Exterminate It! Antimalware

malpedia

Known threats:698,172 Last Update:April 28, 11:39

Testimonials

I managed to get my main PC infected by the Koobface virus. I put up with it's constant interruptions as it presented me with the fake virus screens offering to correct the problems for me. This continued for a couple of days. I ran both SUPERAntiSpyware and Malwarebyte's Anti-Malware several times and neither of them cleaned my PC of this irritating virus. Then I found your Exterminate It! product and decided to give it a chance to succeed where my other attempts had failed.
I was blown away by the speed your scan runs, and once it identified the virus, I would have been crazy not to buy the product and let it really exterminate my pc of this virus.
I'm very pleased with your software and I'm so thankful I found it. You've saved me hours of time, effort and frustation.

There are so many companies offering software that promises to clean viruses, but I'm thrilled to find one that actually keeps it's promise.

Thank you!

Sheila M.

Ezula- Registry Values List

This is a complete list of Ezula registry values collected by Exterminate It!. If you find any of these registry values on your PC, your computer is very likely to be infected with the Ezula - adware,hijacker,toolbar.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion]counter=4
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]web offer=[%SYSTEM%]\Cache\Advtg.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081420040815]cacheprefix=:2004081420040815:
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]ezwo=[%PROGRAM_FILES%]\Web Offer\wo.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion]object=/cnfg/mmview2.txt
  • [HKEY_CLASSES_ROOT\interface\{0fd6420a-f789-40ae-b921-3983f84e074e}\typelib] version=1.0
  • [HKEY_CLASSES_ROOT\interface\{994a0535-b09c-4d1c-aa4a-2f76002349b1}\typelib] version=1.0
  • [HKEY_CURRENT_USER\software\localnrd] lnd0s1tschost=%89%9F%97%86%94%86%89%DC%8C%97%D0%DC%81%91
  • [HKEY_CURRENT_USER\software\localnrd] lnd0s1tscpath=%D5%99%9A%C0%D5%9C%87%80%8C%83%87%86%D5%AA%94%97%94%9B%AA%93%94%8B%8E%97%80
  • [HKEY_CURRENT_USER\software\localnrd] lnd0s1tssend=%92%9B%96%82%C0%C0%CD%96%88%84%CC%9E%95%8C%83%9E%94%9D%86%DC%99%80%8F%DD%9B%C0%A6%80%91%C1%91%8B%9C
  • [HKEY_CURRENT_USER\software\localnrd] lni0g1nores=%99%83%8B%99%89%C1%8D%80%9D%93%83%84%9F%81%97%97%9B%C1%81%9D%97%93%86%9D%8F%8D%8E%97%99%83%8B%91%91%C1%8C%97%8E%93%8E%9B%94%84%91%9A%9B%9D%87%DC%99%80%8F%8E%99%80%8F%9F%93%9C%8B%9D%94%85%97%9C%99%9B%8B%9D%94%C1%81%9D%97%93%84%9E%83%8C%83%81%8E%C1%81%9D%97%93%94%8A%C8%C1%81%91%86%95%87%96%95%C1%81%9D%97%93%83%96%8C%8A%90%86%93%9C%8B%9C%9D%C1%81%9D%97%93%81%98%D4%8C%8D%9F%86%80%84%94%9F%9D%8D%82%8E%86%8F%9B%80%8A%90%DC%99%80%8F%8E%89%87%8D%82%94%8E%94%DC%99%80%8F%8E%8E%9D%83%94%9C%86%81%9F%8A%C1%81%9D%97%93%83%86%9E%82%96%DC%99%80%8F%8E%9D%80%8D%95%96%8A%91%8B%94%8B%8B%91%9B%9B%8B%9D%94%C1%81%9D%97%93%93%99%89%9D%94%DC%94%8A%96%8E%89%9F%87%91%93%89%8B%91%8A%80%92%DC%99%80%8F%8E%8C%8E%8E%87%9F%8C%8E%9B%99%84%CC%91%95%82%9E%80%9F%8E%8E%9F%9F%8B%8B%93%D4%8C%8D%9F%86%82%87%96%93%8E%92%9E%9F%97%CC%91%95%82%9E%80%99%82%CC%93%97%8E%98%9D%94%C1%81%9D%9F
  • [HKEY_CURRENT_USER\software\localnrd] lns0t1atusofsinst=roger
  • [HKEY_CURRENT_USER\software\localnrd] lns0t1i2cky3s=0
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\fileexts\.ldb\openwithlist] mrulist=a
