There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod computer connection crash dcom dell driver drivers email error excel firefox google hard drive hardware hijackthis internet laptop logon logs off macro malware microsoft motherboard network networking problem ram recovery router screen slow software sound trojan usb userinit.exe virus vista webcam wifi windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Trouble accessing certain websites (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 1 of 2 1 2
 
Thread Tools
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
29-Nov-2006, 04:45 PM #1
Trouble accessing certain websites
Dear Techguy,

Out of the blue the other day, I started having trouble accessing certain websites that I use everyday like yahoo.com and facebook.com. My roommate is having the same problem with some other sites (we share a wireless network connection) as well. Everytime I try to access these sites I get the error message "Cannot find server". I have also tried this with Mozilla and I got the same result. I didn't know if some malware was preventing me from accessing these sites so I ran Adaware, but that did nothing. I have all the latest updates from Microsoft. I've disconnect and reconnected my internet and rebooted my computer, but I still can't access yahoo/facebook. I can live without facebook but I need to be able to read my email. I am including my HJT log incase it might help solve this problem. Thanks for your time and any help is much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 6:59:05 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir......&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...mp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...mp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\tmp200.tmp.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Register for free to hide this ad!
dvk01's Avatar
Moderator with 28,655 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
30-Nov-2006, 05:11 AM #2
you are showing lots of problems

first of all HJT needs to be in a permanent & not temp folder to eb able to fix anything safely so please do this

go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis

then

Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


and then post a new HJT log
I am moving this to security where we can help better
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
30-Nov-2006, 04:47 PM #3
latest HJT and ComboFix logs
Thanks for looking at my post Derek. I did what you said about the HJT and ComboFix. Although, last time I ran HJT, I downloaded it to my computer and put it in a folder on my desktop. I did not run it through a website. I would also like to add that I have been getting a lot of random website pop-ups (especially when I do searches through google, a random internet site, or sites, will pop up and do related searches of their own). Here are my latest logs...

Jeremy Brown - 06-11-30 16:32:39.62 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Jeremy Brown\Desktop\Installations"

((((((((((((((((((((((((((((((( Files Created from 2006-10-30 to 2006-11-30 ))))))))))))))))))))))))))))))))))


