-9B85-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1\CLSID@ {25B0F91C-D23D-11D0-9B85-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry\CLSID@ {C46C1BE0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1\CLSID@ {C46C1BE0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage\CLSID@ {C46C1BD4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1\CLSID@ {C46C1BD4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle\CLSID@ {C46C1BEE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1\CLSID@ {C46C1BEE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle\CLSID@ {C46C1BF2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1\CLSID@ {C46C1BF2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte\CLSID@ {C46C1BD2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1\CLSID@ {C46C1BD2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone\CLSID@ {C46C1BE6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1\CLSID@ {C46C1BE6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage\CLSID@ {C46C1BD6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1\CLSID@ {C46C1BD6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber\CLSID@ {9CDE7341-3C20-11D0-A330-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1\CLSID@ {9CDE7341-3C20-11D0-A330-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair\CLSID@ {C46C1BF4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1\CLSID@ {C46C1BF4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2\CLSID@ {C46C1BD0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1\CLSID@ {C46C1BD0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2\CLSID@ {C46C1BC8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1\CLSID@ {C46C1BC8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3\CLSID@ {C46C1BD8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1\CLSID@ {C46C1BD8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound\CLSID@ {C46C1BE4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1\CLSID@ {C46C1BE4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics\CLSID@ {542FB453-5003-11CF-92A2-00AA00B8A733}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1\CLSID@ {542FB453-5003-11CF-92A2-00AA00B8A733}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString\CLSID@ {C46C1BC4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1\CLSID@ {C46C1BC4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2\CLSID@ {C46C1BCC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1\CLSID@ {C46C1BCC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3\CLSID@ {C46C1BDC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1\CLSID@ {C46C1BDC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple\CLSID@ {5DFB2651-9668-11D0-B17B-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1\CLSID@ {5DFB2651-9668-11D0-B17B-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData\CLSID@ {AF868304-AB0B-11D0-876A-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1\CLSID@ {AF868304-AB0B-11D0-876A-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2\CLSID@ {C46C1BCA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1\CLSID@ {C46C1BCA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3\CLSID@ {C46C1BDA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1\CLSID@ {C46C1BDA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView\CLSID@ {283807B5-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1\CLSID@ {283807B5-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl@ Microsoft DirectAnimation Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl\CurVer
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl\CurVer@ DirectAnimation.DirectAnimationIntegratedMediaControl.1
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1@ Microsoft DirectAnimation Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1\CLSID@ {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl@ Microsoft DirectAnimation Windowed Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl\CurVer
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl\CurVer@ DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1@ Microsoft DirectAnimation Windowed Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1\CLSID@ {69AD90EF-1C20-11d1-8801-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr@ EffectBvr Class
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr\CurVer
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr\CurVer@ EffectBvr.EffectBvr.1
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1@ EffectBvr Class
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1\CLSID@ {54274112-7A5E-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\fdkowvbp.balq@ fdkowvbp
Reg HKLM\SOFTWARE\Classes\fdkowvbp.balq\CLSID
Reg HKLM\SOFTWARE\Classes\fdkowvbp.balq\CLSID@ {AE7F9E1E-0A21-46C0-91D9-01F9D1ACB887}
Reg HKLM\SOFTWARE\Classes\fdkowvbp.balq\CurVer
Reg HKLM\SOFTWARE\Classes\fdkowvbp.balq\CurVer@ fdkowvbp.1
Reg HKLM\SOFTWARE\Classes\fdkowvbp.ToolBar.1@ fdkowvbp
Reg HKLM\SOFTWARE\Classes\fdkowvbp.ToolBar.1\CLSID
Reg HKLM\SOFTWARE\Classes\fdkowvbp.ToolBar.1\CLSID@ {AE7F9E1E-0A21-46C0-91D9-01F9D1ACB887}
Reg HKLM\SOFTWARE\Classes\gopher@Source Filter {E436EBB6-524F-11CE-9F53-0020AF0BA770}
Reg HKLM\SOFTWARE\Classes\gopher\shell
Reg HKLM\SOFTWARE\Classes\gopher\shell\open
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\command
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\command@ "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator@ aimlocator Class
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CLSID
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CLSID@ {BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA}
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CurVer
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CurVer@ isaim.aimlocator.1
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1@ aimlocator Class
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1\CLSID
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1\CLSID@ {BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA}
Reg HKLM\SOFTWARE\Classes\JavaPlugin.160_03\CLSID
Reg HKLM\SOFTWARE\Classes\JavaPlugin.160_03\CLSID@ {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine@
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine\CLSID
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine\CLSID@ {C533ADF1-0C80-11D1-8C54-00A02468F316}
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1@
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1\CLSID
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1\CLSID@ {C533ADF1-0C80-11D1-8C54-00A02468F316}
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr@ LM Auto Effect Behavior
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr\CurVer
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr\CurVer@ LM.AutoEffectBvr.1
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1@ LM Auto Effect Behavior
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1\CLSID@ {BB339A46-7C49-11d2-9BF3-00C04FA34789}
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory@ LM Behavior Factory
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory\CurVer
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory\CurVer@ LM.LMBehaviorFactory.1
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1@ LM Behavior Factory
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1\CLSID@ {B1549E58-3894-11D2-BB7F-00A0C999C4C1}
Reg HKLM\SOFTWARE\Classes\LM.LMReader@ LM Runtime Control
Reg HKLM\SOFTWARE\Classes\LM.LMReader\CurVer
Reg HKLM\SOFTWARE\Classes\LM.LMReader\CurVer@ LM.LMReader.1
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1@ LM Runtime Control
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1\CLSID
sexy_ladii05
New member
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1\CLSID@ {183C259A-0480-11d1-87EA-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CLSID@ {2933BF91-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CurVer@ Microsoft.FreeThreadedXMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM.1.0@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM.1.0\CLSID@ {2933BF91-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CLSID@ {2933BF90-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CurVer@ Microsoft.XMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM.1.0@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM.1.0\CLSID@ {2933BF90-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO@ XML Data Source Object
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CLSID@ {550DDA30-0541-11D2-9CA9-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CurVer@ Microsoft.XMLDSO.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO.1.0@ XML Data Source Object
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO.1.0\CLSID@ {550DDA30-0541-11D2-9CA9-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP@ XML HTTP Request
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CLSID@ {ED8C108E-4349-11D2-91A4-00C04F7969E8}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CurVer@ Microsoft.XMLHTTP.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP.1.0@ XML HTTP Request
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP.1.0\CLSID@ {ED8C108E-4349-11D2-91A4-00C04F7969E8}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser@ XML Parser
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CLSID@ {D2423620-51A0-11D2-9CAF-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CurVer@ Microsoft.XMLParser.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser.1.0@ XML Parser
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser.1.0\CLSID@ {D2423620-51A0-11D2-9CAF-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr@ MoveBvr Class
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr\CurVer
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr\CurVer@ MoveBvr.MoveBvr.1
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1@ MoveBvr Class
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1\CLSID@ {C5B86F32-69EE-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\MSIDXS@ Microsoft OLE DB Provider for Indexing Service
Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid
Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid@ {F9AE8980-7E52-11d0-8964-00C04FD611D7}
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup@ Microsoft OLE DB Error Lookup for Indexing Service
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid@ {F9AE8981-7E52-11d0-8964-00C04FD611D7}
Reg HKLM\SOFTWARE\Classes\Msxml@ Msxml
Reg HKLM\SOFTWARE\Classes\Msxml\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml\CLSID@ {CFC399AF-D876-11D0-9C10-00C04FC99C8E}
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CLSID@ {2933BF90-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CurVer@ Microsoft.XMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CLSID@ {2933BF91-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CurVer@ Microsoft.FreeThreadedXMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CLSID@ {F6D90F11-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CurVer@ Msxml2.DOMDocument.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.3.0@ XML DOM Document 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.3.0\CLSID@ {F5078F32-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl@ XML Data Source Object
