******************************************************************************
*              GetRunKey.bat - (c) 01/28/2006 By Chaslang                    *
*              This version supports Win2K, XP and Vista                     *
*   03/23/2011 Version 2.60 - Add 173.193.x.x 173.192.x.x to WareOut         *
******************************************************************************
* Most of the information reported below is not necessarily bad.  You must   *
* not take any steps on any of these lines without consulting an expert.     *
******************************************************************************
                
Windows OS is   

Microsoft Windows [versie 6.0.6001]
It's Wed April 6, 2011  06:00:34 PM
               
******************************************************************************
OS assumed command prompt execution folder is:                                
C:\MGtools
                                                                              
******************************************************************************
GetRunKey installation folder and files 
******************************************************************************

"C:\MGtools\"
analyse.exe   23 Apr 2010      388608  "analyse.exe"
bamfix.bat     7 Oct 2010        6806  "BamFix.bat"
bamrcfix.txt   5 Dec 2010         372  "bamRCfix.txt"
chodefix.bat   7 Jun 2007        6146  "chodefix.bat"
config.reg    13 Dec 2009        1954  "config.reg"
disabl~1.reg   2 Aug 2007         120  "DisableUAC.reg"
download.exe   7 Aug 2008       61440  "download.exe"
enable~1.reg   2 Aug 2007         120  "EnableUAC.reg"
filelog.txt    6 Apr 2011        4017  "filelog.txt"
findovl.bat   18 Apr 2009         320  "FindOVL.bat"
findrn.bat    14 Aug 2010        2027  "FindRN.bat"
fixacls.bat   28 Nov 2010        6196  "FixACLS.bat"
fixbagle.bat  10 Jul 2008        1897  "FixBagle.bat"
fixbagle.reg  27 Jan 2009        3765  "fixBagle.reg"
fixbamrc.bat   5 Dec 2010        1623  "FixbamRC.bat"
fixcf.bat     14 Jan 2009        1034  "FixCF.bat"
fixcf.reg      3 Jan 2009         581  "fixCF.reg"
fixchode.reg   7 Jun 2007         738  "fixChode.reg"
fixfa.bat     29 Dec 2008         438  "FixFA.bat"
fixfa.reg     18 Jun 2010       22032  "fixFA.reg"
fixperm.bat   24 Dec 2009        6988  "FixPerm.bat"
fixsbm.bat    14 Aug 2010         439  "FixSBM.bat"
fixsbm.reg     4 Dec 2006       12924  "fixSBM.reg"
getdet~1.exe  30 Oct 2006      245760  "GetDetails.exe"
getlogs.bat   21 Jul 2010       11640  "GetLogs.Bat"
getmbr.bat    24 Dec 2010        3054  "GetMBR.bat"
getrun~1.bat  23 Mar 2011      113050  "GetRunKey.bat"
getunkey.txt   6 Apr 2011      202754  "GetUnKey.txt"
getunk~1.bat  23 Jan 2009        2949  "GetUnKeys.bat"
grep.exe      14 Apr 2003       80412  "grep.exe"
grk64.bat     23 Mar 2011      114407  "GRK64.bat"
hide.reg      23 Jun 2009         393  "hide.reg"
history.txt   23 Mar 2011       42805  "history.txt"
htafind.bat    6 Mar 2009        6606  "HTAfind.bat"
iefix.reg      3 Apr 2004        1756  "IEFIX.reg"
locate.com    14 Jan 2005       11254  "locate.com"
ltime.exe     28 Oct 1986       13184  "ltime.exe"
mbrfix.bat     5 Mar 2010         220  "mbrfix.bat"
mgclean.bat    5 Dec 2010        5743  "MGclean.bat"
miscinfo.bat  14 Jul 2010        7999  "MiscInfo.bat"
nwktst.bat     9 Mar 2011       12400  "NwkTst.bat"
process.exe    6 Jun 2003       53248  "Process.exe"
proces~1.exe   1 Aug 2006        6656  "ProcessDll.exe"
regfix.bat    18 Apr 2007         145  "Regfix.bat"
remmws.bat    31 Jul 2009         497  "RemMWS.bat"
runmb.bat     16 Jun 2009         195  "RunMB.bat"
scantime.txt   6 Apr 2011          51  "scantime.txt"
sed.exe       31 Aug 2000       98816  "sed.exe"
shownew.bat   13 Jan 2011       97344  "ShowNew.bat"
sn64.bat      20 Mar 2011      106682  "SN64.bat"
swreg.exe     17 Dec 2007      156160  "swreg.exe"
swwhoami.exe  17 Dec 2007       66048  "swwhoami.exe"
sysbu.bat     11 Sep 2009        5841  "SysBU.bat"
TEMP          11 Sep 2009              "temp"
unhide.reg     3 Aug 2007         213  "unhide.reg"
unkeys.bat    31 May 2010        1755  "UnKeys.bat"
userinfo.bat   4 May 2010        3004  "UserInfo.bat"
vfind.exe     28 Dec 2007       49152  "vfind.exe"
vunfind.bat   28 Dec 2007         861  "VunFind.bat"
zip.exe       14 Jan 2005      126976  "zip.exe"

