fistnam.exe – trojan Cossta

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

The file fistnam.exe is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete fistnam.exe we recommend you to use UnHackMe:
http://www.unhackme.com

Malware Analysis of fistnam.exe
Executed: LoirinhaBrurr.avi de www.videoslive.exe
Removed: fistnam.exe. Full path: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\fistnam.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: fistnam.exe
Author: Home
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\START MENU\PROGRAMS\STARTUP\FISTNAM.EXE
Type: Startup Folder


Will you remove it?
0 0

Download Removal Tool for Free

People say

Visitor post

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Files:
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\fistnam.exe
C:\Documents and Settings\All Users\DRM\drmstore.hds
C:\Documents and Settings\All Users\DRM\v3ks.bla
C:\Documents and Settings\All Users\DRM\v3ks.sec
C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16440.0 2011.03.12 Generic.Banker.VB.E7A9811E
Kaspersky 7.0.0.125 2011.03.12 Trojan.Win32.Cossta.mnh
Microsoft 1.6603 2011.03.12 TrojanSpy:Win32/Bancos.ZU
NOD32 5946 2011.03.11 a variant of Win32/Spy.Bancos.NRL

—————————————————————————————————————————-

MD5 d73f48554a432fae80293ca45f8943b0

SHA1 0e4ba665b52b23b2d4144d410a5bf3ec2d2158f9

SHA256 8516e4c699646289e41b8a38491eb206a1bb49c3a013a8fb1b47b2c9b22a6bb0

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:57
———————————-
HKLM\Software\Classes\MIME\Database\Content Type\application/x-wmplayer
HKLM\Software\Microsoft\ESENT\Process\wmplayer
HKLM\Software\Microsoft\ESENT\Process\wmplayer\DEBUG
HKLM\Software\Microsoft\MediaPlayer\Monitors
HKLM\Software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1
HKLM\Software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1\0,0,1024,768
HKLM\Software\Microsoft\UPnP Device Host\HTTP Server\VROOTS\/upnphost
HKLM\Software\Microsoft\UPnP Device Host\Devices
HKLM\Software\Microsoft\UPnP Device Host\Providers
HKLM\Software\Microsoft\SQMClient
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST\0000
HKCU\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}
HKCU\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device
HKCU\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}
HKCU\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device
HKCU\Software\Microsoft\MediaPlayer\Player\Tasks
HKCU\Software\Microsoft\MediaPlayer\Player\Tasks\NowPlaying
HKCU\Software\Microsoft\MediaPlayer\Preferences\EqualizerSettings
HKCU\Software\Microsoft\MediaPlayer\Preferences\HME
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\RTSP
HKCU\Software\Microsoft\MediaPlayer\Preferences\VideoSettings
HKCU\Software\Microsoft\MediaPlayer\Setup\UserOptions
HKCU\Software\Microsoft\MediaPlayer\Health
HKCU\Software\Microsoft\MediaPlayer\Health\{2262D3BB-4642-402B-9EFB-DA05D4295C80}
HKCU\Software\Microsoft\MediaPlayer\Monitors
HKCU\Software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1
HKCU\Software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1\0,0,1024,768
HKCU\Software\Microsoft\MediaPlayer\Services
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide
HKCU\Software\Microsoft\MediaPlayer\Splitters
HKCU\Software\Microsoft\MediaPlayer\Subscriptions
HKCU\Software\Microsoft\MediaPlayer\UIPlugins
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{0890F930-4F80-4646-BAB1-4B6E5571FB89}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{1F32514F-1561-4922-A604-8A1F478B5A42}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{52903d79-f993-4de6-8317-20c9c176d823}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{59E7BF52-E5C9-4382-A39A-522DEE9AFDFD}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{5DF031B7-6A37-42D9-8802-E27F4F224332}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{5F4BB5C9-4652-489B-8601-EEC0C3C32E2E}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{7F2B1D6B-1357-402C-A1C8-67E59583B41D}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{93075F62-16B3-43EC-A53B-FFAD0E01D5E7}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{9695AEF9-9D03-4671-8F2F-FF49D1BB01C4}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{976ABECA-93F7-4d81-9187-2A6137829675}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{99DB05E3-F81E-4C8A-A252-F396306AB6FE}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{9F9562EB-15B6-46C6-A7CB-0A66FC65130E}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{9FA014E3-076F-4865-A73C-117131B8E292}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{D5E49195-ED19-40fb-9EE0-E6625A808B77}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{E641D09E-E500-4c09-8260-F1CD7B902E9C}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{F24A1BC2-2331-4B91-8A13-5A549DA56E9D}
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{FD981763-B6BB-4d51-9143-6D372A0ED56F}
HKCU\Software\Microsoft\Scrunch
HKCU\Software\Microsoft\Scrunch\Video
HKCU\Software\Microsoft\SQMClient
HKCU\Software\Microsoft\SQMClient\wmp
HKCU\Software\Microsoft\SQMClient\wmp\Sampling

