------------------------------------------------------------------------------------
Displaying LOG for Microsoft Windows Malicious Software Removal Tool:
*** Microsoft Windows MRT Log NOT Found! ****
----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\advanced
Hidden REG_DWORD 1 (0x1)
SuperHidden REG_DWORD 1 (0x1)
ShowSuperHidden REG_DWORD 1 (0x1)
HideFileExt REG_DWORD 0 (0x0)
************************************************** **********************************
Examining Select Windows Registry Keys
------------------------------------------------------------------------------------
--------------------------------------------------------------------------
Items Found in ZoneMap\Domains:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\internet settings\zonemap\domains
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\internet settings\zonemap\domains\msn.com
----------------------------------------------------------------------------
Current User ZoneMap ProtocolDefaults
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\internet settings\zonemap\protocoldefaults
<NO NAME> REG_SZ
http REG_DWORD 3 (0x3)
https REG_DWORD 3 (0x3)
ftp REG_DWORD 3 (0x3)
file REG_DWORD 3 (0x3)
@ivt REG_DWORD 1 (0x1)
shell REG_DWORD 0 (0x0)
----------------------------------------------------------------------------
Default URL Prefix Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url\DefaultPrefix
<NO NAME> REG_SZ http://
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url\Prefixes
ftp REG_SZ ftp://
gopher REG_SZ gopher://
home REG_SZ http://
mosaic REG_SZ http://
www REG_SZ http://
--------------------------------------------------------------------------
Startup Items Disabled via MSCONFIG:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Select AutoRun Registry Keys:
--------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run
ctfmon.exe REG_SZ H:\WINDOWS\system32\ctfmon.exe
AnyDVD REG_SZ H:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run
High Definition Audio Property Page Shortcut REG_SZ HDAShCut.exe
SoundMan REG_SZ SOUNDMAN.EXE
AlcWzrd REG_SZ ALCWZRD.EXE
ccApp REG_SZ "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray REG_SZ H:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
NeroFilterCheck REG_SZ H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
NvCplDaemon REG_SZ RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
QuickTime Task REG_SZ "H:\Program Files\QuickTime\qttask.exe" -atboottime
OfficeKB REG_SZ H:\PROGRA~1\OfficeKB\OfficeKB.EXE
Easy-PrintToolBox REG_SZ H:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
SunJavaUpdateSched REG_SZ "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
THGuard REG_SZ "H:\Program Files\TrojanHunter 5.0\THGuard.exe"
000000af REG_SZ rundll32.exe "H:\WINDOWS\system32\bbatbpwm.dll",b
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run
HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run
--------------------------------------------------------------------------
WinLogon Notify Registry Key:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ crypt32.dll
Logoff REG_SZ ChainWlxLogoffEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ cryptnet.dll
Logoff REG_SZ CryptnetWlxLogoffEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
DLLName REG_SZ cscdll.dll
Logon REG_SZ WinlogonLogonEvent
Logoff REG_SZ WinlogonLogoffEvent
ScreenSaver REG_SZ WinlogonScreenSaverEvent
Startup REG_SZ WinlogonStartupEvent
Shutdown REG_SZ WinlogonShutdownEvent
StartShell REG_SZ WinlogonStartShellEvent
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui
<NO NAME> REG_SZ
DLLName REG_SZ igfxdev.dll
Asynchronous REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Unlock REG_SZ WinlogonUnlockEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon
Logoff REG_SZ NavLogoffEvent
DllName REG_SZ H:\WINDOWS\system32\NavLogon.dll
StartShell REG_SZ NavStartShellEvent
LoginDomain REG_SZ DT-32F7CC931ADE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
DLLName REG_SZ wlnotify.dll
Logon REG_SZ SCardStartCertProp
Logoff REG_SZ SCardStopCertProp
Lock REG_SZ SCardSuspendCertProp
Unlock REG_SZ SCardResumeCertProp
Enabled REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
StartShell REG_SZ SchedStartShell
Logoff REG_SZ SchedEventLogOff
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
Logoff REG_SZ WLEventLogoff
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
DllName REG_EXPAND_SZ sclgntfy.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
DLLName REG_SZ WlNotify.dll
Lock REG_SZ SensLockEvent
Logon REG_SZ SensLogonEvent
Logoff REG_SZ SensLogoffEvent
Safe REG_DWORD 1 (0x1)
MaxWait REG_DWORD 600 (0x258)
StartScreenSaver REG_SZ SensStartScreenSaverEvent
StopScreenSaver REG_SZ SensStopScreenSaverEvent
Startup REG_SZ SensStartupEvent
Shutdown REG_SZ SensShutdownEvent
StartShell REG_SZ SensStartShellEvent
PostShell REG_SZ SensPostShellEvent
Disconnect REG_SZ SensDisconnectEvent
Reconnect REG_SZ SensReconnectEvent
Unlock REG_SZ SensUnlockEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
Logoff REG_SZ TSEventLogoff
Logon REG_SZ TSEventLogon
PostShell REG_SZ TSEventPostShell
Shutdown REG_SZ TSEventShutdown
StartShell REG_SZ TSEventStartShell
Startup REG_SZ TSEventStartup
MaxWait REG_DWORD 600 (0x258)