2006-11-28 18:04 <DIR> d-------- C:\WINDOWS\LastGood
2006-11-28 17:49 <DIR> d-------- C:\Documents and Settings\Jeremy Brown\.housecall6.6
2006-11-20 10:26 <DIR> d-------- C:\Program Files\DirectVobSub1
2006-11-20 10:22 <DIR> d-------- C:\Program Files\DirectVobSub
2006-11-13 22:02 <DIR> d-------- C:\Program Files\Computer Alarm Clock
2006-11-13 21:36 <DIR> d-------- C:\VundoFix Backups
2006-11-12 06:11 36,635 --a------ C:\WINDOWS\system32\tmp200.tmp.dll
2006-11-09 20:44 <DIR> d-------- C:\Program Files\Sateira
2006-11-07 14:27 36,635 --a------ C:\WINDOWS\system32\tmp9F.tmp.dll
2006-11-06 18:59 <DIR> d-------- C:\Documents and Settings\Jeremy Brown\Contacts
2006-11-06 18:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-10-31 09:36 32,866 --a------ C:\WINDOWS\slrundll.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-28 17:57 -------- d-------- C:\Documents and Settings\Jeremy Brown\Application Data\Skype
2006-11-28 17:55 73 --a------ C:\WINDOWS\system32\ssprs.dll
2006-11-28 17:55 335 --a------ C:\WINDOWS\system32\lsprst7.dll
2006-11-28 10:40 -------- d-------- C:\Program Files\PokerStars
2006-11-27 11:19 -------- d-------- C:\Documents and Settings\Jeremy Brown\Application Data\dvdcss
2006-11-15 11:46 -------- d-------- C:\Program Files\Internet Explorer
2006-11-11 16:53 -------- d-------- C:\Program Files\Yahoo!
2006-11-06 18:59 -------- d---s---- C:\Documents and Settings\Jeremy Brown\Application Data\Microsoft
2006-11-06 18:58 -------- d-------- C:\Program Files\MSN Messenger
2006-10-31 09:35 -------- d-------- C:\Program Files\QuickTime
2006-10-31 08:12 -------- d-------- C:\Program Files\AIM
2006-10-31 08:11 -------- d-------- C:\Program Files\AOD
2006-10-29 18:44 -------- d-------- C:\Program Files\Full Tilt Poker
2006-10-29 14:06 -------- d-------- C:\Program Files\Skype
2006-10-26 16:09 -------- d-------- C:\Program Files\PCFriendly
2006-10-26 16:09 -------- d-------- C:\Program Files\EarthLink TotalAccess
2006-10-26 16:09 -------- d-------- C:\Program Files\DivX
2006-10-26 16:09 -------- d-------- C:\Program Files\ATI Technologies
2006-10-26 16:09 -------- d-------- C:\Program Files\_uninstallation_info
2006-10-26 11:15 -------- d-------- C:\Program Files\TurboTranslator
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SemanticInsight"="C:\\Program Files\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"Computer Alarm Clock"="C:\\Program Files\\Computer Alarm Clock\\cac.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00, 00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff, ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a, 00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows USB controler"="winusb.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Windows USB controler"="winusb.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Windows USB controler"="winusb.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"Windows USB controler"="winusb.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\share dtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\expl orer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceob jectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeremy Brown^Start Menu^Programs^Startup^DLHelperEXE.exe]
"path"="C:\\Documents and Settings\\Jeremy Brown\\Start Menu\\Programs\\Startup\\DLHelperEXE.exe"
"backup"="C:\\WINDOWS\\pss\\DLHelperEXE.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Jeremy Brown\\Start Menu\\Programs\\Startup\\DLHelperEXE.exe"
"item"="DLHelperEXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ati2mdxx"
"hkey"="HKLM"
"command"="Ati2mdxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cpqset"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EabServr"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb09"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.e xe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mimboot"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mimboot.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdypnqko]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ifdccvt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ifdccvt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows USB controler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winusb"
"hkey"="HKLM"
"command"="winusb.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdc

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-30 16:33:28.15
C:\ComboFix.txt ... 06-11-30 16:33
C:\ComboFix2.txt ... 06-11-30 16:25
C:\ComboFix3.txt ... 06-11-30 16:16


Logfile of HijackThis v1.99.1
Scan saved at 4:42:50 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeremy Brown\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\tmp200.tmp.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Thanks again for all your help!
dvk01's Avatar
Moderator with 28,655 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
30-Nov-2006, 04:59 PM #4
Ok I can see quite a few things there

lets see what this will clear up before we resort to manual cleaning

first

You have disabled lots of things from starting at boot time with MSconfig

doing that doesn't stop them running or being started by something else on the computer

At least one item there is known malware

go to start/run and type msconfig, press ok & on the start up tab enable EVERYTHING
Then on the general tab select normal astart up all drivers & services
press ok & reboot

then

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory Objects
    • Sweep Windows Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
30-Nov-2006, 10:58 PM #5
Spy Sweeper Results and HJT log
Derek, I ran Spy Sweeper and came up with the following results. I believe that the list is probably lacking because I ran a previous scan with a program called A-Squared Anti-Malware. I am also including a copy of that log along with my new HJT log.