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CLSID@ {F6D90F14-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CurVer@ Msxml2.DSOControl.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl.3.0@ XML Data Source Object 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl.3.0\CLSID@ {F5078F39-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CLSID@ {F6D90F12-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CurVer@ Msxml2.FreeThreadedDOMDocument.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.3.0@ Free Threaded XML DOM Document 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.3.0\CLSID@ {F5078F33-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter@ MXXMLWriter
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CLSID@ {FC220AD8-A72A-4EE8-926E-0B7AD152A020}
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CurVer@ Msxml2.MXXMLWriter.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.3.0@ MXXMLWriter 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.3.0\CLSID@ {3D813DFE-6C91-4A4E-8F41-04346A841D9C}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes@ SAXAttributes
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CLSID@ {4DD441AD-526D-4A77-9F1B-9841ED802FB0}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CurVer@ Msxml2.SAXAttributes.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.3.0@ SAXAttributes 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.3.0\CLSID@ {3E784A01-F3AE-4DC0-9354-9526B9370EBA}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader@ SAX XML Reader
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CLSID@ {079AA557-4A18-424A-8EEE-E39F0A8D41B9}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CurVer@ Msxml2.SAXXMLReader.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.3.0@ SAX XML Reader 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.3.0\CLSID@ {3124C396-FB13-4836-A6AD-1317F1713688}
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP@ Server XML HTTP
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CLSID@ {AFBA6B42-5692-48EA-8141-DC517DCF0EF1}
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CurVer@ Msxml2.ServerXMLHTTP.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.3.0@ Server XML HTTP 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.3.0\CLSID@ {AFB40FFD-B609-40A3-9828-F88BBE11E4E3}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP@ XML HTTP
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CLSID@ {F6D90F16-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CurVer@ Msxml2.XMLHTTP.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.3.0@ XML HTTP 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.3.0\CLSID@ {F5078F35-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser@ XML Parser
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CLSID@ {F5078F19-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CurVer@ Msxml2.XMLParser.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser.3.0@ XML Parser 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser.3.0\CLSID@ {F5078F31-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache@ XML Schema Cache
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CLSID@ {373984C9-B845-449B-91E7-45AC83036ADE}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CurVer@ Msxml2.XMLSchemaCache.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.3.0@ XML Schema Cache 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.3.0\CLSID@ {F5078F34-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate@ XSL Template
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CLSID@ {2933BF94-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CurVer@ Msxml2.XSLTemplate.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.3.0@ XSL Template 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.3.0\CLSID@ {F5078F36-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr@ NumberBvr Class
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr\CurVer
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr\CurVer@ NumberBvr.NumberBvr.1
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1@ NumberBvr Class
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1\CLSID@ {ECDB03D2-6E99-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr@ PathBvr Class
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr\CurVer
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr\CurVer@ PathBvr.PathBvr.1
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1@ PathBvr Class
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1\CLSID@ {80F49562-6A9A-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\prffile@ Microsoft Office Outlook Profile Settings
Reg HKLM\SOFTWARE\Classes\prffile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\prffile\DefaultIcon@ C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe,6
Reg HKLM\SOFTWARE\Classes\prffile\shell
Reg HKLM\SOFTWARE\Classes\prffile\shell@ Open
Reg HKLM\SOFTWARE\Classes\prffile\shell\Open
Reg HKLM\SOFTWARE\Classes\prffile\shell\Open\command
Reg HKLM\SOFTWARE\Classes\prffile\shell\Open\command@ "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" /PromptImportPRF "%1"
Reg HKLM\SOFTWARE\Classes\rar_auto_file@
Reg HKLM\SOFTWARE\Classes\rar_auto_file\shell
Reg HKLM\SOFTWARE\Classes\rar_auto_file\shell\open
Reg HKLM\SOFTWARE\Classes\rar_auto_file\shell\open\command
Reg HKLM\SOFTWARE\Classes\rar_auto_file\shell\open\command@ "C:\Program Files\WinRAR\WinRAR.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr@ RotateBvr Class
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr\CurVer
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr\CurVer@ RotateBvr.RotateBvr.1
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1@ RotateBvr Class
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1\CLSID@ {027713F2-5FA8-11d2-875B-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr@ ScaleBvr Class
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr\CurVer@ ScaleBvr.ScaleBvr.1
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1@ ScaleBvr Class
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1\CLSID@ {E80353D3-677D-11d2-875E-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr@ SetBvr Class
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr\CurVer
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr\CurVer@ SetBvr.SetBvr.1
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1@ SetBvr Class
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1\CLSID@ {BA60F742-6F72-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile@ Disabled startup file
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\blindman.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile@ Spyware exclude file
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile@ Spyware include file
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile@ Spyware supplemental file
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile@ Internal informations
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile@ Usage tracks include file
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile@ Usage tracks supplemental file
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper@ SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID@ {1F3CB77D-D339-49e0-B8E4-FECD6D6F8CB8}
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer@ SwBroker.SwHelper.1
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1@ SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID@ {1F3CB77D-D339-49e0-B8E4-FECD6D6F8CB8}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CurVer
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CurVer@ SWCtl.SWCtl.11
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.11@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.11\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.11\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl@ SwInstallerCtl Class
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CLSID
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CLSID@ {4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CurVer
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CurVer@ Swdir.SwInstallerCtl.1
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1@ SwInstallerCtl Class
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1\CLSID@ {4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes@ SwHelperAttributes Class
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes\CLSID
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes\CLSID@ {0103A448-2934-4B3D-A54E-FED761D472E0}
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes\CurVer
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes\CurVer@ SwHelper.SwHelperAttributes.1
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes.1@ SwHelperAttributes Class
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes.1\CLSID
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes.1\CLSID@ {0103A448-2934-4B3D-A54E-FED761D472E0}
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory@
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory\CLSID@ {33FDA1EA-80DF-11D2-B263-00A0C90D6111}
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory.1@
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory.1\CLSID@ {33FDA1EA-80DF-11D2-B263-00A0C90D6111}
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory@
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory\CLSID@ {476C391C-3E0D-11D2-B948-00C04FA32195}
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory.1@
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory.1\CLSID@ {476C391C-3E0D-11D2-B948-00C04FA32195}
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx@ UnagiAx Class
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CLSID
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CLSID@ {6E704581-CCAE-46D2-9C64-20D724B3624E}
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CurVer
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CurVer@ unagiAx.UnagiAx.2
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2@ UnagiAx Class
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2\CLSID
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2\CLSID@ {6E704581-CCAE-46D2-9C64-20D724B3624E}
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2\Insertable
Reg HKLM\SOFTWARE\Classes\WinRAR@ WinRAR archive
Reg HKLM\SOFTWARE\Classes\WinRAR\DefaultIcon
Reg HKLM\SOFTWARE\Classes\WinRAR\DefaultIcon@ C:\Program Files\WinRAR\WinRAR.exe,0
Reg HKLM\SOFTWARE\Classes\WinRAR\shell
Reg HKLM\SOFTWARE\Classes\WinRAR\shell\open
Reg HKLM\SOFTWARE\Classes\WinRAR\shell\open\command
Reg HKLM\SOFTWARE\Classes\WinRAR\shell\open\command@ "C:\Program Files\WinRAR\WinRAR.exe" "%1"