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\fileexts\.mdb\openwithlist] c=notepad.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\fileexts\.mdb\openwithlist] mrulist=abc
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] eZWO=[%PROGRAM_FILES%]\Web Offer\wo.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] affilate_id=Eim03
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] affilate_id=Justin
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] country_id=225
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] ctx_popup_db=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] ezula_deniedsites=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] ezula_dictionary=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] ezula_enabled=false
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] ezula_maxdup=1
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] ezula_maxhilight=1
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] fixed_ctx_pop_db=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] fixed_ctx_pop_delay=45
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] fixed_ctx_pop_distortion=15
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] fixed_ctx_pop_enabled=true
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] icon_drop_enabled=false
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] installation_id=1664592b-399e-432b-b939-ae1d430cf731
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] installation_id=3109e3d9-8c48-4bd0-a0ad-84f1336ed4f4
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] installation_id=648ce702-839c-495d-a356-0c497cc56b82
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] installation_id=c2f98cd2-1270-415f-a35b-22bd1e2ca1fe
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] installation_id=f74b2009-95e5-46a7-b975-cbbcc70ba802
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] install_timestamp=1156718288
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] install_timestamp=1159304431
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] install_timestamp=1159881965
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] install_timestamp=1161093955
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] internal_affiliate_id=21
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] internal_affiliate_id=22
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] last_ezulasync=1156718297
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] last_ezulasync=1159293428
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] last_ezulasync=1159910839
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] last_ezulasync=1161093898
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] last_refresh_time=1160734809
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] last_refresh_time=1161971396
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] last_refresh_time=1162496905
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] last_refresh_time=1166312303
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] localinstall_timestamp=1156718293
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] localinstall_timestamp=1157162944
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] localinstall_timestamp=1159293380
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] localinstall_timestamp=1159910836