10:25 PM: Removal process completed. Elapsed time 00:00:19
10:25 PM: Quarantining All Traces: 180search assistant/zango
10:25 PM: Quarantining All Traces: 2o7.net cookie
10:25 PM: Quarantining All Traces: go.com cookie
10:25 PM: Quarantining All Traces: atwola cookie
10:25 PM: Quarantining All Traces: pointroll cookie
10:25 PM: Quarantining All Traces: specificclick.com cookie
10:25 PM: Quarantining All Traces: 3 cookie
10:25 PM: Quarantining All Traces: winad
10:25 PM: Quarantining All Traces: virtumonde
10:25 PM: Removal process initiated
10:23 PM: Traces Found: 16
10:23 PM: Full Sweep has completed. Elapsed time 01:14:32
10:23 PM: File Sweep Complete, Elapsed Time: 01:06:18
10:23 PM: Warning: Unable to sweep compressed file: "c:\documents and settings\jb\my documents\downloads\lost.s02e15.proper.hdtv.xvid-xor\xor-lost.215.rar": File not found
9:34 PM: C:\temp\salmau.dat (ID = 93788)
9:34 PM: Found Adware: 180search assistant/zango
9:17 PM: Starting File Sweep
9:17 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
9:17 PM: c:\documents and settings\jb\cookies\jb@sports.espn.go[1].txt (ID = 2729)
9:17 PM: c:\documents and settings\jb\cookies\jb@sports-ak.espn.go[1].txt (ID = 2729)
9:17 PM: c:\documents and settings\jb\cookies\jb@rsi.espn.go[1].txt (ID = 2729)
9:17 PM: c:\documents and settings\jb\cookies\jb@msnportal.112.2o7[1].txt (ID = 1958)
9:17 PM: Found Spy Cookie: 2o7.net cookie
9:17 PM: c:\documents and settings\jb\cookies\jb@go[2].txt (ID = 2728)
9:17 PM: c:\documents and settings\jb\cookies\jb@espn.go[1].txt (ID = 2729)
9:17 PM: Found Spy Cookie: go.com cookie
9:17 PM: c:\documents and settings\jb\cookies\jb@atwola[1].txt (ID = 2255)
9:17 PM: Found Spy Cookie: atwola cookie
9:17 PM: c:\documents and settings\jb\cookies\jb@ads.pointroll[2].txt (ID = 3148)
9:17 PM: Found Spy Cookie: pointroll cookie
9:17 PM: c:\documents and settings\jb\cookies\jb@adopt.specificclick[2].txt (ID = 3400)
9:17 PM: Found Spy Cookie: specificclick.com cookie
9:17 PM: c:\documents and settings\jb\cookies\jb@85.17.3[1].txt (ID = 1960)
9:17 PM: Found Spy Cookie: 3 cookie
9:17 PM: Starting Cookie Sweep
9:17 PM: Registry Sweep Complete, Elapsed Time:00:01:07
9:17 PM: HKLM\software\microsoft\rasap2k\ (ID = 1511572)
9:17 PM: HKLM\software\microsoft\dstr5\ (ID = 1511570)
9:17 PM: Found Adware: virtumonde
9:16 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadtoolsx.dll (ID = 147225)
9:16 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} (ID = 147197)
9:16 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || .owner (ID = 147196)
9:16 PM: Found Adware: winad
9:16 PM: Starting Registry Sweep
9:16 PM: Memory Sweep Complete, Elapsed Time: 00:06:50
9:09 PM: Starting Memory Sweep
9:09 PM: Start Full Sweep
9:09 PM: Sweep initiated using definitions version 811
9:09 PM: Spy Sweeper 5.2.3.2132 started
9:09 PM: | Start of Session, Thursday, November 30, 2006 |
********
9:09 PM: | End of Session, Thursday, November 30, 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:05 PM: Shield States
9:04 PM: Spyware Definitions: 804
9:04 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
9:04 PM: Spy Sweeper 5.2.3.2132 started
9:04 PM: Spy Sweeper 5.2.3.2132 started
9:04 PM: | Start of Session, Thursday, November 30, 2006 |
********