———————————-
Values deleted:2
———————————-
HKLM\Software\Microsoft\DRM\UpgradePath: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C 00 41 00 6C 00 6C 00 20 00 55 00 73 00 65 00 72 00 73 00 5C 00 44 00 52 00 4D 00 00 00
HKCU\Software\Microsoft\MediaPlayer\Player\Settings\Client ID: “{64F9C602-1D66-42D0-9E4C-C16A0F5E0CD7}”

———————————-
Values added:281
———————————-
HKLM\Software\Classes\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID\: “{EAABFA86-8E93-49A6-AD58-B0736596526E}”
HKLM\Software\Classes\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version\: “{EAABFA86-8E93-49A6-AD58-B0736596526E}”
HKLM\Software\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID: “{cd3afa96-b84f-48f0-9393-7edc34128127}”
HKLM\Software\Microsoft\ESENT\Process\wmplayer\DEBUG\Trace Level: “”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Devices\AudioCD\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.aif\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.aifc\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.aiff\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.asf\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.asx\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.au\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.avi\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.cda\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.m1v\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.m2v\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.m3u\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mid\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.midi\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mod\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mp2\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mp3\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mpa\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mpe\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mpg\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.rmi\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.snd\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.wav\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.wax\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.wm\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.wma\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.wmd\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.wmv\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.wmx\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.wmz\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.wpl\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.wvx\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\application/vnd.ms-wpl\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-mplayer2\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmd\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmz\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/basic\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mid\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/midi\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mp3\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpeg\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpegurl\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpg\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/wav\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mid\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-midi\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mp3\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpeg\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpegurl\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpg\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wax\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wma\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-wav\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\midi/mid\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/avi\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpeg\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpg\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/msvideo\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg2a\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf-plugin\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wm\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmv\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmx\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wvx\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-msvideo\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Protocols\mms\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Protocols\mmst\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Protocols\mmsu\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\Multimedia\WMPlayer\Protocols\msbd\UserApprovedOwning: “yes”
HKLM\Software\Microsoft\UPnP Device Host\HTTP Server\VROOTS\/upnphost\: “C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\”
HKLM\Software\Microsoft\SQMClient\MachineId: “{B5E7A85A-00DB-41E4-9076-315D1B21F498}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST\0000\Service: “upnphost”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST\0000\DeviceDesc: “Universal Plug and Play Device Host”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST\NextInstance: 0×00000001
HKCU\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device\FriendlyName: “Default MidiOut Device”
HKCU\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device\CLSID: “{07B65360-C445-11CE-AFDE-00AA006C14F4}”
HKCU\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device\FilterData: 02 00 00 00 00 00 80 00 01 00 00 00 00 00 00 00 30 70 69 33 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 38 00 00 00 48 00 00 00 6D 69 64 73 00 00 10 00 80 00 00 AA 00 38 9B 71 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKCU\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device\MidiOutId: 0xFFFFFFFF
HKCU\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device\FriendlyName: “Default DirectSound Device”
HKCU\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device\CLSID: “{79376820-07D0-11CF-A24D-0020AFD79767}”
HKCU\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device\FilterData: 02 00 00 00 00 00 80 00 01 00 00 00 00 00 00 00 30 70 69 33 02 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 A8 00 00 00 B8 00 00 00 31 74 79 33 00 00 00 00 A8 00 00 00 C8 00 00 00 32 74 79 33 00 00 00 00 A8 00 00 00 D8 00 00 00 33 74 79 33 00 00 00 00 A8 00 00 00 E8 00 00 00 34 74 79 33 00 00 00 00 A8 00 00 00 F8 00 00 00 35 74 79 33 00 00 00 00 A8 00 00 00 08 01 00 00 36 74 79 33 00 00 00 00 A8 00 00 00 18 01 00 00 37 74 79 33 00 00 00 00 A8 00 00 00 28 01 00 00 61 75 64 73 00 00 10 00 80 00 00 AA 00 38 9B 71 01 00 00 00 00 00 10 00 80 00 00 AA 00 38 9B 71 09 00 00 00 00 00 10 00 80 00 00 AA 00 38 9B 71 03 00 00 00 00 00 10 00 80 00 00 AA 00 38 9B 71 92 00 00 00 00 00 10 00 80 00 00 AA 00 38 9B 71 40 02 00 00 00 00 10 00 80 00 00 AA 00 38 9B 71 41 02 00 00 00 00 10 00 80 00 00 AA 00 38 9B 71 64 01 00 00 00 00 10 00 80 00 00 AA 00 38 9B 71 49 02 00 00 00 00 10 00 80 00 00 AA 00 38 9B 71