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] localinstall_timestamp=1161093891
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] next_ctx_popup_time=1160740887
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] next_ctx_popup_time=1161973154
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] next_ctx_popup_time=1162495989
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] next_ctx_popup_time=1166292025
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] popup_ctx_delay=30
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] popup_delay=2
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] popup_time_distortion=2
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] program_push_enabled=true
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] pushed_already=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] random_contextual_enabled=true
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] random_context_blacklist=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] rand_contextual_pop_type=popunder
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] rand_context_distortion=20
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] refresh_time=180
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] related_popups_enabled=true
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] related_popup_appendix=1023,1|1038,0|1041,0|1044,0|1101,0|1154,0|t,10.27.2006
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] related_popup_appendix=1116,0|1157,1|1115,0|1134,0|1144,0|1039,0|1018,0|1074,0|1041,0|1135,0|1152,0|1153,0|1101,0|1149,0|t,11.02.2006
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] related_popup_appendix=1121,1|1041,0|1101,0|1154,0|t,12.16.2006
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] related_popup_appendix=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] related_pop_type=popunder
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] related_sites=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\compression] request_queue=(EMPTY)
  • [HKEY_CLASSES_ROOT\clsid\{01eb5130-fc0c-4d75-b9ce-4801b1b854f5}\inprocserver32]threadingmodel=apartment
  • [HKEY_CLASSES_ROOT\clsid\{10049d2a-2965-4e4f-8c7e-cb33ad95feb7}\inprocserver32]threadingmodel=apartment
  • [HKEY_CLASSES_ROOT\clsid\{1115bae4-62c1-00f9-699a-573366dc900}\{3df87d69-5120-3342-7197-45fdbaa4433}]9rlnd9d5ix7sr4tn=1104314312
  • [HKEY_CLASSES_ROOT\clsid\{1115bae4-62c1-00f9-699a-573366dc900}\{b740471d-0554-fd37-0643-9d563903067}]5jm65imrdjlj4alk=cp.fhb
  • [HKEY_CLASSES_ROOT\clsid\{1115bae4-62c1-00f9-699a-573366dc900}\{b740471d-0554-fd37-0643-9d563903067}] 8whww3zulo4aweqd=(EMPTY)
  • [HKEY_CLASSES_ROOT\clsid\{1115bae4-62c1-00f9-699a-573366dc900}\{b740471d-0554-fd37-0643-9d563903067}]klkwe6tnn8xhbu0t=ded1h0d343
  • [HKEY_CLASSES_ROOT\clsid\{1115bae4-62c1-00f9-699a-573366dc900}\{b740471d-0554-fd37-0643-9d563903067}]swn6erkjtsxirbl3={hbecdfc1-afb8-f1fa-efef-8bdfbfdd8edf}
  • [HKEY_CLASSES_ROOT\clsid\{1115bae4-62c1-00f9-699a-573366dc900}\{bb88b15d-0943-9047-7704-ad9ab66706b}]am_l4hi8ed=9.8.9dd
  • [HKEY_CLASSES_ROOT\clsid\{16c050d2-677f-2c7f-45b2-8a55c79af3c}\{2364bb4a-434a-8767-5553-87884aaac66}]5rcw85gaer8gtnog8erax87=cp.fhb
  • [HKEY_CLASSES_ROOT\clsid\{16c050d2-677f-2c7f-45b2-8a55c79af3c}\{38e4c144-9b58-7ea6-fb27-b2444944dde}]vlsqekc5kpsw2rlw9k42b4d=rrquttuvrq