a-squared Anti-Malware - Version 2.1

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 11/30/2006 5:17:26 PM

[3900] C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL detected: Adware.MySearch.e
C:\Program Files\need2find detected: Trace.Directory.P2PNetworking
c:\temp\salm.log detected: Trace.File.180Solutions
c:\temp\salm_kyf.dat detected: Trace.File.180Solutions
C:\Documents and Settings\JB\Desktop\ares.lnk detected: Trace.File.Ares
C:\Program Files\ares\ares.exe detected: Trace.File.Ares
C:\Program Files\ares\data\anonproxies.txt.sample detected: Trace.File.Ares
C:\Program Files\ares\data\blocked.txt.sample detected: Trace.File.Ares
C:\Program Files\ares\data\blocked_keywords.txt.sample detected: Trace.File.Ares
C:\Program Files\ares\data\chanlistfilter.txt detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\chat.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\emotic.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\libbig.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\logo.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\mimesmall.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\mshareset.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\player.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\playlistbtns.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\prefs.txt detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\searchpnl.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\searchstars.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\tabsbig.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\tabssmall.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\transfer.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\webanim.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\p2pfilter.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\dutch.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\french.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\german.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\italian.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\japanese.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\kurdish.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\polish.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\portugues.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\slovak.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\spanish.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\swedish.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\turkish.txt detected: Trace.File.Ares
C:\Documents and Settings\JB\Start Menu\Programs\ares\ares.lnk detected: Trace.File.Ares
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Height detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Left detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Maximized detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Top detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Width detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Download detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Queue detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Upload detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Data --> AresNet1 detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Data --> JI.AresNet1 detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Download detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Queue detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Upload detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ServerPort detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ShowJP detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Extra.ShowActiveCaption detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoConnect detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoStartUp detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.LastLibraryMode detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastChatRoomBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastLibrary detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastPMBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastSearch detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Personal.GUID detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Privacy.SendRegularPath detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AllowBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AwayMessage detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Start Menu Folder detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CAvgTime detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CDnSpeed detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CFRTime detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CTtUptime detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CUpSpeed detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.HasLQCa detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQuery detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQueryInt detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.MaximizeUpBandOnIdle detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.ServerPort detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayName detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayVersion detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> Publisher detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> UninstallString detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLInfoAbout detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLUpdateInfo detected: Trace.Registry.Ares
Key: HKEY_CLASSES_ROOT\clsid\{f78b32d6-d6d8-4137-a18f-91ebe1a4aedb} detected: Trace.Registry.KaZaA
Key: HKEY_CURRENT_USER\software\kazaa detected: Trace.Registry.KaZaA
Value: HKEY_CURRENT_USER\software\kazaa --> tmp detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0 detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0seconds detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b1 detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0 detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0seconds detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b1 detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\cloudload --> sharedir detected: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo --> kazaanet detected: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> databasedir detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> downloaddir detected: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa --> listenport detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa --> tmp detected: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking detected: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\p2p networking detected: Trace.Registry.KaZaA
Key: HKEY_CLASSES_ROOT\clsid\{014da6c9-189f-421a-88cd-07cfe51cff10} detected: Trace.Registry.MyWay
Key: HKEY_CLASSES_ROOT\clsid\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} detected: Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b} detected: Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\need2findbar.settingsplugin.1 detected: Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\need2findbar.settingsplugin detected: Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\need2findbar.toolbarplugin.1 detected: Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\need2findbar.toolbarplugin detected: Trace.Registry.Need2Find
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net --> Changed detected: Trace.Registry.NewDotNet
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net --> SlowInfoCache detected: Trace.Registry.NewDotNet
Key: HKEY_LOCAL_MACHINE\software\p2p networking\clients detected: Trace.Registry.P2PNetworking
Key: HKEY_LOCAL_MACHINE\software\p2p networking detected: Trace.Registry.PeerEnabler
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> SemanticInsight detected: Trace.Registry.RXToolbar
C:\Documents and Settings\JB\Cookies\jb@2o7[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\JB\Cookies\jb@fastclick[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\JB\Cookies\jb@maxserving[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\JB\Cookies\jb@questionmarket[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\JB\Cookies\jb@trafficmp[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\JB\Cookies\jb@tribalfusion[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\fw4hgtzd.default\cookies.txt:37 detected: Trace.TrackingCookie
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll detected: Adware.Win32.MyWebSearch.o
C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL detected: Adware.ToolBar.MyWebSearch.l
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL detected: Adware.MySearch.e
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL detected: Adware.Win32.MyWebSearch.o
C:\VundoFix Backups\bopite.dll.bad detected: Trojan-Downloader.Win32.ConHook.ae
C:\WINDOWS\system32\rpcxWIRCD.EXE detected: Riskware.Client-IRC.Win32.UnrealIRC.32