"C:\MGtools\temp\"
grkflag.log    6 Apr 2011          40  "GRKflag.log"
header0.txt    6 Apr 2011        1223  "header0.txt"
junk.txt       6 Apr 2011          37  "junk.txt"
VSP1          11 Sep 2009              "VSP1"
VSP2          11 Sep 2009              "VSP2"
XPSP2         11 Sep 2009              "XPSP2"
XPSP3         11 Sep 2009              "XPSP3"

"C:\MGtools\temp\VSP1\"
beep~1.sys    19 Jan 2008        6144  "beep.sysmg"
cngaud~1.dll   2 Nov 2006       11776  "cngaudit.dllmg"
netlog~1.dll  19 Jan 2008      592384  "netlogon.dllmg"
scecli~1.dll  19 Jan 2008      177152  "scecli.dllmg"

"C:\MGtools\temp\XPSP2\"
beep~1.sys    29 Aug 2002        4224  "beep.sysmg"
eventl~1.dll   4 Aug 2004       55808  "eventlog.dllmg"
netlog~1.dll   4 Aug 2004      407040  "netlogon.dllmg"
scecli~1.dll   4 Aug 2004      180224  "scecli.dllmg"

"C:\MGtools\temp\XPSP3\"
beep~1.sys     4 Aug 2004        4224  "beep.sysmg"
eventl~1.dll  14 Apr 2008       56320  "eventlog.dllmg"
netlog~1.dll  14 Apr 2008      407040  "netlogon.dllmg"
scecli~1.dll  14 Apr 2008      181248  "scecli.dllmg"

79 items found:  74 files, 5 directories.
   Total of file sizes:  4.265.499 bytes      4,07 M
 
----------------------------------------------------------------------------
             Listing Standard Startup (Run) Registry Keys  
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"Pando Media Booster"="C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"
"Switcher"="\"C:\\Program Files\\Switcher\\Switcher.exe\" /quiet"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
  00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
  73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\
  00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\
  69,00,64,00,65,00,00,00
"NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"
"NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"RtHDVCpl"="RtHDVCpl.exe"
"Acer Empowering Technology Monitor"="C:\\Acer\\Empowering Technology\\SysMonitor.exe"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSloader.exe"
"PCMMediaSharing"="C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe"
"StartCCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
"WarReg_PopUp"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe"
"eRecoveryService"=""
"NVRaidService"="C:\\Windows\\system32\\nvraidservice.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]
"UserDebuggerHotKey"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\AutoExclusionList]
"DWM.exe"=dword:00000001



HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
   load	REG_SZ         	


HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
   run	REG_SZ         	

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]



HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
   Netsvcs	REG_MULTI_SZ   	AeLookupSvc
wercplsupport
Themes
CertPropSvc
zcjpdpwr
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc




HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
   AppInit_DLLs	REG_SZ         	


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
   Shell	REG_SZ         	explorer.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
   Userinit	REG_SZ         	C:\Windows\system32\userinit.exe,


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
   System	REG_SZ         	


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\shell folders
   Startup	REG_SZ         	C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\user shell folders
   Startup	REG_EXPAND_SZ  	%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\user shell folders
   Common Startup	REG_EXPAND_SZ  	%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell folders
   Common Startup	REG_SZ         	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup



HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager
   PendingFileRenameOperations	REG_MULTI_SZ   	\??\C:\msimg32.dll\0\0\0
----------------------------------------------------------------------------
                Listing AppCert Registry Keys                               
----------------------------------------------------------------------------
        AppCert registry keys not found 
 