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}@
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\DropHandler
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\DropHandler@ {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}@
Reg HKLM\SOFTWARE\Classes\WinRAR.REV@ RAR recovery volume
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\DefaultIcon
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\DefaultIcon@ C:\Program Files\WinRAR\WinRAR.exe,1
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\shell
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\shell\open
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\shell\open\command
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\shell\open\command@ "C:\Program Files\WinRAR\WinRAR.exe" "%1"
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP@ WinRAR ZIP archive
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon@ C:\Program Files\WinRAR\WinRAR.exe,0
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shell
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shell\open
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command@ "C:\Program Files\WinRAR\WinRAR.exe" "%1"
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}@
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler@ {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}@
Reg HKLM\SOFTWARE\Classes\XML@ XML Script Engine
Reg HKLM\SOFTWARE\Classes\XML\CLSID
Reg HKLM\SOFTWARE\Classes\XML\CLSID@ {989D1DC0-B162-11D1-B6EC-D27DDCF9A923}
Reg HKLM\SOFTWARE\Classes\XML\OLEScript
Reg HKLM\SOFTWARE\Classes\XML\OLEScript@
Reg HKLM\SOFTWARE\Classes\xmlfile@ XML Document
Reg HKLM\SOFTWARE\Classes\xmlfile@FriendlyTypeName @C:\WINDOWS\system32\msxml3r.dll,-1
Reg HKLM\SOFTWARE\Classes\xmlfile\BrowseInPlace
Reg HKLM\SOFTWARE\Classes\xmlfile\BrowseInPlace@
Reg HKLM\SOFTWARE\Classes\xmlfile\CLSID
Reg HKLM\SOFTWARE\Classes\xmlfile\CLSID@ {48123BC4-99D9-11D1-A6B3-00C04FD91555}
Reg HKLM\SOFTWARE\Classes\xmlfile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\xmlfile\DefaultIcon@ C:\WINDOWS\system32\msxml3.dll,0
Reg HKLM\SOFTWARE\Classes\xmlfile\shell
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\command
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec@ "file:%1",,-1,,,,,
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\application
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\application@ IExplore
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\topic
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\topic@ WWW_OpenURL
Reg HKLM\SOFTWARE\Classes\xslfile@ XSL Stylesheet
Reg HKLM\SOFTWARE\Classes\xslfile@FriendlyTypeName @C:\WINDOWS\system32\msxml3r.dll,-2
Reg HKLM\SOFTWARE\Classes\xslfile\BrowseInPlace
Reg HKLM\SOFTWARE\Classes\xslfile\BrowseInPlace@
Reg HKLM\SOFTWARE\Classes\xslfile\CLSID
Reg HKLM\SOFTWARE\Classes\xslfile\CLSID@ {48123BC4-99D9-11D1-A6B3-00C04FD91555}
Reg HKLM\SOFTWARE\Classes\xslfile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\xslfile\DefaultIcon@ C:\WINDOWS\system32\msxml3.dll,1
Reg HKLM\SOFTWARE\Classes\xslfile\shell
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\command
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec@ "file:%1",,-1,,,,,
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\application
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\application@ IExplore
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\topic
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\topic@ WWW_OpenURL
---- EOF - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CLSID@ {2933BF91-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM\CurVer@ Microsoft.FreeThreadedXMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM.1.0@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.FreeThreadedXMLDOM.1.0\CLSID@ {2933BF91-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CLSID@ {2933BF90-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM\CurVer@ Microsoft.XMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM.1.0@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDOM.1.0\CLSID@ {2933BF90-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO@ XML Data Source Object
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CLSID@ {550DDA30-0541-11D2-9CA9-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO\CurVer@ Microsoft.XMLDSO.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO.1.0@ XML Data Source Object
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLDSO.1.0\CLSID@ {550DDA30-0541-11D2-9CA9-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP@ XML HTTP Request
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CLSID@ {ED8C108E-4349-11D2-91A4-00C04F7969E8}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP\CurVer@ Microsoft.XMLHTTP.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP.1.0@ XML HTTP Request
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLHTTP.1.0\CLSID@ {ED8C108E-4349-11D2-91A4-00C04F7969E8}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser@ XML Parser
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CLSID@ {D2423620-51A0-11D2-9CAF-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser\CurVer@ Microsoft.XMLParser.1.0
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser.1.0@ XML Parser
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.XMLParser.1.0\CLSID@ {D2423620-51A0-11D2-9CAF-0060B0EC3D39}
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr@ MoveBvr Class
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr\CurVer
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr\CurVer@ MoveBvr.MoveBvr.1
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1@ MoveBvr Class
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1\CLSID@ {C5B86F32-69EE-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\MSIDXS@ Microsoft OLE DB Provider for Indexing Service
Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid
Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid@ {F9AE8980-7E52-11d0-8964-00C04FD611D7}
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup@ Microsoft OLE DB Error Lookup for Indexing Service
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid@ {F9AE8981-7E52-11d0-8964-00C04FD611D7}
Reg HKLM\SOFTWARE\Classes\Msxml@ Msxml
Reg HKLM\SOFTWARE\Classes\Msxml\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml\CLSID@ {CFC399AF-D876-11D0-9C10-00C04FC99C8E}
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CLSID@ {2933BF90-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\MSXML.DOMDocument\CurVer@ Microsoft.XMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CLSID@ {2933BF91-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\MSXML.FreeThreadedDOMDocument\CurVer@ Microsoft.FreeThreadedXMLDOM.1.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument@ XML DOM Document
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CLSID@ {F6D90F11-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument\CurVer@ Msxml2.DOMDocument.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.3.0@ XML DOM Document 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.3.0\CLSID@ {F5078F32-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl@ XML Data Source Object
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CLSID@ {F6D90F14-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl\CurVer@ Msxml2.DSOControl.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl.3.0@ XML Data Source Object 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DSOControl.3.0\CLSID@ {F5078F39-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument@ Free Threaded XML DOM Document
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CLSID@ {F6D90F12-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument\CurVer@ Msxml2.FreeThreadedDOMDocument.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.3.0@ Free Threaded XML DOM Document 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.3.0\CLSID@ {F5078F33-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter@ MXXMLWriter
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CLSID@ {FC220AD8-A72A-4EE8-926E-0B7AD152A020}
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter\CurVer@ Msxml2.MXXMLWriter.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.3.0@ MXXMLWriter 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.3.0\CLSID@ {3D813DFE-6C91-4A4E-8F41-04346A841D9C}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes@ SAXAttributes
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CLSID@ {4DD441AD-526D-4A77-9F1B-9841ED802FB0}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes\CurVer@ Msxml2.SAXAttributes.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.3.0@ SAXAttributes 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.3.0\CLSID@ {3E784A01-F3AE-4DC0-9354-9526B9370EBA}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader@ SAX XML Reader
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CLSID@ {079AA557-4A18-424A-8EEE-E39F0A8D41B9}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader\CurVer@ Msxml2.SAXXMLReader.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.3.0@ SAX XML Reader 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.3.0\CLSID@ {3124C396-FB13-4836-A6AD-1317F1713688}
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP@ Server XML HTTP
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CLSID@ {AFBA6B42-5692-48EA-8141-DC517DCF0EF1}
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP\CurVer@ Msxml2.ServerXMLHTTP.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.3.0@ Server XML HTTP 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.3.0\CLSID@ {AFB40FFD-B609-40A3-9828-F88BBE11E4E3}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP@ XML HTTP
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CLSID@ {F6D90F16-9C73-11D3-B32E-00C04F990BB4}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP\CurVer@ Msxml2.XMLHTTP.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.3.0@ XML HTTP 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.3.0\CLSID@ {F5078F35-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser@ XML Parser
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CLSID@ {F5078F19-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser\CurVer@ Msxml2.XMLParser.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser.3.0@ XML Parser 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLParser.3.0\CLSID@ {F5078F31-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache@ XML Schema Cache
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CLSID@ {373984C9-B845-449B-91E7-45AC83036ADE}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache\CurVer@ Msxml2.XMLSchemaCache.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.3.0@ XML Schema Cache 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.3.0\CLSID@ {F5078F34-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate@ XSL Template
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CLSID@ {2933BF94-7B36-11D2-B20E-00C04F983E60}