Scanned

Files: 107827
Traces: 87015
Cookies: 133
Processes: 30

Found

Files: 6
Traces: 117
Cookies: 7
Processes: 1
Registry keys: 0

Scan end: 11/30/2006 7:30:49 PM
Scan time: 2:13:23 AM

C:\WINDOWS\system32\rpcxWIRCD.EXE Quarantined Riskware.Client-IRC.Win32.UnrealIRC.32
C:\VundoFix Backups\bopite.dll.bad Quarantined Trojan-Downloader.Win32.ConHook.ae
C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL Quarantined Adware.ToolBar.MyWebSearch.l
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Quarantined Adware.Win32.MyWebSearch.o
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL Quarantined Adware.Win32.MyWebSearch.o
C:\Documents and Settings\JB\Cookies\jb@2o7[2].txt Quarantined Trace.TrackingCookie
C:\Documents and Settings\JB\Cookies\jb@fastclick[1].txt Quarantined Trace.TrackingCookie
C:\Documents and Settings\JB\Cookies\jb@maxserving[1].txt Quarantined Trace.TrackingCookie
C:\Documents and Settings\JB\Cookies\jb@questionmarket[1].txt Quarantined Trace.TrackingCookie
C:\Documents and Settings\JB\Cookies\jb@trafficmp[1].txt Quarantined Trace.TrackingCookie
C:\Documents and Settings\JB\Cookies\jb@tribalfusion[1].txt Quarantined Trace.TrackingCookie
C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\fw4hgtzd.default\cookies.txt:37 Quarantined Trace.TrackingCookie
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> SemanticInsight Quarantined Trace.Registry.RXToolbar
Key: HKEY_LOCAL_MACHINE\software\p2p networking Quarantined Trace.Registry.PeerEnabler
Key: HKEY_LOCAL_MACHINE\software\p2p networking\clients Quarantined Trace.Registry.P2PNetworking
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net --> Changed Quarantined Trace.Registry.NewDotNet
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net --> SlowInfoCache Quarantined Trace.Registry.NewDotNet
Key: HKEY_CLASSES_ROOT\clsid\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} Quarantined Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b} Quarantined Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\need2findbar.settingsplugin.1 Quarantined Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\need2findbar.settingsplugin Quarantined Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\need2findbar.toolbarplugin.1 Quarantined Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\need2findbar.toolbarplugin Quarantined Trace.Registry.Need2Find
Key: HKEY_CLASSES_ROOT\clsid\{014da6c9-189f-421a-88cd-07cfe51cff10} Quarantined Trace.Registry.MyWay
Key: HKEY_CLASSES_ROOT\clsid\{f78b32d6-d6d8-4137-a18f-91ebe1a4aedb} Quarantined Trace.Registry.KaZaA
Key: HKEY_CURRENT_USER\software\kazaa Quarantined Trace.Registry.KaZaA
Value: HKEY_CURRENT_USER\software\kazaa --> tmp Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0 Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0seconds Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b1 Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0 Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0seconds Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b1 Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\cloudload --> sharedir Quarantined Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo --> kazaanet Quarantined Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> databasedir Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> downloaddir Quarantined Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa --> listenport Quarantined Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa --> tmp Quarantined Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Quarantined Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\p2p networking Quarantined Trace.Registry.KaZaA
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Height Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Left Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Maximized Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Top Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Width Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Download Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Queue Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Upload Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Data --> AresNet1 Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Data --> JI.AresNet1 Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Download Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Queue Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Upload Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ServerPort Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ShowJP Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Extra.ShowActiveCaption Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoConnect Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoStartUp Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.LastLibraryMode Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastChatRoomBrowse Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastLibrary Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastPMBrowse Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastSearch Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Personal.GUID Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Privacy.SendRegularPath Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AllowBrowse Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AwayMessage Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Start Menu Folder Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CAvgTime Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CDnSpeed Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CFRTime Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CTtUptime Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CUpSpeed Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.HasLQCa Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQuery Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQueryInt Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.MaximizeUpBandOnIdle Quarantined Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.ServerPort Quarantined Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayName Quarantined Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayVersion Quarantined Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> Publisher Quarantined Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> UninstallString Quarantined Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLInfoAbout Quarantined Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLUpdateInfo Quarantined Trace.Registry.Ares
C:\Documents and Settings\JB\Desktop\ares.lnk Quarantined Trace.File.Ares
C:\Program Files\ares\ares.exe Quarantined Trace.File.Ares
C:\Program Files\ares\data\anonproxies.txt.sample Quarantined Trace.File.Ares
C:\Program Files\ares\data\blocked.txt.sample Quarantined Trace.File.Ares
C:\Program Files\ares\data\blocked_keywords.txt.sample Quarantined Trace.File.Ares
C:\Program Files\ares\data\chanlistfilter.txt Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\chat.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\emotic.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\libbig.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\logo.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\mimesmall.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\mshareset.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\player.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\playlistbtns.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\prefs.txt Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\searchpnl.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\searchstars.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\tabsbig.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\tabssmall.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\transfer.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\gui\general\webanim.bmp Quarantined Trace.File.Ares
C:\Program Files\ares\data\p2pfilter.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\dutch.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\french.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\german.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\italian.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\japanese.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\kurdish.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\polish.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\portugues.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\slovak.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\spanish.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\swedish.txt Quarantined Trace.File.Ares
C:\Program Files\ares\lang\turkish.txt Quarantined Trace.File.Ares
C:\Documents and Settings\JB\Start Menu\Programs\ares\ares.lnk Quarantined Trace.File.Ares
c:\temp\salm.log Quarantined Trace.File.180Solutions
c:\temp\salm_kyf.dat Quarantined Trace.File.180Solutions
C:\Program Files\need2find Quarantined Trace.Directory.P2PNetworking
[3900] C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL Quarantined Adware.MySearch.e
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL Quarantined Adware.MySearch.e