  • [HKEY_CLASSES_ROOT\clsid\{2253ec38-a972-40a9-8967-e9b1c82e7804}\inprocserver32]threadingmodel=apartment
  • [HKEY_CLASSES_ROOT\clsid\{3c34c5f1-d5aa-4b44-9dbd-27dba3fb6e0f}\inprocserver32]threadingmodel=apartment
  • [HKEY_CLASSES_ROOT\interface\{0fd6420a-f789-40ae-b921-3983f84e074e}\typelib]version=1.0
  • [HKEY_CLASSES_ROOT\interface\{994a0535-b09c-4d1c-aa4a-2f76002349b1}\typelib]version=1.0
  • [HKEY_CURRENT_USER\software\localnrd]ln0c1ntrstransac=2
  • [HKEY_CURRENT_USER\software\localnrd]ln0n1a2tionscode=us
  • [HKEY_CURRENT_USER\software\localnrd]lnc0n1tfyl=0
  • [HKEY_CURRENT_USER\software\localnrd]lnc0n1trmsgsdisp=47
  • [HKEY_CURRENT_USER\software\localnrd]lnc0n1trsevnt=97
  • [HKEY_CURRENT_USER\software\localnrd]lnc0o1d2eofsfinalad=1
  • [HKEY_CURRENT_USER\software\localnrd]lnc0s1insur=0
  • [HKEY_CURRENT_USER\software\localnrd]lnc0u1rrentsmode=1
  • [HKEY_CURRENT_USER\software\localnrd]lnd0s1tschost=‰Ÿ—†”†‰ÜŒ—Ð܁‘
  • [HKEY_CURRENT_USER\software\localnrd]lnd0s1tscpath=Õ™šÀÕœ‡€Œƒ‡†Õª”—”›ª“”‹Ž—€
  • [HKEY_CURRENT_USER\software\localnrd]lnd0s1tssend=’›–‚ÀÀÍ–ˆ„Ìž•Œƒž”†Ü™€Ý›À¦€‘Á‘‹œ
  • [HKEY_CURRENT_USER\software\localnrd]lni0d1ofsdist=1|200|0|0|thnall1l.exe
  • [HKEY_CURRENT_USER\software\localnrd]lni0d1ofsinst={71c2e587-cbd2-44d4-b5fa-24f65098715f}
  • [HKEY_CURRENT_USER\software\localnrd]lni0g1nores=™ƒ‹™‰Á€“ƒ„Ÿ——›Á—“†Ž—™ƒ‹‘‘ÁŒ—Ž“Ž›”„‘š›‡Ü™€Ž™€Ÿ“œ‹”…—œ™›‹”Á—“„žƒŒƒŽÁ—“”ŠÈÁ‘†•‡–•Á—“ƒ–ŒŠ†“œ‹œÁ—“˜ÔŒŸ†€„”Ÿ‚Ž†›€ŠÜ™€Ž‰‡‚”Ž”Ü™€ŽŽƒ”œ†ŸŠÁ—“ƒ†ž‚–Ü™€Ž€•–Š‘‹”‹‹‘››‹”Á—““™‰”Ü”Š–Ž‰Ÿ‡‘“‰‹‘Š€’Ü™€ŽŒŽŽ‡ŸŒŽ›™„Ì‘•‚ž€ŸŽŽŸŸ‹‹“ÔŒŸ†‚‡–“Ž’žŸ—Ì‘•‚ž€™‚Ì“—Ž˜”ÁŸ
  • [HKEY_CURRENT_USER\software\localnrd]lni0n1progscab=0
  • [HKEY_CURRENT_USER\software\localnrd]lni0n1progsex=0
  • [HKEY_CURRENT_USER\software\localnrd]lni0n1progslstest=0
  • [HKEY_CURRENT_USER\software\localnrd]lnl0a1stmotssday=15
  • [HKEY_CURRENT_USER\software\localnrd]lnl0a1stsschckin=89
  • [HKEY_CURRENT_USER\software\localnrd]lnm0o1dessync=11
  • [HKEY_CURRENT_USER\software\localnrd]lns0t1atusofsinst=roger
  • [HKEY_CURRENT_USER\software\localnrd]lns0t1i2cky1s=capdate[%3d153%]26capdatedy[%3d0815%]26lupgtry[%3d1%]26lupgid[%3d163%]26lupgdt[%3d1092448505284%]26lflshdt[%3d1092448505%]26lstlogdt[%3d20040815%]26cntp[%3d%]26capcnt[%3d3%]26capcntdy[%3d3%]26
  • [HKEY_CURRENT_USER\software\localnrd]lns0t1i2cky2s=fstcidt[%3d1092448505283%]26
  • [HKEY_CURRENT_USER\software\localnrd]lns0t1i2cky3s=0
  • [HKEY_CURRENT_USER\software\localnrd]lnt0h1rshsbath=10000
  • [HKEY_CURRENT_USER\software\localnrd]lnt0h1rshschecksin=60
  • [HKEY_CURRENT_USER\software\localnrd]lnt0h1rshsmots=100
  • [HKEY_CURRENT_USER\software\localnrd]lnt0h1rshsyssinf=2000
  • [HKEY_CURRENT_USER\software\localnrd]lnt0i1m2eofsfinalad=1092556654|0|0|0|1092448505|0|0|0|0|
  • [HKEY_CURRENT_USER\software\localnrd]lnt0o1plistspos=0
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser]{cf96bdc1-3d43-9240-fb50-943285b4a58a}=c1 bd 96 cf 43 3d 40 92 fb 50 94 32 85 b4 a5 8a
  • [HKEY_CURRENT_USER\software\microsoft\windows media\wmsdk\general]uniqueid={a69140ee-c580-4379-b069-e3f30317fd26}
  • [HKEY_CURRENT_USER\software\microsoft\windows media\wmsdk\general]volumeserialnumber=536956682
  • [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\taskmanager]preferences=70 01 00 00 e8 03 00 00 02 00 00 00 01 00 00 00 01 00 00 00 0a 00 00 00 0a 00 00 00 9e 01 00 00 c9 01 00 00 00 00 00 00 00 00 00 00 01 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6b 00 00 00 32 00 00 00 23 00 00 00 46 00 00 00 46 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion]object=/cnfg/mmview2.txt