HKCU\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device\DSGuid: “{00000000-0000-0000-0000-000000000000}”
HKCU\Software\Microsoft\MediaPlayer\Player\Tasks\NowPlaying\InitFlags: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\MigratedXML: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\Migrating: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\MediaLibraryCreateNewDatabase: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\SyncPlaylistsAdded: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\MLSChangeIndexMusic: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\MLSChangeIndexVideo: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\MLSChangeIndexPhoto: 0×00000004
HKCU\Software\Microsoft\MediaPlayer\Preferences\MLSChangeIndexList: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\MLSChangeIndexOther: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\LibraryHasBeenRun: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\MetadataRetrieval: 0×00000003
HKCU\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID: 00
HKCU\Software\Microsoft\MediaPlayer\Preferences\SilentAcquisition: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\UsageTracking: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\DisableMRU: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\LaunchIndex: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\SQMLaunchIndex: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\LastLibraryBasket: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\AppColorLimited: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\LibraryForceShowColumns: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\LibraryBasketVisibleNowPlaying: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\LastContainerV11: “{CC3D0211-9655-11D3-BA86-0000F80855E6}”
HKCU\Software\Microsoft\MediaPlayer\Preferences\LastContainerMode: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\EverLoadedServices: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\TranscodedFilesCacheSize: 0×00000800
HKCU\Software\Microsoft\MediaPlayer\Preferences\TranscodedFilesCacheDefaultSizeSet: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\DefaultSubscriptionService: “MediaGuide”
HKCU\Software\Microsoft\MediaPlayer\Preferences\MonitoredFoldersInitialized: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\SavedTrackFoldersRipDir: “C:\Documents and Settings\Administrator\My Documents\My Music”
HKCU\Software\Microsoft\MediaPlayer\Preferences\TrackFoldersDirectories0: “C:\Documents and Settings\All Users\Documents\My Music”
HKCU\Software\Microsoft\MediaPlayer\Preferences\TrackFoldersDirectories1: “C:\Documents and Settings\All Users\Documents\My Pictures”
HKCU\Software\Microsoft\MediaPlayer\Preferences\TrackFoldersDirectories2: “C:\Documents and Settings\All Users\Documents\My Videos”
HKCU\Software\Microsoft\MediaPlayer\Preferences\TrackFoldersDirectories3: “C:\Documents and Settings\Administrator\My Documents\My Music”
HKCU\Software\Microsoft\MediaPlayer\Preferences\TrackFoldersDirectories4: “C:\Documents and Settings\Administrator\My Documents\My Pictures”
HKCU\Software\Microsoft\MediaPlayer\Preferences\TrackFoldersDirectories5: “C:\Documents and Settings\Administrator\My Documents\My Videos”
HKCU\Software\Microsoft\MediaPlayer\Preferences\TrackFoldersDirectories: 0×00000006
HKCU\Software\Microsoft\MediaPlayer\Preferences\TrackFoldersUseRipDir: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\CurrentBackgroundScanFolder: “C:\Documents and Settings\All Users\Documents\My Music\Playlists”
HKCU\Software\Microsoft\MediaPlayer\Preferences\LibraryLastAddTime: “3/17/2011 6:06:41 AM”
HKCU\Software\Microsoft\MediaPlayer\Preferences\BackgroundScanCompleteDate: “3/17/2011 6:07:00 AM”
HKCU\Software\Microsoft\MediaPlayer\Preferences\LastLicenseRefresh: 0x1514617A
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\RTSP\ProxyStyle: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\RTSP\ProxyName: “”
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\RTSP\ProxyPort: 0x0000022A
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\RTSP\ProxyBypass: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\RTSP\ProxyExclude: “”
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyStyle: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyName: “”
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyPort: 0×00000050
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyBypass: 0×00000000
HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyExclude: “”
HKCU\Software\Microsoft\MediaPlayer\Preferences\HME\LocalLibraryID: “{DDEF9026-22B2-4CB1-8810-A856EC2F71F3}”
HKCU\Software\Microsoft\MediaPlayer\Setup\UpdateTimeStamp: DC A4 81 4D
HKCU\Software\Microsoft\MediaPlayer\Setup\CreatedLinks\Shortcut2: “C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk”
HKCU\Software\Microsoft\MediaPlayer\Setup\UserOptions\DesktopShortcut: “no”
HKCU\Software\Microsoft\MediaPlayer\Setup\UserOptions\QuickLaunchShortcut: “yes”
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide\FriendlyName: “Media Guide”
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide\Task1ButtonText: “Media Guide”
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide\Task1ButtonTip: “Media Guide”
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide\ImageLargeUrl: “http://images.windowsmedia.com/svcswitch/mg4_wmp12_30x30_2.png”
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide\ImageSmallUrl: “”
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide\ImageMenuUrl: “http://images.windowsmedia.com/svcswitch/media_guide_16x16.png”
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide\ColorPlayer: “#0063B0″
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide\ColorPlayerText: “#FFFFFF”
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide\ContentPartner: “”
HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide\Type: 0×00000001
HKCU\Software\Microsoft\MediaPlayer\Subscriptions\ActiveService: “Service=MediaGuide&userlocale=409&GEOID=f4&locale=409″
HKCU\Software\Microsoft\MediaPlayer\Subscriptions\ActiveServiceName: “MediaGuide”
HKCU\Software\Microsoft\MediaPlayer\UIPlugins\{D5E49195-ED19-40fb-9EE0-E6625A808B77}\AttemptedAutoRun: 0×00000001
HKCU\Software\Microsoft\Windows Media\WMSDK\General\UniqueID: “{86E5BA18-DC83-49EF-99E9-EA7BE9619C59}”
HKCU\Software\Microsoft\Windows Media\WMSDK\General\ComputerName: “PC_FOR_TEST”
HKCU\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber: 0xAC332FF6
HKCU\Software\Microsoft\Windows Media\WMSDK\General\ActiveLatchSet: 0x0000000B
HKCU\Software\Microsoft\Scrunch\Video\Resolution: 0×00000000
HKCU\Software\Microsoft\Scrunch\Video\BitRate: 0x000000C3
HKCU\Software\Microsoft\Scrunch\CPU Clock Speed: 0x00000A89
HKCU\Software\Microsoft\Scrunch\Post Process Mode: 0×00000001
HKCU\Software\Microsoft\Scrunch\Current Post Process Mode: 0xFFFFFFFF
HKCU\Software\Microsoft\SQMClient\wmp\Sampling\0: 90 40 C4 5E 69 E4 CB 01