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CurVer
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate\CurVer@ Msxml2.XSLTemplate.3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.3.0@ XSL Template 3.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.3.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.3.0\CLSID@ {F5078F36-C551-11D3-89B9-0000F81FE221}
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr@ NumberBvr Class
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr\CurVer
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr\CurVer@ NumberBvr.NumberBvr.1
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1@ NumberBvr Class
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1\CLSID@ {ECDB03D2-6E99-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr@ PathBvr Class
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr\CurVer
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr\CurVer@ PathBvr.PathBvr.1
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1@ PathBvr Class
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1\CLSID@ {80F49562-6A9A-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\prffile@ Microsoft Office Outlook Profile Settings
Reg HKLM\SOFTWARE\Classes\prffile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\prffile\DefaultIcon@ C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe,6
Reg HKLM\SOFTWARE\Classes\prffile\shell
Reg HKLM\SOFTWARE\Classes\prffile\shell@ Open
Reg HKLM\SOFTWARE\Classes\prffile\shell\Open
Reg HKLM\SOFTWARE\Classes\prffile\shell\Open\command
Reg HKLM\SOFTWARE\Classes\prffile\shell\Open\command@ "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" /PromptImportPRF "%1"
Reg HKLM\SOFTWARE\Classes\rar_auto_file@
Reg HKLM\SOFTWARE\Classes\rar_auto_file\shell
Reg HKLM\SOFTWARE\Classes\rar_auto_file\shell\open
Reg HKLM\SOFTWARE\Classes\rar_auto_file\shell\open\command
Reg HKLM\SOFTWARE\Classes\rar_auto_file\shell\open\command@ "C:\Program Files\WinRAR\WinRAR.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr@ RotateBvr Class
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr\CurVer
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr\CurVer@ RotateBvr.RotateBvr.1
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1@ RotateBvr Class
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1\CLSID@ {027713F2-5FA8-11d2-875B-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr@ ScaleBvr Class
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr\CurVer@ ScaleBvr.ScaleBvr.1
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1@ ScaleBvr Class
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1\CLSID@ {E80353D3-677D-11d2-875E-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr@ SetBvr Class
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr\CurVer
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr\CurVer@ SetBvr.SetBvr.1
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1@ SetBvr Class
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1\CLSID@ {BA60F742-6F72-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile@ Disabled startup file
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\blindman.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile@ Spyware exclude file
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile@ Spyware include file
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile@ Spyware supplemental file
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile@ Internal informations
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile@ Usage tracks include file
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile@ Usage tracks supplemental file
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\DefaultIcon@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open\command
Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper@ SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID@ {1F3CB77D-D339-49e0-B8E4-FECD6D6F8CB8}
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer@ SwBroker.SwHelper.1
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1@ SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID@ {1F3CB77D-D339-49e0-B8E4-FECD6D6F8CB8}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CurVer
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CurVer@ SWCtl.SWCtl.11
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.11@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.11\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.11\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl@ SwInstallerCtl Class
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CLSID
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CLSID@ {4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CurVer
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CurVer@ Swdir.SwInstallerCtl.1
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1@ SwInstallerCtl Class
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1\CLSID@ {4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes@ SwHelperAttributes Class
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes\CLSID
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes\CLSID@ {0103A448-2934-4B3D-A54E-FED761D472E0}
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes\CurVer
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes\CurVer@ SwHelper.SwHelperAttributes.1
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes.1@ SwHelperAttributes Class
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes.1\CLSID
Reg HKLM\SOFTWARE\Classes\SwHelper.SwHelperAttributes.1\CLSID@ {0103A448-2934-4B3D-A54E-FED761D472E0}
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory@
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory\CLSID@ {33FDA1EA-80DF-11D2-B263-00A0C90D6111}
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory.1@
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory.1\CLSID@ {33FDA1EA-80DF-11D2-B263-00A0C90D6111}
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory@
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory\CLSID@ {476C391C-3E0D-11D2-B948-00C04FA32195}
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory.1@
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory.1\CLSID@ {476C391C-3E0D-11D2-B948-00C04FA32195}
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx@ UnagiAx Class
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CLSID
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CLSID@ {6E704581-CCAE-46D2-9C64-20D724B3624E}
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CurVer
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CurVer@ unagiAx.UnagiAx.2
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2@ UnagiAx Class
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2\CLSID
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2\CLSID@ {6E704581-CCAE-46D2-9C64-20D724B3624E}
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2\Insertable
Reg HKLM\SOFTWARE\Classes\WinRAR@ WinRAR archive
Reg HKLM\SOFTWARE\Classes\WinRAR\DefaultIcon
Reg HKLM\SOFTWARE\Classes\WinRAR\DefaultIcon@ C:\Program Files\WinRAR\WinRAR.exe,0
Reg HKLM\SOFTWARE\Classes\WinRAR\shell
Reg HKLM\SOFTWARE\Classes\WinRAR\shell\open
Reg HKLM\SOFTWARE\Classes\WinRAR\shell\open\command
Reg HKLM\SOFTWARE\Classes\WinRAR\shell\open\command@ "C:\Program Files\WinRAR\WinRAR.exe" "%1"
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}@
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\DropHandler
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\DropHandler@ {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}@
Reg HKLM\SOFTWARE\Classes\WinRAR.REV@ RAR recovery volume
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\DefaultIcon
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\DefaultIcon@ C:\Program Files\WinRAR\WinRAR.exe,1
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\shell
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\shell\open
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\shell\open\command
Reg HKLM\SOFTWARE\Classes\WinRAR.REV\shell\open\command@ "C:\Program Files\WinRAR\WinRAR.exe" "%1"
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP@ WinRAR ZIP archive
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon@ C:\Program Files\WinRAR\WinRAR.exe,0
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shell
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shell\open
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command@ "C:\Program Files\WinRAR\WinRAR.exe" "%1"
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}@
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler@ {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
Reg HKLM\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}@
Reg HKLM\SOFTWARE\Classes\XML@ XML Script Engine
Reg HKLM\SOFTWARE\Classes\XML\CLSID
Reg HKLM\SOFTWARE\Classes\XML\CLSID@ {989D1DC0-B162-11D1-B6EC-D27DDCF9A923}
Reg HKLM\SOFTWARE\Classes\XML\OLEScript
Reg HKLM\SOFTWARE\Classes\XML\OLEScript@
Reg HKLM\SOFTWARE\Classes\xmlfile@ XML Document
Reg HKLM\SOFTWARE\Classes\xmlfile@FriendlyTypeName @C:\WINDOWS\system32\msxml3r.dll,-1
Reg HKLM\SOFTWARE\Classes\xmlfile\BrowseInPlace
Reg HKLM\SOFTWARE\Classes\xmlfile\BrowseInPlace@
Reg HKLM\SOFTWARE\Classes\xmlfile\CLSID
Reg HKLM\SOFTWARE\Classes\xmlfile\CLSID@ {48123BC4-99D9-11D1-A6B3-00C04FD91555}
Reg HKLM\SOFTWARE\Classes\xmlfile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\xmlfile\DefaultIcon@ C:\WINDOWS\system32\msxml3.dll,0
Reg HKLM\SOFTWARE\Classes\xmlfile\shell
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\command
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec@ "file:%1",,-1,,,,,
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\application
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\application@ IExplore
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\topic
Reg HKLM\SOFTWARE\Classes\xmlfile\shell\Open\ddeexec\topic@ WWW_OpenURL
Reg HKLM\SOFTWARE\Classes\xslfile@ XSL Stylesheet
Reg HKLM\SOFTWARE\Classes\xslfile@FriendlyTypeName @C:\WINDOWS\system32\msxml3r.dll,-2
Reg HKLM\SOFTWARE\Classes\xslfile\BrowseInPlace
Reg HKLM\SOFTWARE\Classes\xslfile\BrowseInPlace@
Reg HKLM\SOFTWARE\Classes\xslfile\CLSID
Reg HKLM\SOFTWARE\Classes\xslfile\CLSID@ {48123BC4-99D9-11D1-A6B3-00C04FD91555}
Reg HKLM\SOFTWARE\Classes\xslfile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\xslfile\DefaultIcon@ C:\WINDOWS\system32\msxml3.dll,1
Reg HKLM\SOFTWARE\Classes\xslfile\shell
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\command
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec@ "file:%1",,-1,,,,,
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\application
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\application@ IExplore
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\topic
Reg HKLM\SOFTWARE\Classes\xslfile\shell\Open\ddeexec\topic@ WWW_OpenURL
---- EOF - GMER 1.0.14 ----
sexy_ladii05
New member
HEY I Download windows serivce pack what should i do now
Hey
Thanks for the log.