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]processinst=1
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\discardable\postsetup\shellnew]~reserved~=18 00 00 00 01 00 01 00 d4 07 09 00 02 00 07 00 10 00 18 00 13 00 42 02
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\streammru]184=14 00 1f 50 e0 4f d0 20 ea 3a 69 10 a2 d8 08 00 2b 30 30 9d 19 00 23 43 3a 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 84 15 00 31 00 00 00 00 00 27 31 3c a2 30 00 57 49 4e 4e 54 00 00 2f 00 b1 00 00 00 00 00 d7 30 32 82 34 00 54 61 73 6b 73 00 00 1a 00 36 00 03 00 ef be 90 79 27 d6 6a 4c cf 11 8d 87 00 aa 00 60 f5 bf 15 00 00 00
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\streammru]186=14 00 1f 50 e0 4f d0 20 ea 3a 69 10 a2 d8 08 00 2b 30 30 9d 19 00 23 43 3a 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 84 15 00 31 00 00 00 00 00 27 31 3c a2 30 00 57 49 4e 4e 54 00 00 13 00 31 00 00 00 00 00 d7 30 e0 92 14 00 57 65 62 00 00 00 00
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\streammru]34=14 00 1f 50 e0 4f d0 20 ea 3a 69 10 a2 d8 08 00 2b 30 30 9d 19 00 22 45 3a 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 29 38 00 00
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\streammru]35=00 00
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\streams\184]cabview=5c 00 00 00 02 00 00 00 03 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 fc ff ff ff fc ff ff ff 04 08 00 00 e8 02 00 00 01 00 00 00 00 00 00 00 78 d0 08 00 00 00 00 00 d6 fe 16 71 07 00 00 00 e0 d0 57 00 73 35 cf 11 ae 69 08 00 2b 2e 12 62 01 00 00 00 00 00 00 00
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\streams\185]cabview=5c 00 00 00 02 00 00 00 03 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 fc ff ff ff fc ff ff ff 04 08 00 00 e8 02 00 00 01 00 00 00 00 00 00 00 78 d0 08 00 00 00 00 00 d6 fe 16 71 07 00 00 00 e0 d0 57 00 73 35 cf 11 ae 69 08 00 2b 2e 12 62 01 00 00 00 00 00 00 00
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\streams\186]cabview=5c 00 00 00 02 00 00 00 03 00 00 00 ff ff ff ff ff ff ff ff 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 1f 03 00 00 3b 02 00 00 01 00 00 00 00 00 00 00 78 d0 08 00 00 00 00 00 d6 fe 16 71 07 00 00 00 e0 d0 57 00 73 35 cf 11 ae 69 08 00 2b 2e 12 62 01 00 00 00 00 00 00 00
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\streams\34]cabview=5c 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff dc 00 00 00 16 00 00 00 6a 03 00 00 36 02 00 00 04 00 00 00 00 00 00 00 88 8b 08 00 00 00 00 00 d6 fe 16 71 07 00 00 00 00 77 7e 13 73 35 cf 11 ae 69 08 00 2b 2e 12 62 01 00 00 00 00 00 00 00
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081420040815]cachelimit=8192
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081420040815]cacheoptions=11
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081420040815]cachepath=[%HISTORY%]\history.ie5\mshist012004081420040815\
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081420040815]cacheprefix=:2004081420040815:
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081420040815]cacherepair=0
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081520040816]cachelimit=8192
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081520040816]cacheoptions=11