Quarantined

Files: 6
Traces: 117
Cookies: 7
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
30-Nov-2006, 10:59 PM #6
Logfile of HijackThis v1.99.1
Scan saved at 10:54:41 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MDC\AEGIS Client\mgr8021x.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jeremy Brown\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\tmp200.tmp.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Computer Alarm Clock] "C:\Program Files\Computer Alarm Clock\cac.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [Windows USB controler] winusb.exe
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [pdypnqko] C:\WINDOWS\system32\ifdccvt.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
dvk01's Avatar
Moderator with 28,655 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
01-Dec-2006, 09:32 AM #7
much as I dislike Ares & kazaa and other P2P programs and advise people strongly NOT to use them which is quite likely the source of your infection I don't feel any antivirus/antispyware should remove them for you as Asquared has done

First stop any downloads or file sharing you are doing and close any file sharing/torrents you have working as otherwise we cannot even attempt to fix it


then

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the quote box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote:
Files to delete:
C:\WINDOWS\SYSTEM32\notification.dll
C:\WINDOWS\system32\ifdccvt.exe
C:\WINDOWS\system32\winusb.exe
C:\WINDOWS\system32\tmp200.tmp.dll
C:\WINDOWS\system32\tmp9F.tmp.dll

Folders to delete:
C:\Program Files\RXToolBar

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

when it reboots

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked



O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\tmp200.tmp.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O4 - HKLM\..\Run: [Windows USB controler] winusb.exe
O4 - HKLM\..\Run: [pdypnqko] C:\WINDOWS\system32\ifdccvt.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\


download the attached winusb_rem.zip & save to desktop
unzip it & double click it the reg file & say yes to prompts to merge with registry

reboot & post new HJT log and tell us how it is
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
01-Dec-2006, 11:08 AM #8
latest Avenger.txt and HJT log
Can I stop all the programs from starting when Windows starts or should I wait until we fix the entire problem? Here's the latest HJT log and Avenger txt

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ueuffrud

*******************

Script file located at: \??\C:\Program Files\fqlbsycf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\notification.dll deleted successfully.


File C:\WINDOWS\system32\ifdccvt.exe not found!
Deletion of file C:\WINDOWS\system32\ifdccvt.exe failed!

Could not process line:
C:\WINDOWS\system32\ifdccvt.exe
Status: 0xc0000034



File C:\WINDOWS\system32\winusb.exe not found!
Deletion of file C:\WINDOWS\system32\winusb.exe failed!