HKCU\Software\Microsoft\SQMClient\UserId: “{ED137C4C-4BD8-400E-8E9C-17C661D511FA}”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/x-ms-wma: “wma”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/x-ms-wax: “wax”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/x-ms-wmv: “wmv”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/x-ms-wvx: “wvx”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/x-ms-asf: “asf,asx,wm,wmx”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/x-ms-asf-plugin: “asf,asx,wm,wmx”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/x-ms-wm: “asf,asx,wm,wmx”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/x-ms-wmx: “asf,asx,wm,wmx”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/mpeg: “mp3″
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/mpg: “mp3″
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/mp3: “mp3″
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/x-mpeg: “mp3″
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/x-mpg: “mp3″
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/x-mp3: “mp3″
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/mpegurl: “m3u”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/x-mpegurl: “m3u”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/avi: “avi”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/msvideo: “avi”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/x-msvideo: “avi”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/wav: “wav”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/x-wav: “wav”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/mpeg: “mpeg,mpg,mpe,mpv,m1v,m2v,mod,mp2,mpa,mpv2,mp2v”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/x-mpeg: “mpeg,mpg,mpe,mpv,m1v,m2v,mod,mp2,mpa,mpv2,mp2v”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/x-mpeg2a: “mpeg,mpg,mpe,mpv,m1v,m2v,mod,mp2,mpa,mpv2,mp2v”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\video/mpg: “mpeg,mpg,mpe,mpv,m1v,m2v,mod,mp2,mpa,mpv2,mp2v”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/mid: “mid,midi,rmi”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/midi: “mid,midi,rmi”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/x-mid: “mid,midi,rmi”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/x-midi: “mid,midi,rmi”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\midi/mid: “mid,midi,rmi”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/x-aiff: “aif,aifc,aiff”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/aiff: “aif,aifc,aiff”
HKCU\Software\Netscape\Netscape Navigator\Suffixes\audio/basic: “au,snd”
HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications\”C:\PROGRA~1\WINDOW~2\wmplayer.exe”: “Yes”
HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications\C:\PROGRA~1\WINDOW~2\wmplayer.exe: “Yes”
HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications\”C:\Program Files\Windows Media Player\wmplayer.exe”: “Yes”
HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications\C:\Program Files\Windows Media Player\wmplayer.exe: “Yes”
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE9: “audio/x-ms-wma”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/x-ms-wma: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE10: “audio/x-ms-wax”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/x-ms-wax: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE11: “video/x-ms-wmv”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/x-ms-wmv: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE12: “video/x-ms-wvx”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/x-ms-wvx: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE13: “video/x-ms-asf”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/x-ms-asf: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE14: “video/x-ms-asf-plugin”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/x-ms-asf-plugin: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE15: “video/x-ms-wm”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/x-ms-wm: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE16: “video/x-ms-wmx”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/x-ms-wmx: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE17: “audio/mpeg”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/mpeg: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE18: “audio/mpg”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/mpg: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE19: “audio/mp3″
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/mp3: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE20: “audio/x-mpeg”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/x-mpeg: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE21: “audio/x-mpg”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/x-mpg: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE22: “audio/x-mp3″
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/x-mp3: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE23: “audio/mpegurl”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/mpegurl: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE24: “audio/x-mpegurl”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/x-mpegurl: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE25: “video/avi”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/avi: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE26: “video/msvideo”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/msvideo: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE27: “video/x-msvideo”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/x-msvideo: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE28: “audio/wav”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/wav: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE29: “audio/x-wav”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/x-wav: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE30: “video/mpeg”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/mpeg: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE31: “video/x-mpeg”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/x-mpeg: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE32: “video/x-mpeg2a”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/x-mpeg2a: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE33: “video/mpg”
HKCU\Software\Netscape\Netscape Navigator\Viewers\video/mpg: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE34: “audio/mid”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/mid: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE35: “audio/midi”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/midi: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE36: “audio/x-mid”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/x-mid: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE37: “audio/x-midi”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/x-midi: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE38: “midi/mid”
HKCU\Software\Netscape\Netscape Navigator\Viewers\midi/mid: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE39: “audio/x-aiff”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/x-aiff: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE40: “audio/aiff”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/aiff: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””
HKCU\Software\Netscape\Netscape Navigator\Viewers\TYPE41: “audio/basic”
HKCU\Software\Netscape\Netscape Navigator\Viewers\audio/basic: “”C:\PROGRA~1\WINDOW~2\wmplayer.exe””