----------------------------------------------------------------------------
                Listing MSCONFIG Registry Keys               
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeUpdater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdater"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe\""
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000004
"DAY"=dword:00000005
"HOUR"=dword:00000016
"MINUTE"=dword:00000017
"SECOND"=dword:0000000c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehTray.exe"
"hkey"="HKCU"
"command"="C:\\Windows\\ehome\\ehTray.exe"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000004
"DAY"=dword:00000005
"HOUR"=dword:00000016
"MINUTE"=dword:00000017
"SECOND"=dword:00000014

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Desktop Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"
"YEAR"=dword:000007da
"MONTH"=dword:00000007
"DAY"=dword:00000018
"HOUR"=dword:00000014
"MINUTE"=dword:00000036
"SECOND"=dword:00000016

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"inimapping"="0"
"YEAR"=dword:000007da
"MONTH"=dword:00000007
"DAY"=dword:00000018
"HOUR"=dword:00000014
"MINUTE"=dword:00000035
"SECOND"=dword:0000001e

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VoipBuster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VoipBuster"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
"inimapping"="0"
"YEAR"=dword:000007da
"MONTH"=dword:00000007
"DAY"=dword:00000018
"HOUR"=dword:00000014
"MINUTE"=dword:00000034
"SECOND"=dword:00000039

----------------------------------------------------------------------------
              Listing ModuleUsage Registry Keys              
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe]
".Owner"="{D27CDB6E-AE6D-11CF-96B8-444553540000}"
"{D27CDB6E-AE6D-11CF-96B8-444553540000}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/GAME_UNO1.dll]
".Owner"="{5D6F45B3-9043-443D-A792-115447494D24}"
"{5D6F45B3-9043-443D-A792-115447494D24}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gp.ocx]
".Owner"="{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"
"{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll]
".Owner"="{C3F79A2B-B9B4-4A66-B012-3EE46475B072}"
"{C3F79A2B-B9B4-4A66-B012-3EE46475B072}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MineSweeper.dll]
".Owner"="{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}"
"{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/atl.dll]
".Owner"="Unknown Owner"
"{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"=""

----------------------------------------------------------------------------
             Listing HKCU Policies Registry Keys             
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000

----------------------------------------------------------------------------
    Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys    
        if Hidden = 0 then Hidden Files and Folders are not shown           
        if SuperHidden = 1 is the desired default value.                    
        if ShowSuperHidden = 0 then System Files are not shown              
        if HideFileExt = 1 then File Extension are not shown                
    We want their values to be (from top to bottom) 1,1,1,0                 
----------------------------------------------------------------------------
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"SuperHidden"=dword:00000001
"ShowSuperHidden"=dword:00000001
"HideFileExt"=dword:00000000
 
----------------------------------------------------------------------------
    Listing HKLM Explorer\Advanced\Folder\Hidden\NOHIDDEN Registry Keys     
        CheckedValue Default is dword:00000002                              
        DefaultValue Default is dword:00000002                              
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"

 
----------------------------------------------------------------------------
    Listing HKLM Explorer\Advanced\Folder\Hidden\SHOWALL Registry Keys      
        CheckedValue Default is dword:00000001                              
        DefaultValue Default is dword:00000002                              
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

 
----------------------------------------------------------------------------
    Listing HKLM Explorer\Advanced\Folder\HideFileExt Registry Keys         
        CheckedValue Default is dword:00000001                              
        UnCheckedValue Default is dword:00000000                            
        DefaultValue Default is dword:00000001                              
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]
"Type"="checkbox"
"Text"="@shell32.dll,-30503"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="HideFileExt"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51101"

 
----------------------------------------------------------------------------
    Listing HKLM Explorer\Advanced\Folder\SuperHidden Registry Keys         
        CheckedValue Default is dword:00000000                              
        UnCheckedValue Default is dword:00000001                            
        DefaultValue Default is dword:00000000                              
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]
"Type"="checkbox"
"Text"="@shell32.dll,-30508"
"WarningIfNotDefault"="@shell32.dll,-28964"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowSuperHidden"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51103"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]

 
----------------------------------------------------------------------------
             Listing HKLM Policies Registry Keys             
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

----------------------------------------------------------------------------
             Listing BHO Registry Keys              
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9A9E-3AF287E2699B}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

----------------------------------------------------------------------------
             Listing SharedTaskScheduler Registry Keys              
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\Explorer\sharedtaskscheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

----------------------------------------------------------------------------
             Listing ShellExecuteHooks Registry Keys              
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\Explorer\ShellExecuteHooks]