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081520040816]cachepath=[%HISTORY%]\history.ie5\mshist012004081520040816\
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081520040816]cacheprefix=:2004081520040816:
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012004081520040816]cacherepair=0
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] ezwo=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]ezstub=[%WINDOWS%]\ezulastb.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] web offer=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\sixthmanagerkind]spambase=36 29 00 77 5a 88 f5 b5 54 48 38 10 a3 f0 55 9e 9b 9b 48 db 4f 95 d9 aa 0e 71 e1 49 4b 1c 1d 85 22 5c 55 82 80 31 80 e1 ca 94 44 31 d2 95 07 cc 37 5d b2 4a 23 97 cf 47 0f 55 9b 53 08 d7 9d b5 f3 cd 1e 71 ce 9b 5b fa f0 ca fb 4f b0 d4 fe 8a e6 a7 d5 f8 c3 e4 86 b2 87 d2 46 d2 b8 d4 a8 49 17 98 8c 63 38 d0 52 01 a8 e0 da 82 29 7b 28 b8 a2 27 57 ff 5f bd 9b bd 7b ba d9 df 2b 2a 67 79 c3 cd 60 ae af a8 7a db 0b e0 ad c5 59 14 80 3b 2c 74 1d 85 40 34 3a e7 80 31 80 e5 ca 91 44 35 d2 91 07 8d 42 2d dd 19 46 94 d5 4b 11 67 9b 53 08 d7 9e a5 f3 cd 1a 5c ce 9b 5f fb f0 ca 98 74 d5 b4 8c e9 8e e5 a6 8b aa 93 f2 d3 e9 a2 46 ba cc c3 ab 73 07 b7 fb 14 4b fe 25 64 ce 93 bf e3 5f 18 40 96 a5 21 49 d0 37 d8 b5 dc 0d ca a1 e0 5b 48 38 10 a3 f0 55 9e fb f2 3b e9 0e e1 ad c5 5d 1c 80 3b 28 70 1d 85 22 58 55 8e 80 55 e9 96 a9 fb 29 45 d2 94 07 8d 42 20 dd 19 46 e0 bd 24 67 66 9b 53 08 b3 f2 c8 9f a2 68 39 fc 9b 3e 88 87 ae 8e 62 f1 93 aa d1 fb 9f dd 8b d5 ef 83 eb 9c df 3d ba cf a0 d8 73 21 b7 fb 14 4e f
  • [HKEY_CURRENT_USER\software\noun pile acid]software cake=98 7b c8 30 f8 d5 a6 86 e2 a6 46 ba c8 a0 d8 73 3c b7 fb 14 0e 8b 51 0b 99 f6 de 91 38 70 40 96 c1 48 3a dc 36 d8 b5 d8 08 ca a1 e4 5f 48 38 51 d2 84 3a cd fa fa 3a b8 66 d2 ad c5 5d 14 80 2b 28 74 1d a8 22 5c 55 8f 80 31 80 b6 af f5 36 56 ba d4 74 fe 2b 5a a9 78 28 82 bd 4c 13 13 eb 69 27 f8 ea d2 84 e3 69 39 ac e8 3e 9a 82 a9 93 32 b6 da e1 c6 e7 83 88 ea d9 e7 8a ec 9d c4 19 d3 a8 9d ed 43 08 84 c9 14 4a fe 25 64 ce 93 bf e3 5f 18 40 96 a3 20 55 b9 36 d8 b5 dc 08 cf a1 e0 5f 4c 38 10 a7 f4 55 9e 9f f9 20 b4 78 e0 ad c5 5d 14 83 3b 28 74 19 85 22 5c 51 8e 80 31 e3 8d ca 95 44 35 d2 96 07 8d 42 2d dd 19 46 f2 bd 24 67 04 e8 53 37 d7 9d a5 f7 cd 1e 5c ca 9b 5b fb f4 ca fb 1c b1 dc ff e9 8f e6 a6 8b af 97 f2 d3 ed a6 46 ba c8 a0 d8 73 5c de 88 26 4f ff 25 64 ca 9b bf e3 5b 1c 40 96 c1 4c 3a d0 36 bc dc af 6b a5 cc 90 5f 49 38 10 a7 fa 55 9e 9f 9f 48 db 0e e4 ad c5 5d 70 ef 56 49 1d 73 e0 50 2e 55 8f 80 31 80 ec ca 94 44 23 d2 95 07 8c 42 29 dd 7d 29 9b d1 4b 11 02 a9 53 6d a4 ea c1 86 b
  • [HKEY_CURRENT_USER\software\noun pile acid]software cake=f2 15 11 4d 87 f7 d8 bc 85 e6 a6 8b ae 97 f2 d3 ed a6 46 ba 8d d5 ac 1c 6b d2 9a 66 2c 96 25 64 ca 93 bf ef 5b 18 40 92 c1 48 3a d4 36 d8 b5 9d 7d be ce b3 3a 29 4a 73 cf c2 55 9e 9f 9b 48 cb 0e e0 ad e8 5d 14 80 3a 28 74 1d d6 47 3d 27 ed e8 70 f3 96 a3 e7 30 54 bc e1 07 e5 36 5d ad 23 69 d9 ca 53 10 49 ec 36 6a a4 f8 c4 81 ae 76 72 ad f4 36 d4 99 af d5 7d a6 c5 f4 d6 fa 84 f9 e2 ce aa c7 e3 d9 95 74 ba c9 a0 d8 73 3c b7 fb 14 4b fe 25 64 a8 fb d0 8a 5b 18 40 96 c1 4d 3a d0 36 dc b5 dc 08 ce a1 e0 5f 2a 50 7f d1 f0 55 9e 9f 9b 4b db 0e e0 a9 c5 5d 14 84 3b 28 74 7e ed 22 5d 55 8e 80 32 80 e5 ca 90 44 35 d2 91 07 8d 42 4a ae 19 79 f6 bd 24 63 67 9b 53 0c d7 9d a5 f7 cd 1e 5c aa f2 28 fb f1 ca fb 1c d0 b5 8c e9 8a e6 a6 8b ae 97 f2 d3 8d cf 35 88 cc a1 d8 73 38 bf fb 14 4f fa 25 64 ca 97 bf e3 5b 7c 29 e5 a2 27 57 a0 36 d9 b5 dc 08 c0 a1 e0 5f 4c 38 10 a7 f4 55 9e 9f ff 27 b6 6f 89 c3 a0 2f 66 80 3a 28 74 1d 8c 22 5c 55 98 80 31 80 e4 ca 94 44 51 bd f8 6b e2 34 4c ef 19 23 85 ca 40 12 1