———————————-
Values modified:28
———————————-
(-) HKLM\Software\Microsoft\Direct3D\MostRecentApplication\Name: “iexplore.exe”
(+) HKLM\Software\Microsoft\Direct3D\MostRecentApplication\Name: “wmplayer.exe”
(-) HKLM\Software\Microsoft\DirectDraw\MostRecentApplication\Name: “getPlusPlus_Adobe.exe”
(+) HKLM\Software\Microsoft\DirectDraw\MostRecentApplication\Name: “wmplayer.exe”
(-) HKLM\Software\Microsoft\DirectDraw\MostRecentApplication\ID: 0x4C5C333B
(+) HKLM\Software\Microsoft\DirectDraw\MostRecentApplication\ID: 0x4537112A
(-) HKLM\Software\Microsoft\MediaPlayer\Setup\Progress_MaxDialog: 0×00000003
(+) HKLM\Software\Microsoft\MediaPlayer\Setup\Progress_MaxDialog: 0x0000000D
(-) HKLM\Software\Microsoft\MediaPlayer\Setup\Progress_MaxInstall: 0×00000001
(+) HKLM\Software\Microsoft\MediaPlayer\Setup\Progress_MaxInstall: 0x0000000B
(-) HKLM\Software\Microsoft\MediaPlayer\Setup\Progress_CurrentDialog: 0×00000003
(+) HKLM\Software\Microsoft\MediaPlayer\Setup\Progress_CurrentDialog: 0x0000000D
(-) HKCU\Software\Microsoft\MediaPlayer\Preferences\AcceptedPrivacyStatement: 0×00000000
(+) HKCU\Software\Microsoft\MediaPlayer\Preferences\AcceptedPrivacyStatement: 0×00000001
(-) HKCU\Software\Microsoft\MediaPlayer\Preferences\AutoMetadataLastResetTime: 0x1182BF80
(+) HKCU\Software\Microsoft\MediaPlayer\Preferences\AutoMetadataLastResetTime: 0×15146133
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Music: “”
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Music: “C:\Documents and Settings\Administrator\My Documents\My Music”
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Video: “”
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Video: “C:\Documents and Settings\Administrator\My Documents\My Videos”
(-) HKCU\Software\Microsoft\Windows Media\WMSDK\Namespace\LocalBase: “C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.XML”
(+) HKCU\Software\Microsoft\Windows Media\WMSDK\Namespace\LocalBase: “C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.XML”
(-) HKCU\Software\Microsoft\Windows Media\WMSDK\Namespace\DTDFile: “C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.DTD”
(+) HKCU\Software\Microsoft\Windows Media\WMSDK\Namespace\DTDFile: “C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.DTD”
(-) HKCU\Software\Microsoft\Windows Media\WMSDK\Namespace\LocalDelta: “C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSD.XML”
(+) HKCU\Software\Microsoft\Windows Media\WMSDK\Namespace\LocalDelta: “C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSD.XML”
(-) HKCU\Software\Microsoft\Windows Media\WMSDK\Namespace\RemoteDelta: “C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSR.XML”
(+) HKCU\Software\Microsoft\Windows Media\WMSDK\Namespace\RemoteDelta: “C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSR.XML”