----------------------------------------------------------------------------
             Listing ShellServiceObjectDelayLoad Registry Keys              
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

----------------------------------------------------------------------------
        Listing Default URL Prefix Keys - a possible hijack point        
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

----------------------------------------------------------------------------
        HKEY_CURRENT_USER ZoneMap ProtocolDefaults        
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@=""
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001
"shell"=dword:00000000

----------------------------------------------------------------------------
             Miscellaneous Malware Detection Report              
----------------------------------------------------------------------------

    Checking for DNS Hijacker - aka Wareout 
    ------------------------------------------------------------------------
       DNS hijacker not found 
    ------------------------------------------------------------------------

    List of Malware found in SharedTaskScheduler 
    ------------------------------------------------------------------------
       No Malware found in SharedTaskScheduler 
    ------------------------------------------------------------------------


    List of Malware found in C:\Windows\system32  
    ------------------------------------------------------------------------
       No Malware found in C:\Windows\system32 
    ------------------------------------------------------------------------


    Check for Troj-Torpig-D,E,J Keylogger 
    ------------------------------------------------------------------------
       Troj-Torpig-D,E,J Keylogger was not found 
    ------------------------------------------------------------------------


    Looking for winlogonhook/conhook trojan                                 
    ------------------------------------------------------------------------
        winlogonhook/conhook key not found 
    ------------------------------------------------------------------------


    Looking for Miscellaneous Rootkits                                      
    ------------------------------------------------------------------------
        lzx32, msguard, and pe386 rootkits not found 
    ------------------------------------------------------------------------


    Looking for Rootkit.Agent Gen UAC                                        
    ------------------------------------------------------------------------
        Rootkit.Agent Gen UAC not found 
    ------------------------------------------------------------------------


    Looking for W32.Tidserv/DNS Changer Rootkit                             
    ------------------------------------------------------------------------
        W32.Tidserv/DNS Changer Rootkit not found 
    ------------------------------------------------------------------------


    Looking for CmdService adware - part of ADSPY/ISearch.d.2               
    ------------------------------------------------------------------------
        CmdService adware not found 
    ------------------------------------------------------------------------


    Looking for Network_Monitor adware - part of ADSPY/ISearch.d.2          
    ------------------------------------------------------------------------
        Network_Monitor adware not found 


    Looking for Win32/Bagle SROSA Driver                                    
    ------------------------------------------------------------------------
        Win32/Bagle SROSA driver not found 
    ------------------------------------------------------------------------


    Looking for DOMAINSERVICE often found with Vundo infections             
    ------------------------------------------------------------------------
        DOMAINSERVICE not found 
    ------------------------------------------------------------------------


    Looking for Trojan.Peacomm aka Downloader-BAI.sys                       
    ------------------------------------------------------------------------
        Trojan.Peacomm not found 
    ------------------------------------------------------------------------


    Looking for forms of globalroot rootkits - some false indications may show here  
    ------------------------------------------------------------------------
        globalroot infection not found 
    ------------------------------------------------------------------------


    Looking for forms of Trojan.Haxdoor - many false indications may show here  
    ------------------------------------------------------------------------
        Trojan.Haxdoor not found 
    ------------------------------------------------------------------------


    Showing  Registry Shell Spawning -  Not all entries are bad                        
    ----------------------------------------------------------------------------


HKEY_CLASSES_ROOT\avifile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:8 /Open "%L"


HKEY_CLASSES_ROOT\batfile\shell\open\command
   <NO NAME>	REG_SZ         	"%1" %*


HKEY_CLASSES_ROOT\cmdfile\shell\open\command
   <NO NAME>	REG_SZ         	"%1" %*


HKEY_CLASSES_ROOT\comfile\shell\open\command
   <NO NAME>	REG_SZ         	"%1" %*


HKEY_CLASSES_ROOT\cplfile\shell\cplopen\command
   <NO NAME>	REG_EXPAND_SZ  	%SystemRoot%\System32\control.exe "%1",%*


HKEY_CLASSES_ROOT\exefile\shell\open\command
   <NO NAME>	REG_SZ         	"%1" %*
   IsolatedCommand	REG_SZ         	"%1" %*


HKEY_CLASSES_ROOT\giffile\shell\open\command
   <NO NAME>	REG_SZ         	"C:\Program Files\Internet Explorer\iexplore.exe" -nohome