I'm back from Mom's place. :crowned:
If you can avoid it -- pleae wait for a bit before installig service pack.
I don't know how SP3 is gunna work with current problems.
You are still in normal mode so that is good progress & I know combofix did good.
Lets try it agian.
This round should show me what it did last time.
Disable Norton then double click ComboFix again.
OK prompt.
Let it do its thing.
It will likely reboot you again.
When it reboots you & finishes its cleanup it should pop up log.
Please post it.
In the event you have to reboot again to restore internet... log is located here:
C:\combofix.log.
Leme know how things are working.
Don't forget to turn Norton back on.
Thanks
Thanks for the log.
I'm back from Mom's place. :crowned:
If you can avoid it -- pleae wait for a bit before installig service pack.
I don't know how SP3 is gunna work with current problems.
You are still in normal mode so that is good progress & I know combofix did good.
Lets try it agian.
This round should show me what it did last time.
Disable Norton then double click ComboFix again.
OK prompt.
Let it do its thing.
It will likely reboot you again.
When it reboots you & finishes its cleanup it should pop up log.
Please post it.
In the event you have to reboot again to restore internet... log is located here:
C:\combofix.log.
Leme know how things are working.
Don't forget to turn Norton back on.
Thanks
sexy_ladii05
New member
why you kkeep saying norton i dont have norton and combofix aint working it just load then a blue box comes up saying date error
sexy_ladii05
New member
can we start over from the begin please
Hi,
As Keaton_1220 you mean? Or How about John22? Someone else?
OK.
Let's get one thing straight here.
We are all volunteers with real jobs, lives, and we all work in many forums.
And we do it for free.
Lotsa people pay alot of money to have their system cleaned up by a computer shop.
When we see people registering under several names comming from the same place this really ticks us off.
It is a waste of our and victim's time.
We and other forums get literally hundreds of people comming in daily for help with their infected computers.
We only have so many helpers and we are all spread thin.
If we can quit the games --- we can continue with your log.
If you wanna keep playing games I'll close the thread, have ya banned and you can try elsewhere.
Got it??
Shall we play nice & continue?
Double click your clock.
When the date/time box pops up please change the date to today.
Where I am it is August 23 2008 1:30AM
Exact time isn't critical -- just make sure the date is right for now.
I told you about Norton cus I see Norton all over the log.
Did you uninstall it & it only partly uninstall?
We'll hafta finish removing that so you can install an antivirus.
Once done resetting the clock please run Hijackthis again & post the new log.
Thanks!
As Keaton_1220 you mean? Or How about John22? Someone else?
OK.
Let's get one thing straight here.
We are all volunteers with real jobs, lives, and we all work in many forums.
And we do it for free.
Lotsa people pay alot of money to have their system cleaned up by a computer shop.
When we see people registering under several names comming from the same place this really ticks us off.
It is a waste of our and victim's time.
We and other forums get literally hundreds of people comming in daily for help with their infected computers.
We only have so many helpers and we are all spread thin.
If we can quit the games --- we can continue with your log.
If you wanna keep playing games I'll close the thread, have ya banned and you can try elsewhere.
Got it??
Shall we play nice & continue?
Double click your clock.
When the date/time box pops up please change the date to today.
Where I am it is August 23 2008 1:30AM
Exact time isn't critical -- just make sure the date is right for now.
I told you about Norton cus I see Norton all over the log.
Did you uninstall it & it only partly uninstall?
We'll hafta finish removing that so you can install an antivirus.
Once done resetting the clock please run Hijackthis again & post the new log.
Thanks!
sexy_ladii05
New member
?????
im sorry those aint my accounts there my dum brother he keep posting stuff all over he only 15 and dum im 26 sorry if i cause you some promblems if you dont wanna help me its ok i just remember when you frist started talking to me you told me not to give up i guess your gonan give up on me but here if you still wanna help me
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:35, on 2008-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\AIMWDInstall.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A596175D-BBC7-476A-A152-FBA652B64505} - C:\WINDOWS\system32\mlJDtrQI.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Third Mapi.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: mlJDtrQI - C:\WINDOWS\SYSTEM32\mlJDtrQI.dll
O21 - SSODL: mZUCnvnJwQdJ - {643D5B8D-CE97-F127-8EAA-33AA7BB4B098} - C:\WINDOWS\system32\zgj.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 5641 bytes
im sorry those aint my accounts there my dum brother he keep posting stuff all over he only 15 and dum im 26 sorry if i cause you some promblems if you dont wanna help me its ok i just remember when you frist started talking to me you told me not to give up i guess your gonan give up on me but here if you still wanna help me
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:35, on 2008-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\AIMWDInstall.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A596175D-BBC7-476A-A152-FBA652B64505} - C:\WINDOWS\system32\mlJDtrQI.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Third Mapi.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: mlJDtrQI - C:\WINDOWS\SYSTEM32\mlJDtrQI.dll
O21 - SSODL: mZUCnvnJwQdJ - {643D5B8D-CE97-F127-8EAA-33AA7BB4B098} - C:\WINDOWS\system32\zgj.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 5641 bytes
sexy_ladii05
New member
???