Could not process line:
C:\WINDOWS\system32\winusb.exe
Status: 0xc0000034

File C:\WINDOWS\system32\tmp200.tmp.dll deleted successfully.
File C:\WINDOWS\system32\tmp9F.tmp.dll deleted successfully.


Folder C:\Program Files\RXToolBar not found!
Deletion of folder C:\Program Files\RXToolBar failed!

Could not process line:
C:\Program Files\RXToolBar
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 11:07:37 AM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Jeremy Brown\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Computer Alarm Clock] "C:\Program Files\Computer Alarm Clock\cac.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
dvk01's Avatar
Moderator with 28,655 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
01-Dec-2006, 12:56 PM #9
has that made any difference to the problem

if not
  • Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click " Configure Scan Options"
  • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
  • Now Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
    • Reboot back to Normal Mode!
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next post!. It will be too big to post so you will need to attach it to your reply
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
01-Dec-2006, 03:37 PM #10
The computer is running better than before, but I still cannot access those websites. I will run the other scan.
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
03-Dec-2006, 12:51 PM #11
computer is slowing down
My computer has gotten substantially slower this weekend and I believe it is because I have so many programs running in the background from the get go (since I turned on every program to find the malware). Is it alright now to only selet the necessary files that I wish to start up when I sign on? Here is my WinPFind log...

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 12/3/2006 10:31:50 AM
WinPFind v1.5.0 Folder = C:\Documents and Settings\JB\Desktop\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 3/31/2003 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 5/17/2006 11:23:38 AM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 5/3/2006 8:26:24 PM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 5/3/2006 8:26:24 PM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/4/2004 2:56:54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
PEC2 8/28/1996 11:00:00 PM 163384 C:\WINDOWS\SYSTEM32\ODBCJET.HLP ()
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
PEC2 3/6/2004 12:05:26 AM 33792 C:\WINDOWS\SYSTEM32\tre.dll ()
PECompact2 3/6/2004 12:05:26 AM 33792 C:\WINDOWS\SYSTEM32\tre.dll ()
winsync 3/31/2003 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PEC2 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
WSUD 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/30/2006 12:17:50 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index24.dat ()
10/30/2006 12:17:58 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index25.dat ()
12/1/2006 10:34:32 AM S 64 C:\WINDOWS\CSC\00000001 ()
11/28/2006 9:02:10 AM S 64 C:\WINDOWS\CSC\00000002 ()
11/13/2006 9:54:32 PM S 64 C:\WINDOWS\CSC\csc1.tmp ()
10/16/2006 10:35:46 AM S 10965 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920213.cat ()
10/13/2006 7:55:52 AM S 10965 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923980.cat ()
10/13/2006 8:33:10 AM S 10259 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924270.cat ()
11/13/2006 1:05:44 AM S 15355 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925876.cat ()
11/2/2006 11:54:58 AM S 34696 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFDist11.cat ()
11/2/2006 12:13:58 PM S 27554 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmp11.cat ()
12/3/2006 10:29:50 AM H 16384 C:\WINDOWS\system32\config\default.LOG ()
12/3/2006 10:29:58 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
12/3/2006 10:29:38 AM H 24576 C:\WINDOWS\system32\config\SECURITY.LOG ()
12/3/2006 10:34:18 AM H 151552 C:\WINDOWS\system32\config\software.LOG ()
12/3/2006 10:34:16 AM H 909312 C:\WINDOWS\system32\config\system.LOG ()
11/6/2006 6:57:24 PM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
12/1/2006 7:20:52 PM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 ()
11/6/2006 6:57:24 PM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
11/6/2006 6:57:24 PM S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
12/1/2006 7:20:54 PM S 42333 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 ()
11/6/2006 6:57:24 PM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
12/1/2006 7:20:52 PM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 ()
11/6/2006 6:57:24 PM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
11/6/2006 6:57:24 PM S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
12/1/2006 7:20:54 PM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 ()
11/30/2006 7:56:10 PM H 0 C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ()
11/13/2006 11:02:46 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\ee4ef43b-1445-400e-b71b-4bab19a043fd ()
11/13/2006 11:02:46 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
10/13/2006 1:05:30 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\7ebd3495-d690-47e2-8c31-5c28e69647c3 ()
10/13/2006 1:05:30 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
12/3/2006 10:27:34 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/19/2004 8:51:24 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems)
3/31/2003 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
3/31/2003 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
3/31/2003 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
6/26/1997 9:47:34 AM 352256 C:\WINDOWS\SYSTEM32\setnote.cpl (IBM Corporation)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
3/31/2003 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/9/2006 9:50:00 AM 174552 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
3/31/2003 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
3/31/2003 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
3/31/2003 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
3/31/2003 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/9/2006 9:50:00 AM 174552 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/s...irector/sw.cab
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} - Trend Micro ActiveX Scan Agent 6.5 - CodeBase = http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/...ndows-i586.cab
{C68F9105-04FD-4B48-B6CC-2A076F711C35} - HpodPCFileCtrl2 Class - CodeBase = file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/...ndows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get...nt/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/15/2004 8:29:46 AM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini ()
9/15/2004 9:18:58 PM 1730 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/15/2004 8:13:06 AM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini ()
8/23/2004 8:00:26 AM 12 C:\Documents and Settings\All Users.WINDOWS\Application Data\DragToDiscUserNameD.txt ()