HKEY_CLASSES_ROOT\htafile\shell\open\command
   <NO NAME>	REG_SZ         	C:\Windows\system32\mshta.exe "%1" %*


HKEY_CLASSES_ROOT\http\shell\open\command
   <NO NAME>	REG_SZ         	"C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"


HKEY_CLASSES_ROOT\htmlfile\shell\opennew\command
   <NO NAME>	REG_SZ         	"C:\Program Files\Internet Explorer\iexplore.exe" %1


HKEY_CLASSES_ROOT\htmlfile\shell\print\command
   <NO NAME>	REG_SZ         	"C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1


HKEY_CLASSES_ROOT\inffile\shell\install\command
   <NO NAME>	REG_EXPAND_SZ  	%SystemRoot%\System32\InfDefaultInstall.exe "%1"


HKEY_CLASSES_ROOT\inifile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	%SystemRoot%\system32\NOTEPAD.EXE %1


HKEY_CLASSES_ROOT\internetshortcut\shell\open\command
   <NO NAME>	REG_SZ         	rundll32.exe ieframe.dll,OpenURL %l


HKEY_CLASSES_ROOT\jpegfile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll", ImageView_Fullscreen %1


HKEY_CLASSES_ROOT\jsefile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	%SystemRoot%\System32\WScript.exe "%1" %*


HKEY_CLASSES_ROOT\jsfile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	%SystemRoot%\System32\WScript.exe "%1" %*


HKEY_CLASSES_ROOT\mpegfile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"


HKEY_CLASSES_ROOT\piffile\shell\open\command
   <NO NAME>	REG_SZ         	"%1" %*


HKEY_CLASSES_ROOT\regedit\shell\open\command
   <NO NAME>	REG_SZ         	regedit.exe "%1"


HKEY_CLASSES_ROOT\regfile\shell\open\command
   <NO NAME>	REG_SZ         	regedit.exe "%1"


Error: Key: regfile\shell\merge\command does not exist!



HKEY_CLASSES_ROOT\scrfile\shell\open\command
   <NO NAME>	REG_SZ         	"%1" /S


HKEY_CLASSES_ROOT\scrfile\shell\config\command
   <NO NAME>	REG_SZ         	"%1"


HKEY_CLASSES_ROOT\txtfile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	%SystemRoot%\system32\NOTEPAD.EXE %1


HKEY_CLASSES_ROOT\vbefile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	"%SystemRoot%\System32\WScript.exe" "%1" %*


HKEY_CLASSES_ROOT\vbsfile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	"%SystemRoot%\System32\WScript.exe" "%1" %*


HKEY_CLASSES_ROOT\vbsfile\shell\open2\command
   <NO NAME>	REG_EXPAND_SZ  	"%SystemRoot%\System32\CScript.exe" "%1" %*


HKEY_CLASSES_ROOT\wshfile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	"%SystemRoot%\System32\WScript.exe" "%1" %*


HKEY_CLASSES_ROOT\wsffile\shell\open\command
   <NO NAME>	REG_EXPAND_SZ  	"%SystemRoot%\System32\WScript.exe" "%1" %*
    ------------------------------------------------------------------------


    Looking for Image File Execution Options Hijacks - Not all entries are bad                        
    ----------------------------------------------------------------------------


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DllNXOptions

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEInstal.exe
    ----------------------------------------------------------------------------


    Showing TCP and UDP Connections - with netstat -a                           
    ----------------------------------------------------------------------------