  • [HKEY_LOCAL_MACHINE\software\microsoft]insttime=1092527597
  • [HKEY_LOCAL_MACHINE\software\microsoft\cryptography\services]ever=false
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\secedit]asynchronous=0
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\secedit]dllname=[%SYSTEM%]\araamon.dll
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\secedit]id={b47b2b1f-0c0f-47bd-ad5d-219f2688fb72}
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\secedit]idex=ax
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\secedit]impersonate=0
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\secedit]logoff=winlogoff
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\secedit]logon=winlogon
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\secedit]version=126
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer]browser helper objects={c5183abc-eb6e-4e05-b8c9-500a16b6cf94}
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer]processinst=1
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform] {b47b2b1f-0c0f-47bd-ad5d-219f2688fb72}=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] ezmmod=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] mudsc=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] sesync=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved] {8e953c77-dfad-4e26-9c21-49d6f1625c62}=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\030da494382e]uninstallstring=[%SYSTEM%]\ccfgnt17.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\4784f481c85c]uninstallstring=[%SYSTEM%]\atl76681.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\amyshorse.zip] displayname=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\amyshorse.zip] uninstallstring=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cake kind test]displayname=window searching
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cake kind test]uninstallstring=[%PROGRAM_FILES%]\thirdc~1\gridtwo.exe -uninstall
  • [HKEY_LOCAL_MACHINE\system\mounteddevices]??\volume{d8898975-ee4a-11d8-be69-000ea63dc91c}=5c 00 3f 00 3f 00 5c 00 53 00 54 00 4f 00 52 00 41 00 47 00 45 00 23 00 52 00 65 00 6d 00 6f 00 76 00 61 00 62 00 6c 00 65 00 4d 00 65 00 64 00 69 00 61 00 23 00 37 00 26 00 64 00 32 00 64 00 61 00 61 00 65 00 26 00 30 00 26 00 52 00 4d 00 23 00 7b 00 35 00 33 00 66 00 35 00 36 00 33 00 30 00 64 00 2d 00 62 00 36 00 62 00 66 00 2d 00 31 00 31 00 64 00 30 00 2d 00 39 00 34 00 66 00 32 00 2d 00 30 00 30 00 61 00 30 00 63 00 39 00 31 00 65 00 66 00 62 00 38 00 62 00 7d 00
  • [HKEY_LOCAL_MACHINE\system\mounteddevices]dosdevices\e:=5c 00 3f 00 3f 00 5c 00 53 00 54 00 4f 00 52 00 41 00 47 00 45 00 23 00 52 00 65 00 6d 00 6f 00 76 00 61 00 62 00 6c 00 65 00 4d 00 65 00 64 00 69 00 61 00 23 00 37 00 26 00 64 00 32 00 64 00 61 00 61 00 65 00 26 00 30 00 26 00 52 00 4d 00 23 00 7b 00 35 00 33 00 66 00 35 00 36 00 33 00 30 00 64 00 2d 00 62 00 36 00 62 00 66 00 2d 00 31 00 31 00 64 00 30 00 2d 00 39 00 34 00 66 00 32 00 2d 00 30 00 30 00 61 00 30 00 63 00 39 00 31 00 65 00 66 00 62 00 38 00 62 00 7d 00