Reconnect REG_SZ TSEventReconnect
Disconnect REG_SZ TSEventDisconnect
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
Asynchronous REG_DWORD 0 (0x0)
Disconnect REG_SZ WLEventDisconnect
DllName REG_EXPAND_SZ WgaLogon.dll
Event REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Lock REG_SZ WLEventLock
Logoff REG_SZ WLEventLogoff
Logon REG_SZ WLEventLogon
MaxWait REG_DWORD -1 (0xffffffff)
PostShell REG_SZ WLEventPostShell
Reconnect REG_SZ WLEventReconnect
SafeMode REG_DWORD 1 (0x1)
Shutdown REG_SZ WLEventShutdown
StartScreenSaver REG_SZ WLEventStartScreenSaver
StartShell REG_SZ WLEventStartShell
Startup REG_SZ WLEventStartup
StopScreenSaver REG_SZ WLEventStopScreenSaver
Unlock REG_SZ WLEventUnlock
InstallNotifyShown REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Setting s
Data REG_BINARY 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030 8f29276ba1ec4885e936a0775e922504000000040000005300 000003660000a800000010000000160f3d03a57f72f8d0b54a 57dc824ca00000000004800000a00000001000000017f5af32 5926cdaa65b61d35b48c942c18020000fd2df09ade7c3e3832 3a403c09329a2a4609061d1fc618b43b5306b00d1c9a6359fd ffded999c9f6a42cd1e5b20a0e00425e2272a0c1135edc1d1e d0bf0138d72a5ba7143916a73b73c88da73117f996cdd08c83 f59ea9ea803757550c68398f0aa22700eb4c4e9d96ea525052 5ebe4a5255536c1c29f339ebdb7b00c1b613d15f855cd3f122 8575a3a873b8924226fbf54935e1c1a1a419b5e9934fa517b3 ea8ac6196aaaa02482c35006a5639cb2e9b771f3621b2fc90e a42b328feca5e0e1bfd857038a110bb6f95d698555b9be8c04 47d2573ae09bcaf161b0d66ef4da938529cadd5cb98802bfe5 97b241b895b332e4a6cfcb892a465238ced4e873e5106ca59b 0fe31977b407a9ac7d439110db2eb680e734f0f31e151f7206 cf1b03a74cb8e0a982758e1ef6d1ee77eda4968487fa457d92 2b1925318cca0fe98cd2ee51bea6518a56ab7af7c580ead2dd 5c8dcf4218fbf39bf6802d990fd0bda86235c073392daddd1f 7a8b357c0f992d278cbcf33fc80b69a523a3203418ccf06464 3ebc965fb41ffd213239ddb895ee9b412b649ed3a2d3f09d0f 19bc7046420f9119a02d5a6288332568fbe4dff4228f9587be 4cb1079d474cc52cc97ec6fd321abf207721f333f5729fd954 806dcefe0631192b16d91bc1aaa33ce843f5f8f51ef6d1dbb0 c83393409ceefd79ff78b8b559804b322e482a91a5f23046e5 17c93680a4274d8887e78b66b97a86b27688ae48f297a0b0bd 35c41400000079820b823f5604aec7f578cb84f5021915c893 7b
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
DLLName REG_SZ wlnotify.dll
Logon REG_SZ RegisterTicketExpiredNotificationEvent
Logoff REG_SZ UnregisterTicketExpiredNotificationEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
--------------------------------------------------------------------------
Shared Task Scheduler Registry Items:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
--------------------------------------------------------------------------
Scheduled Tasks:
--------------------------------------------------------------------------
Volume in drive H has no label.
Volume Serial Number is 9CA1-B56F
Directory of H:\WINDOWS\tasks
01/05/2007 10:02 PM <DIR> .
01/05/2007 10:02 PM <DIR> ..
27/11/2007 10:35 AM 256 Check Updates for Windows Live Toolbar.job
23/08/2001 10:30 PM 65 desktop.ini
27/11/2007 06:16 PM 6 SA.DAT
23/07/2006 08:38 AM 366 Symantec NetDetect.job
4 File(s) 693 bytes
Total Files Listed:
4 File(s) 693 bytes
2 Dir(s) 139,141,967,872 bytes free
A H:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
HR H:\WINDOWS\tasks\desktop.ini
A H H:\WINDOWS\tasks\SA.DAT
A H:\WINDOWS\tasks\Symantec NetDetect.job
----------------------------------------------------------------------------
ShellExecuteHooks Registry Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} REG_SZ AVG Anti-Spyware 7.5
{60E2746A-9C2E-45A2-85CE-7E1A8A890961} REG_SZ
----------------------------------------------------------------------------
ShellServiceObjectDelayLoad Registry Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
----------------------------------------------------------------------------
ModuleUsage Registry Keys:
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage
----------------------------------------------------------------------------
BHO Registry Keys:
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}
<NO NAME> REG_SZ Canon Easy Web Print Helper
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{7449713A-4B98-4047-A24D-9DB184991C05}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
NoExplorer REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer
<NO NAME> REG_DWORD 1 (0x1)
--------------------------------------------------------------------------
Select Policy Keys:
--------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)
HKEY_CURRENT_USER\software\policies\microsoft\inte rnet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_CURRENT_USER\software\policies\microsoft\inte rnet explorer\Control Panel
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\Explorer
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system
HKEY_USERS\.default\software\policies\microsoft\in ternet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\system
HKEY_USERS\s-1-5-18\software\policies\microsoft\internet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_USERS\s-1-5-19\software\policies\microsoft\internet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_USERS\s-1-5-19\software\policies\microsoft\internet explorer
Windows Update Menu Text REG_SZ Microsoft Update
Reply With Quote