Actieve verbindingen

  Proto  Lokaal adres           Extern adres           Status
  TCP    0.0.0.0:135            PC-ALEX:0              LISTENING
  TCP    0.0.0.0:443            PC-ALEX:0              LISTENING
  TCP    0.0.0.0:445            PC-ALEX:0              LISTENING
  TCP    0.0.0.0:554            PC-ALEX:0              LISTENING
  TCP    0.0.0.0:563            PC-ALEX:0              LISTENING
  TCP    0.0.0.0:2869           PC-ALEX:0              LISTENING
  TCP    0.0.0.0:5357           PC-ALEX:0              LISTENING
  TCP    0.0.0.0:10243          PC-ALEX:0              LISTENING
  TCP    0.0.0.0:49152          PC-ALEX:0              LISTENING
  TCP    0.0.0.0:49153          PC-ALEX:0              LISTENING
  TCP    0.0.0.0:49155          PC-ALEX:0              LISTENING
  TCP    0.0.0.0:49156          PC-ALEX:0              LISTENING
  TCP    0.0.0.0:49158          PC-ALEX:0              LISTENING
  TCP    0.0.0.0:49159          PC-ALEX:0              LISTENING
  TCP    0.0.0.0:58268          PC-ALEX:0              LISTENING
  TCP    127.0.0.1:5354         PC-ALEX:0              LISTENING
  TCP    127.0.0.1:22346        PC-ALEX:0              LISTENING
  TCP    127.0.0.1:49173        PC-ALEX:49174          ESTABLISHED
  TCP    127.0.0.1:49174        PC-ALEX:49173          ESTABLISHED
  TCP    127.0.0.1:49177        PC-ALEX:49178          ESTABLISHED
  TCP    127.0.0.1:49178        PC-ALEX:49177          ESTABLISHED
  TCP    127.0.0.1:49180        PC-ALEX:49181          ESTABLISHED
  TCP    127.0.0.1:49181        PC-ALEX:49180          ESTABLISHED
  TCP    127.0.0.1:49182        PC-ALEX:49183          ESTABLISHED
  TCP    127.0.0.1:49183        PC-ALEX:49182          ESTABLISHED
  TCP    127.0.0.1:49195        PC-ALEX:49196          ESTABLISHED
  TCP    127.0.0.1:49196        PC-ALEX:49195          ESTABLISHED
  TCP    127.0.0.1:60524        PC-ALEX:0              LISTENING
  TCP    192.168.0.103:139      PC-ALEX:0              LISTENING
  TCP    192.168.0.103:49185    95.100.111.139:http    ESTABLISHED
  TCP    192.168.0.103:49191    ey-in-f166:http        CLOSE_WAIT
  TCP    192.168.0.103:49192    ey-in-f155:http        CLOSE_WAIT
  TCP    192.168.0.103:49193    ey-in-f93:http         CLOSE_WAIT
  TCP    192.168.0.103:49194    ey-in-f100:http        CLOSE_WAIT
  TCP    192.168.0.103:49199    ey-in-f102:http        CLOSE_WAIT
  TCP    192.168.0.103:49201    ey-in-f102:http        CLOSE_WAIT
  TCP    192.168.0.103:49204    2.20.181.97:http       CLOSE_WAIT
  TCP    192.168.0.103:49224    2.20.181.51:http       ESTABLISHED
  TCP    192.168.0.103:49225    2.20.181.75:http       ESTABLISHED
  TCP    192.168.0.103:49226    2.20.181.75:http       ESTABLISHED
  TCP    192.168.0.103:49227    2.20.181.65:http       ESTABLISHED
  TCP    192.168.0.103:49247    2.20.181.82:http       CLOSE_WAIT
  TCP    192.168.0.103:49251    50:http                CLOSE_WAIT
  TCP    192.168.0.103:49253    50:http                CLOSE_WAIT
  TCP    192.168.0.103:49254    ny1-g004:http          CLOSE_WAIT
  TCP    192.168.0.103:49262    ny1-g004:http          CLOSE_WAIT
  TCP    [::]:135               PC-ALEX:0              LISTENING
  TCP    [::]:445               PC-ALEX:0              LISTENING
  TCP    [::]:554               PC-ALEX:0              LISTENING
  TCP    [::]:2869              PC-ALEX:0              LISTENING
  TCP    [::]:5357              PC-ALEX:0              LISTENING
  TCP    [::]:10243             PC-ALEX:0              LISTENING
  TCP    [::]:49152             PC-ALEX:0              LISTENING
  TCP    [::]:49153             PC-ALEX:0              LISTENING
  TCP    [::]:49155             PC-ALEX:0              LISTENING
  TCP    [::]:49156             PC-ALEX:0              LISTENING
  TCP    [::]:49158             PC-ALEX:0              LISTENING
  TCP    [::]:49159             PC-ALEX:0              LISTENING
  UDP    0.0.0.0:123            *:*                    
  UDP    0.0.0.0:500            *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:4500           *:*                    
  UDP    0.0.0.0:5004           *:*                    
  UDP    0.0.0.0:5005           *:*                    
  UDP    0.0.0.0:5355           *:*                    
  UDP    0.0.0.0:52434          *:*                    
  UDP    0.0.0.0:55425          *:*                    
  UDP    0.0.0.0:55427          *:*                    
  UDP    0.0.0.0:58268          *:*                    
  UDP    0.0.0.0:62995          *:*                    
  UDP    127.0.0.1:1900         *:*                    
  UDP    127.0.0.1:55433        *:*                    
  UDP    127.0.0.1:55938        *:*                    
  UDP    127.0.0.1:62994        *:*                    
  UDP    127.0.0.1:62996        *:*                    
  UDP    192.168.0.103:137      *:*                    
  UDP    192.168.0.103:138      *:*                    
  UDP    192.168.0.103:1900     *:*                    
  UDP    192.168.0.103:5353     *:*                    
  UDP    192.168.0.103:55432    *:*                    
  UDP    [::]:123               *:*                    
  UDP    [::]:500               *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:5004              *:*                    
  UDP    [::]:5005              *:*                    
  UDP    [::]:5355              *:*                    
  UDP    [::]:55426             *:*                    
  UDP    [::]:55428             *:*                    
  UDP    [::1]:1900             *:*                    
  UDP    [::1]:55430            *:*                    
  UDP    [fe80::100:7f:fffe%11]:1900  *:*                    
  UDP    [fe80::100:7f:fffe%11]:55431  *:*                    
  UDP    [fe80::9448:f126:4293:f7fe%10]:1900  *:*                    
  UDP    [fe80::9448:f126:4293:f7fe%10]:55429  *:*                    
    ----------------------------------------------------------------------------