im sorry those aint my accounts there my dum brother he keep posting stuff all over he only 15 and dum im 26 sorry if i cause you some promblems if you dont wanna help me its ok i just remember when you frist started talking to me you told me not to give up i guess your gonan give up on me but here if you still wanna help me
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:35, on 2008-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\AIMWDInstall.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A596175D-BBC7-476A-A152-FBA652B64505} - C:\WINDOWS\system32\mlJDtrQI.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Third Mapi.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: mlJDtrQI - C:\WINDOWS\SYSTEM32\mlJDtrQI.dll
O21 - SSODL: mZUCnvnJwQdJ - {643D5B8D-CE97-F127-8EAA-33AA7BB4B098} - C:\WINDOWS\system32\zgj.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 5641 bytes
im sorry those aint my accounts there my dum brother he keep posting stuff all over he only 15 and dum im 26 sorry if i cause you some promblems if you dont wanna help me its ok i just remember when you frist started talking to me you told me not to give up i guess your gonan give up on me but here if you still wanna help me
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:35, on 2008-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\AIMWDInstall.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A596175D-BBC7-476A-A152-FBA652B64505} - C:\WINDOWS\system32\mlJDtrQI.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Third Mapi.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: mlJDtrQI - C:\WINDOWS\SYSTEM32\mlJDtrQI.dll
O21 - SSODL: mZUCnvnJwQdJ - {643D5B8D-CE97-F127-8EAA-33AA7BB4B098} - C:\WINDOWS\system32\zgj.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 5641 bytes
OK.
Just so you know -- we keep an eye on things like that cus it makes things difficult when someone posts under several accounts with the same logs and ends up involving several helpers when only one should be needed.
It is not fair to others that also need our help or helpers trying to help the same person several times.
nuff said.
-------------------
Now that your date is set correctly --- hit it with Combofix again.
Double click Combofix.exe & let it run.
It will likely reboot you.
When done post these logs:
C:\combofix.txt
New hijackthis log
If I dont reply for a while -- I didnt dissapear -- we are having bad storms where I live.
Thanks
Just so you know -- we keep an eye on things like that cus it makes things difficult when someone posts under several accounts with the same logs and ends up involving several helpers when only one should be needed.
It is not fair to others that also need our help or helpers trying to help the same person several times.
nuff said.
-------------------
Now that your date is set correctly --- hit it with Combofix again.
Double click Combofix.exe & let it run.
It will likely reboot you.
When done post these logs:
C:\combofix.txt
New hijackthis log
If I dont reply for a while -- I didnt dissapear -- we are having bad storms where I live.
Thanks
sexy_ladii05
New member
combofix didnt save a log i dont know why
_________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:30, on 2008-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM\AIMWDInstall.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Third Mapi.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [643d5b23] rundll32.exe "C:\WINDOWS\system32\ulgrxkaj.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O21 - SSODL: mZUCnvnJwQdJ - {643D5B8D-CE97-F127-8EAA-33AA7BB4B098} - C:\WINDOWS\system32\zgj.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 5393 bytes
_________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:30, on 2008-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM\AIMWDInstall.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Third Mapi.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [643d5b23] rundll32.exe "C:\WINDOWS\system32\ulgrxkaj.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O21 - SSODL: mZUCnvnJwQdJ - {643D5B8D-CE97-F127-8EAA-33AA7BB4B098} - C:\WINDOWS\system32\zgj.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 5393 bytes
Hi,
Can you get to this site yet?
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124
If you get there --- go ahead and download the file but don't do anything yet.
Just downloadf it and save it to desktop and tell me if you got it.
C:\Combofix.txt
C:\combofix\combofix.txt
C:\combofix\log.txt
C:\bug.txt
C:\qoobox\quarantined files.txt
Any of those files present?
If so --- post them please.
Next I wanna see another scan.
This one is a stand alone virus scanner/cleaner.
Download Dr.Webs CureIt to your desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Double-click the drweb-cureit.exe file and allow it to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, select the "full system scan"
Click the green arrow > to the right and the scan will begin.
At the first infection, select 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, click the "Select all" toggle button (if available) next to the files found
Then click the green cup icon right below and select Move incurable
This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples).
Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot.
Post back with the DrWeb.csv report please.
Thanks
Can you get to this site yet?
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124
If you get there --- go ahead and download the file but don't do anything yet.
Just downloadf it and save it to desktop and tell me if you got it.
C:\Combofix.txt
C:\combofix\combofix.txt
C:\combofix\log.txt
C:\bug.txt
C:\qoobox\quarantined files.txt
Any of those files present?
If so --- post them please.
Next I wanna see another scan.
This one is a stand alone virus scanner/cleaner.
Download Dr.Webs CureIt to your desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Double-click the drweb-cureit.exe file and allow it to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, select the "full system scan"
Click the green arrow > to the right and the scan will begin.
At the first infection, select 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, click the "Select all" toggle button (if available) next to the files found
Then click the green cup icon right below and select Move incurable
This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples).
Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot.
Post back with the DrWeb.csv report please.
Thanks
sexy_ladii05
New member
nothing works and now my wireless connect that had dns is back should i discontuine using that wireless service?
and just says connect to router and present this
Warning! A Trojan Virus has reconfigured your Network / Internet settings.
The Cox Communications Network Security Team has detected that a change was made to your Network / Internet Connection settings. The change was caused by a Trojan Virus.
Your Next Steps: You can easily restore the settings and Internet access on your own with the instructions below.
To reset the settings yourself:
OSX/MAC users click HERE
Identify the operating system on your computer:
Click the Start button in the taskbar.
Click Control Panel.
Double-click System.
Result: The name of your operation system is listed: it is either Windows 2000, Windows XP or Windows Vista.
Select and follow the instructions below for your operating system. Completing the instructions will reset your Network / Internet (TCP/IP) settings.
Note: If your pop-up blocker is active, you may need to temporarily allow popups to view the links below.
Operating System Instructions
Window 2000
Windows XP
Windows Vista How to: Set Up Windows 2000 for Cox High Speed Internet
How to: Set Up TCP/IP for Windows XP
How to: Set Up TCP/IP for Windows Vista
After completing the instructions, reboot your computer.
Launch your Internet browser to access a webpage.
If you are redirected to this webpage again, then the Trojan Virus is still active on your computer, even though the Internet TCP/IP settings were corrected. Follow the instructions in How to: Trojan / Virus Removal to clean your computer.
All steps complete.
Thank you for using Cox High Speed Internet.
Cox Online Privacy Policy and Related Terms and Agreements
and just says connect to router and present this
Warning! A Trojan Virus has reconfigured your Network / Internet settings.
The Cox Communications Network Security Team has detected that a change was made to your Network / Internet Connection settings. The change was caused by a Trojan Virus.
Your Next Steps: You can easily restore the settings and Internet access on your own with the instructions below.
To reset the settings yourself:
OSX/MAC users click HERE
Identify the operating system on your computer:
Click the Start button in the taskbar.
Click Control Panel.
Double-click System.
Result: The name of your operation system is listed: it is either Windows 2000, Windows XP or Windows Vista.
Select and follow the instructions below for your operating system. Completing the instructions will reset your Network / Internet (TCP/IP) settings.
Note: If your pop-up blocker is active, you may need to temporarily allow popups to view the links below.
Operating System Instructions
Window 2000
Windows XP
Windows Vista How to: Set Up Windows 2000 for Cox High Speed Internet
How to: Set Up TCP/IP for Windows XP
How to: Set Up TCP/IP for Windows Vista
After completing the instructions, reboot your computer.
Launch your Internet browser to access a webpage.
If you are redirected to this webpage again, then the Trojan Virus is still active on your computer, even though the Internet TCP/IP settings were corrected. Follow the instructions in How to: Trojan / Virus Removal to clean your computer.
All steps complete.
Thank you for using Cox High Speed Internet.
