Tuesday, April 12, 2016

More Messing in the Registry




HKEY_CURRENT_USER\Software\Google\Chrome\PreReadFieldTrial

HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Control Panel\Infrared\File Transfer
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Control Panel\Infrared\Global
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Control Panel\Infrared\IrTranP
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Control Panel\Input Method\Hot Keys
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Identities\{D8D02B22-D15E-4763-9692-8BC69BF7CB91} Main Identity

HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Google\Update\proxy
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eahebamiopdhefndnmappcihfajigkka
> https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

> http://clients2.google.com/service/update2/cr
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\CTF\DirectSwitchHotkeys

HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\CTF\Hidden DummyLayouts
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\Multimedia\Audio
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP

C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AX8UVRQA\media_guide_16x16[1].png
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AX8UVRQA\mg4_wmp12_30x30_2[1].png

search-ms:query=Group%20Policy%20Editor%20

104-1000\Software\Microsoft\NetShow\Player\Remote

HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\Wisp\Pen\Persist\0\1

HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\Remote Assistance
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\Speech\Voices
HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\NVIDIA Corporation\Global\Persistence\DisplayConfig\ActiveUniqueKeys

HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\NVIDIA Corporation\NVControlPanel2\RegisteredServers


AL_MACHINE\SOFTWARE\Conexant\Soft Data Fax Modem\Files\SYS
VSTBS23.SYS
VSTCNXT3.SYS
VSTDPV3.SYS
VSTProf.cty

HKEY_LOCAL_MACHINE\SOFTWARE\Conexant Systems\Soft Data Fax Modem with SmartCP\Files\SYSHSFProf.cty >
> HSX_CNXT.sys
> HSX_DP.sys
> HSXHWBS2.sys
> mdmxsdk.sys


HKEY_LOCAL_MACHINE\SOFTWARE\Conexant Systems\Soft Data Fax Modem with SmartCP\InstallControl\KillAppsList

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
C:\Program Files\Kaspersky Lab\Kaspersky Total Security 
> 16.0.0\FFExt\light_plugin_firefox
> light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com

HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Software\Microsoft\Microsoft Management Console\Recent File List
C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Vista Console1a.msc
C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Vista Console1.msc
C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Console1.msc
C:\Windows\system32\services.msc

HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Control Panel\Infrared\IrTranP

HKEY_LOCAL_MACHINE\SOFTWARE\Conexant Systems\Soft Data Fax Modem with SmartCP\RegKeys
HKEY_LOCAL_MACHINE\SOFTWARE\Conexant Systems\Soft Data Fax Modem with SmartCP\InstallControl
NETWAITING.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Conexant Systems\Soft Data Fax Modem with SmartCP\Files\VXDDLL

HKEY_LOCAL_MACHINE\SOFTWARE\Conexant Systems\Soft Data Fax Modem with SmartCP\HsfServices

HKEY_LOCAL_MACHINE\SOFTWARE\Conexant Systems\Soft Data Fax Modem with SmartCP\IDeleteRegKeys

HKEY_LOCAL_MACHINE\SOFTWARE\Conexant Systems\Soft Data Fax Modem with SmartCP\InstallControl\KillAppsListsearch-

ms:displayname=Other&crumb=NOT%20kind%3A(%3Demail%20OR%20%3Ddocument%20OR%20%3Dpicture%20OR%20%3Dmusic)&crumb=NOT%20kind%3A(%3Demail%20OR%20%3Ddocument%20OR%20%3Dpicture%20OR%20%3Dmusic)&crumb=location:%3A%3A{20D04FE0-3AEA-1069-A2D8-08002B30309D}

"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-



HKEY_USERS\S-1-5-21-262482071-161041032-7780104-1000\Identities\{D8D02B22-D15E-4763-9692-8BC69BF7CB91}