    Showing Running Processes and Memory Usage                                  
    ----------------------------------------------------------------------------

Imagenaam                 Proces-i Sessienaam         Sessienr. Geheugengebr
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0        24 kB
System                           4 Services                   0    16.584 kB
smss.exe                       548 Services                   0       820 kB
csrss.exe                      616 Services                   0     6.112 kB
wininit.exe                    676 Services                   0     4.540 kB
csrss.exe                      684 Console                    1     9.592 kB
services.exe                   720 Services                   0     7.828 kB
lsass.exe                      748 Services                   0     2.280 kB
lsm.exe                        756 Services                   0     4.856 kB
winlogon.exe                   844 Console                    1     6.324 kB
svchost.exe                    948 Services                   0     6.700 kB
svchost.exe                   1008 Services                   0     7.360 kB
svchost.exe                   1072 Services                   0    37.280 kB
svchost.exe                   1140 Services                   0    16.412 kB
Ati2evxx.exe                  1220 Services                   0     4.804 kB
svchost.exe                   1268 Services                   0    12.312 kB
svchost.exe                   1296 Services                   0    77.872 kB
svchost.exe                   1316 Services                   0    30.540 kB
audiodg.exe                   1380 Services                   0    18.108 kB
SLsvc.exe                     1460 Services                   0    11.252 kB
svchost.exe                   1504 Services                   0    13.732 kB
Ati2evxx.exe                  1544 Console                    1     6.944 kB
spoolsv.exe                   1840 Services                   0    10.168 kB
svchost.exe                   1916 Services                   0    17.632 kB
taskeng.exe                   1120 Console                    1    11.092 kB
dwm.exe                       1352 Console                    1    62.300 kB
taskeng.exe                   1924 Services                   0     5.812 kB
explorer.exe                   524 Console                    1    60.832 kB
MSASCui.exe                   2224 Console                    1     9.388 kB
RtHDVCpl.exe                  2256 Console                    1     8.500 kB
SysMonitor.exe                2264 Console                    1     4.320 kB
eDSLoader.exe                 2272 Console                    1    14.940 kB
TSVNCache.exe                 2320 Console                    1    10.680 kB
nvraidservice.exe             2344 Console                    1     6.316 kB
jusched.exe                   2432 Console                    1     3.748 kB
GoogleToolbarNotifier.exe     2448 Console                    1     2.248 kB
notepad.exe                   2520 Console                    1    10.028 kB
msnmsgr.exe                   2648 Console                    1     3.016 kB
MOM.exe                       2732 Console                    1     4.052 kB
CLMSServer.exe                2740 Services                   0     8.580 kB
MemCheck.exe                  3100 Services                   0     4.796 kB
PMB.exe                       3220 Console                    1    17.808 kB
Switcher.exe                  3228 Console                    1    18.480 kB
wmpnscfg.exe                  3236 Console                    1     5.596 kB
iexplore.exe                  3496 Console                    1   179.572 kB
GoogleToolbarUser_32.exe      3568 Console                    1    10.328 kB
CCC.exe                       2104 Console                    1     4.488 kB
mDNSResponder.exe             1096 Services                   0     5.176 kB
eDSService.exe                2360 Services                   0     4.408 kB
LSSrvc.exe                    2252 Services                   0     3.828 kB
PGPserv.exe                   2660 Services                   0     4.844 kB
svchost.exe                   1752 Services                   0     5.112 kB
RichVideo.exe                 2208 Services                   0     4.036 kB
svchost.exe                   2412 Services                   0     7.132 kB
TeamViewer_Service.exe        2964 Services                   0     3.456 kB
svchost.exe                   2336 Services                   0     3.020 kB
SearchIndexer.exe             3048 Services                   0     8.668 kB
eRecoveryService.exe          3272 Services                   0    12.012 kB
WUDFHost.exe                  3304 Services                   0     6.160 kB
capuserv.exe                  3396 Services                   0    11.096 kB
wmpnetwk.exe                  3992 Services                   0    23.008 kB
unsecapp.exe                  4236 Console                    1     5.268 kB
WmiPrvSE.exe                  4260 Services                   0     6.828 kB
WmiPrvSE.exe                  4268 Services                   0     8.440 kB
MGtools.exe                   2924 Console                    1     6.468 kB
cmd.exe                       4300 Console                    1     3.820 kB
conime.exe                     608 Console                    1     3.800 kB
ntvdm.exe                     4640 Console                    1     4.820 kB
tasklist.exe                   716 Console                    1     5.140 kB