Cox Online Privacy Policy and Related Terms and Agreements
Hi,
What do you mean by "nothing works"?
Did you get that cureit.exe downloaded?
Follow instructions from COX to reset your TCP/IP settings and see if it sticks.
Then......
Before running the scan let's clean out the temporoary folders.
Download ATF Cleaner
Now download OTScanIT.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIT on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
Thanks
What do you mean by "nothing works"?
Did you get that cureit.exe downloaded?
Follow instructions from COX to reset your TCP/IP settings and see if it sticks.
Then......
Before running the scan let's clean out the temporoary folders.
Download ATF Cleaner
- Double-click ATF-Cleaner.exe to run the program. (If running Vista, right click it and choose "run as administrator)
- Click Select All found at the bottom of the list.
- Click the Empty Selected button.
- Click Firefox at the top and choose Select All from the list.
- Click the Empty Selected button.
- NOTE : If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose Select All from the list.
- Click the Empty Selected button.
- NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Now download OTScanIT.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIT on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
- Close ALL OTHER PROGRAMS.
- Open the OTScanIT folder and double-click on OTScanIT.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
- In the Drivers section click on Non-Microsoft.
- In the rootkit section click on yes
- Under Additional Scans click the checkboxes in front of the following items to select them:
- Reg - BotCheck
File - Additional Folder Scans
- Reg - BotCheck
- Do not change any other settings.
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
Thanks
sexy_ladii05
New member
combofix log
none of those websites work that you giving me
ComboFix 08-08-21.02 -keaton77 2008-08-23 10:59:05.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.66 [GMT -8:00]
Running from: C:\Documents and Settings\keaton77\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\keaton77\Application Data\macromedia\Flash Player\#SharedObjects\FL6QBNRZ\interclick.com
C:\Documents and Settings\keaton77\Application Data\macromedia\Flash Player\#SharedObjects\FL6QBNRZ\interclick.com\ud.sol
C:\Documents and Settings\keaton77\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\keaton77\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\dynmkuoj.dll
C:\WINDOWS\system32\gtemxe.dll
C:\WINDOWS\system32\jakxrglu.ini
C:\WINDOWS\system32\ulgrxkaj.dll
C:\WINDOWS\system32\VxbaJkkj.ini
C:\WINDOWS\system32\VxbaJkkj.ini2
.
---- Previous Run -------
.
C:\WINDOWS\system32\fmjdoveu.dll
C:\WINDOWS\system32\lvwbnb.dll
C:\WINDOWS\system32\qhoseeiw.dll
C:\WINDOWS\system32\uevodjmf.ini
C:\WINDOWS\system32\VxbaJkkj.ini
C:\WINDOWS\system32\VxbaJkkj.ini2
.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.
2008-08-23 08:38 . 2008-08-23 08:45 220,176 --a------ C:\WINDOWS\system32\xxyywuRH.dll
2008-08-23 01:35 . 2008-08-23 01:35 323,328 --a------ C:\WINDOWS\system32\jkkJabxV.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 05:34 --------- d-----w C:\Documents and Settings\keaton77\Application Data\acccore
2008-07-15 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 06:31 --------- d-----w C:\Program Files\Trend Micro
2008-07-14 05:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-14 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-14 01:47 --------- d-----w C:\Program Files\Opera
2008-07-13 18:35 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-12 01:04 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-12 01:04 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-12 01:04 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\3C.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\3A.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\38.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\37.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\36.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\35.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\34.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\2F.tmp
2008-07-01 08:46 94,208 ----a-w C:\WINDOWS\system32\33.tmp
2008-07-01 08:46 94,208 ----a-w C:\WINDOWS\system32\32.tmp
2008-07-01 08:46 94,208 ----a-w C:\WINDOWS\system32\31.tmp
2008-07-01 08:46 94,208 ----a-w C:\WINDOWS\system32\30.tmp
2008-07-01 08:46 94,208 ----a-w C:\WINDOWS\system32\2E.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\2D.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\2C.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\2B.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\2A.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\29.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\28.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\27.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\26.tmp
2008-07-01 08:44 94,208 ----a-w C:\WINDOWS\system32\25.tmp
2008-07-01 08:44 94,208 ----a-w C:\WINDOWS\system32\23.tmp
2008-07-01 08:44 94,208 ----a-w C:\WINDOWS\system32\22.tmp
2008-07-01 08:44 94,208 ----a-w C:\WINDOWS\system32\21.tmp
2008-07-01 08:44 94,208 ----a-w C:\WINDOWS\system32\20.tmp
2008-07-01 08:15 94,208 ----a-w C:\WINDOWS\system32\7CA.tmp
2008-06-28 03:55 34,688 ------w C:\WINDOWS\system32\mlJDtrQI.dll
2008-06-28 02:26 --------- d-----w C:\Program Files\AIM6
2008-06-27 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 16:24 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-06 16:24 307,200 ------w C:\WINDOWS\Setup1.exe
2007-04-23 22:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 22:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 19:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 19:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 19:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 19:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 19:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 19:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 19:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.
------- Sigcheck -------
md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2007-06-12 23:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\VCP_TEMP\explorer.exe
2007-06-12 23:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\VCP_SAVE\explorer.exe
2007-06-13 00:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-12 23:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2007-06-13 00:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
2002-12-31 12:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\system32\spoolsv.exe: error at offset 0: Permission denied
2005-06-10 17:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2002-12-31 13:00 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A596175D-BBC7-476A-A152-FBA652B64505}]
2008-06-27 19:55 34688 --------- C:\WINDOWS\system32\mlJDtrQI.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9F706D6-B43A-4B64-AAD5-B37B1A749AFE}]
2008-08-23 01:35 323328 --a------ C:\WINDOWS\system32\jkkJabxV.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 09:51 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"One view global this"="C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Third Mapi.exe" [2008-08-23 11:54 21544448]
"AIMWDInstallFilename"="C:\Program Files\AIM\AIMWDInstall.exe" [2004-01-12 09:29 102400]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59 124520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"643d5b23"="C:\WINDOWS\system32\ulgrxkaj.dll" [BU]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 15:14:42 1527808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A596175D-BBC7-476A-A152-FBA652B64505}"= "C:\WINDOWS\system32\mlJDtrQI.dll" [2008-06-27 19:55 34688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mZUCnvnJwQdJ"= {643D5B8D-CE97-F127-8EAA-33AA7BB4B098} - C:\WINDOWS\system32\zgj.dll [2007-04-16 04:52 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJDtrQI]
2008-06-27 19:55 34688 C:\WINDOWS\system32\mlJDtrQI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=lvwbnb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv
"msacm.fraunhoferacm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Spybot - Search & Destroy\\SDShred.exe"=
"C:\\Program Files\\NETGEAR\\WG111v3\\WG111v3.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-11 17:04]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-11 17:04]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2004-12-24 11:15]
R3 es1969;ESS 1969 Audio Driver (WDM);C:\WINDOWS\system32\drivers\es1969.sys [2004-12-24 11:15]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2004-12-24 11:15]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 14:11]
R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2004-12-24 11:16]
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 USRTI;U.S. Robotics Faxmodem Driver TI;C:\WINDOWS\system32\DRIVERS\USRTI.SYS [2004-12-24 11:16]
.
Contents of the 'Scheduled Tasks' folder
2008-07-03 C:\WINDOWS\Tasks\rpc.job
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
2008-08-23 C:\WINDOWS\Tasks\B8EEA5EA89AD5906.job
- c:\docume~1\keaton12\applic~1\defyop~1\that mode mags.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\keaton77\Application Data\Mozilla\Firefox\Profiles\c9zjcure.default\
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava11.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava12.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava13.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava14.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjpi160_03.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npoji610.dll
.