———————————-
Files added:15
———————————-
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\cookies.sqlite-journal
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\parent.lock
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSD.XML
C:\Documents and Settings\Administrator\Local Settings\Temp\8zw1.htm
C:\Documents and Settings\Administrator\Local Settings\Temp\8zw1.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7148.tmp
C:\Documents and Settings\Administrator\My Documents\My Music\Desktop.ini
C:\Documents and Settings\Administrator\My Documents\My Videos\Desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\fistnam.exe
C:\Documents and Settings\All Users\DRM\drmstore.hds
C:\Documents and Settings\All Users\DRM\v3ks.bla
C:\Documents and Settings\All Users\DRM\v3ks.sec
C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

———————————-
Files [attributes?] modified:8
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\places.sqlite
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\places.sqlite-journal
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\urlclassifierkey3.txt
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.XML
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\0F0CA365d01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\_CACHE_001_
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
C:\WINDOWS\wmsetup.log

———————————-
Folders added:7
———————————-
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\Transcoded Files Cache
C:\Documents and Settings\Administrator\My Documents\My Music
C:\Documents and Settings\Administrator\My Documents\My Videos
C:\Documents and Settings\Administrator\AppData
C:\Documents and Settings\Administrator\AppData\marley
C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host
C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost

———————————-
Total changes:398
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.




STEP 1: Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

STEP 2: Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed the first Scan will start automatically

Review the detected threats

STEP 3: Carefully review the detected threats!

Click Remove button or False Positive.

Enjoy!

6 votes, average: 5.00 out of 56 votes, average: 5.00 out of 56 votes, average: 5.00 out of 56 votes, average: 5.00 out of 56 votes, average: 5.00 out of 5 (6 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...