    ----------------------------------------------------------------------------
    Showing Shared Tasks Folder                                                 
    ----------------------------------------------------------------------------

"C:\Windows\Tasks\"
google~1.job   6 Apr 2011        1040  "GoogleUpdateTaskMachineCore.job"
google~2.job   6 Apr 2011        1044  "GoogleUpdateTaskMachineUA.job"
pcconf~1.job   6 Apr 2011         416  "PCConfidential.job"
sa.dat         6 Apr 2011           6  "SA.DAT"
schedlgu.txt   6 Apr 2011       32590  "SCHEDLGU.TXT"

5 items found:  5 files (1 H/S), 0 directories.
   Total of file sizes:  35.096 bytes     34,27 K


    ----------------------------------------------------------------------------
    Getting boot.ini contents                                                   
    ----------------------------------------------------------------------------
    No boot.ini in Vista or Windows 7                                           


    ----------------------------------------------------------------------------
    Getting win.ini contents                                                    
    ----------------------------------------------------------------------------
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
m2v=MPEGVideo
mod=MPEGVideo
[ActiveScan]
ID={0DDCAF94-39E6-40EA-91AD-D58E84E69AC8}


    ----------------------------------------------------------------------------
    Getting system.ini contents                                                 
    ----------------------------------------------------------------------------
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]


    ----------------------------------------------------------------------------
    Getting App Paths info for a few programs                                   
    ----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe]
@="C:\\Program Files\\Mozilla Firefox\\firefox.exe"
"Path"="C:\\Program Files\\Mozilla Firefox"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]
@="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"
"Path"="C:\\Program Files\\Internet Explorer;"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
@="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"
"Path"="C:\\Program Files\\Malwarebytes' Anti-Malware"



    ----------------------------------------------------------------------------
    Getting HijackThis IgnoreList                                               
    ----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\HijackThis                               


    ----------------------------------------------------------------------------
    Getting IE SearchScopes                                                     
    ----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="@ieframe.dll,-12512"
@="Live Search"
"URL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW"


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"
"Version"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Bing"
@="Bing"
"URL"="http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
"DisplayName"="Web Search..."
"URL"="http://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp"
"SuggestionsURL"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
"FaviconURLFallback"="http://radiobar.toolbarhome.com/partners/radiobar/logo.png"
"Version"="1.0.0"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlNL334"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_nlNL334&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}]
"URL"="http://127.0.0.1:4664/search&s=9ni7C-Jk45gFy8aFvTV_Zw3zUJQ?q={searchTerms}"
"FaviconPath"="C:\\Program Files\\Google\\Google Desktop Search\\favicon.ico"
"DisplayName"="Google Desktop"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}]
"URL"="http://scour.com/search/web/{searchTerms}/"
"DisplayName"="Scour Search"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FD2EA879-F50B-498B-8681-E1FBFB2BC530}]
"DisplayName"="Yahoo! Search"
"URL"="http://nl.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20091044,0,0,0,0"

    ----------------------------------------------------------------------------




Zipping C:\MGtools\runkeys.txt  