.
------- File Associations (Beta) -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 11:09:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\mlJDtrQI.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\jkkJabxV.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-23 11:22:29 - machine was rebooted [keaton77]
ComboFix-quarantined-files.txt 2008-08-23 19:21:50
ComboFix2.txt 2008-08-23 03:01:08
Pre-Run: 7,908,294,656 bytes free
Post-Run: 7,863,582,720 bytes free
228 --- E O F --- 2008-06-27 21:26:32
none of those websites work that you giving me
ComboFix 08-08-21.02 -keaton77 2008-08-23 10:59:05.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.66 [GMT -8:00]
Running from: C:\Documents and Settings\keaton77\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\keaton77\Application Data\macromedia\Flash Player\#SharedObjects\FL6QBNRZ\interclick.com
C:\Documents and Settings\keaton77\Application Data\macromedia\Flash Player\#SharedObjects\FL6QBNRZ\interclick.com\ud.sol
C:\Documents and Settings\keaton77\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\keaton77\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\dynmkuoj.dll
C:\WINDOWS\system32\gtemxe.dll
C:\WINDOWS\system32\jakxrglu.ini
C:\WINDOWS\system32\ulgrxkaj.dll
C:\WINDOWS\system32\VxbaJkkj.ini
C:\WINDOWS\system32\VxbaJkkj.ini2
.
---- Previous Run -------
.
C:\WINDOWS\system32\fmjdoveu.dll
C:\WINDOWS\system32\lvwbnb.dll
C:\WINDOWS\system32\qhoseeiw.dll
C:\WINDOWS\system32\uevodjmf.ini
C:\WINDOWS\system32\VxbaJkkj.ini
C:\WINDOWS\system32\VxbaJkkj.ini2
.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.
2008-08-23 08:38 . 2008-08-23 08:45 220,176 --a------ C:\WINDOWS\system32\xxyywuRH.dll
2008-08-23 01:35 . 2008-08-23 01:35 323,328 --a------ C:\WINDOWS\system32\jkkJabxV.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 05:34 --------- d-----w C:\Documents and Settings\keaton77\Application Data\acccore
2008-07-15 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 06:31 --------- d-----w C:\Program Files\Trend Micro
2008-07-14 05:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-14 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-14 01:47 --------- d-----w C:\Program Files\Opera
2008-07-13 18:35 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-12 01:04 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-12 01:04 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-12 01:04 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\3C.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\3A.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\38.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\37.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\36.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\35.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\34.tmp
2008-07-01 18:35 94,208 ----a-w C:\WINDOWS\system32\2F.tmp
2008-07-01 08:46 94,208 ----a-w C:\WINDOWS\system32\33.tmp
2008-07-01 08:46 94,208 ----a-w C:\WINDOWS\system32\32.tmp
2008-07-01 08:46 94,208 ----a-w C:\WINDOWS\system32\31.tmp
2008-07-01 08:46 94,208 ----a-w C:\WINDOWS\system32\30.tmp
2008-07-01 08:46 94,208 ----a-w C:\WINDOWS\system32\2E.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\2D.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\2C.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\2B.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\2A.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\29.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\28.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\27.tmp
2008-07-01 08:45 94,208 ----a-w C:\WINDOWS\system32\26.tmp
2008-07-01 08:44 94,208 ----a-w C:\WINDOWS\system32\25.tmp
2008-07-01 08:44 94,208 ----a-w C:\WINDOWS\system32\23.tmp
2008-07-01 08:44 94,208 ----a-w C:\WINDOWS\system32\22.tmp
2008-07-01 08:44 94,208 ----a-w C:\WINDOWS\system32\21.tmp
2008-07-01 08:44 94,208 ----a-w C:\WINDOWS\system32\20.tmp
2008-07-01 08:15 94,208 ----a-w C:\WINDOWS\system32\7CA.tmp
2008-06-28 03:55 34,688 ------w C:\WINDOWS\system32\mlJDtrQI.dll
2008-06-28 02:26 --------- d-----w C:\Program Files\AIM6
2008-06-27 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 16:24 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-06 16:24 307,200 ------w C:\WINDOWS\Setup1.exe
2007-04-23 22:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 22:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 19:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 19:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 19:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 19:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 19:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 19:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 19:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.
------- Sigcheck -------
md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2007-06-12 23:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\VCP_TEMP\explorer.exe
2007-06-12 23:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\VCP_SAVE\explorer.exe
2007-06-13 00:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-12 23:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2007-06-13 00:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
2002-12-31 12:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\system32\spoolsv.exe: error at offset 0: Permission denied
2005-06-10 17:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2002-12-31 13:00 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A596175D-BBC7-476A-A152-FBA652B64505}]
2008-06-27 19:55 34688 --------- C:\WINDOWS\system32\mlJDtrQI.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9F706D6-B43A-4B64-AAD5-B37B1A749AFE}]
2008-08-23 01:35 323328 --a------ C:\WINDOWS\system32\jkkJabxV.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 09:51 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"One view global this"="C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Third Mapi.exe" [2008-08-23 11:54 21544448]
"AIMWDInstallFilename"="C:\Program Files\AIM\AIMWDInstall.exe" [2004-01-12 09:29 102400]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59 124520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"643d5b23"="C:\WINDOWS\system32\ulgrxkaj.dll" [BU]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 15:14:42 1527808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A596175D-BBC7-476A-A152-FBA652B64505}"= "C:\WINDOWS\system32\mlJDtrQI.dll" [2008-06-27 19:55 34688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mZUCnvnJwQdJ"= {643D5B8D-CE97-F127-8EAA-33AA7BB4B098} - C:\WINDOWS\system32\zgj.dll [2007-04-16 04:52 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJDtrQI]
2008-06-27 19:55 34688 C:\WINDOWS\system32\mlJDtrQI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=lvwbnb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv
"msacm.fraunhoferacm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Spybot - Search & Destroy\\SDShred.exe"=
"C:\\Program Files\\NETGEAR\\WG111v3\\WG111v3.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-11 17:04]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-11 17:04]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2004-12-24 11:15]
R3 es1969;ESS 1969 Audio Driver (WDM);C:\WINDOWS\system32\drivers\es1969.sys [2004-12-24 11:15]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2004-12-24 11:15]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 14:11]
R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2004-12-24 11:16]
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 USRTI;U.S. Robotics Faxmodem Driver TI;C:\WINDOWS\system32\DRIVERS\USRTI.SYS [2004-12-24 11:16]
.
Contents of the 'Scheduled Tasks' folder
2008-07-03 C:\WINDOWS\Tasks\rpc.job
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
2008-08-23 C:\WINDOWS\Tasks\B8EEA5EA89AD5906.job
- c:\docume~1\keaton12\applic~1\defyop~1\that mode mags.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\keaton77\Application Data\Mozilla\Firefox\Profiles\c9zjcure.default\
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava11.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava12.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava13.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava14.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjpi160_03.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npoji610.dll
.
.
------- File Associations (Beta) -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 11:09:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\mlJDtrQI.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\jkkJabxV.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-23 11:22:29 - machine was rebooted [keaton77]
ComboFix-quarantined-files.txt 2008-08-23 19:21:50
ComboFix2.txt 2008-08-23 03:01:08
Pre-Run: 7,908,294,656 bytes free
Post-Run: 7,863,582,720 bytes free
228 --- E O F --- 2008-06-27 21:26:32
- Status