Checking files in %USERPROFILE%\Startup folder...
8/19/2004 7:58:30 PM HS 84 C:\Documents and Settings\JB\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
8/19/2004 3:44:48 PM HS 62 C:\Documents and Settings\JB\Application Data\desktop.ini ()
11/28/2004 12:49:44 AM 29584 C:\Documents and Settings\JB\Application Data\GDIPFONTCACHEV1.DAT ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.com/
\\Search Bar - http://home.microsoft.com/search/lobby/search.asp
\\Search Page - http://home.microsoft.com/access/allinone.asp
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll ()
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 =
\\NEXTID - 8203
\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - 8193 =
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8194 =
\\{FA4904B4-1FAF-4afd-886C-C19D2297BA62} - 8195 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8196 =
\\{FD7CF1CF-331A-4d9e-A3D8-82BC1B1861DA} - 8197 =
\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8198 =
\\{EFFF8D47-D060-4108-B761-E8EC86622E56} - 8199 =
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8200 =
\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - 8201 =
\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8202 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll (Roxio)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll ()
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMen uHandlers]
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMen uHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WinampAgent - C:\Program Files\Winamp\winampa.exe ()
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
Computer Alarm Clock - C:\Program Files\Computer Alarm Clock\cac.exe (Think Art Computing.)
a-squared - C:\Program Files\a-squared Anti-Malware\a2guard.exe (Emsi Software GmbH)
ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
RoxioEngineUtility - C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
RoxioDragToDisc - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
MMTray - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe ()
mmtask - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe ()
MimBoot - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe ()
HPDJ Taskbar Utility - C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
eabconfg.cpl - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe ()
Cpqset - C:\Program Files\HPQ\Default Settings\cpqset.exe ()
ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
ATIModeChange - C:\WINDOWS\SYSTEM32\Ati2mdxx.exe (ATI Technologies, Inc.)
Apoint - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
AGRSMMSG - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo mponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnc e]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\JB\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
03-Dec-2006, 12:53 PM #12
[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = ()
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = (Webroot Software, Inc.)

>>> DNS Name Servers <<<
{4AF8BA6F-6293-485D-A7A4-846A2870FA08} - (Broadcom 802.11b/g WLAN)
{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430} - (Realtek RTL8139/810x Family Fast Ethernet NIC)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Na meSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Pr otocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file BotCheck_NoSubs.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
Ole\\DefaultLaunchPermission - 01 00 04 80 64 00 00 00 80 00 00 00 00 00 00 00 14 00 00 00 02 00 50 00 03 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00
Ole\\EnableDCOM - Y
Ole\\Windows USB controler - winusb.exe
Ole\\MachineLaunchRestriction - 01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
Ole\\MachineAccessRestriction - 01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
\AppCompat
\NONREDIST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0
\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
WindowsUpdate\\WUServer - http://updates.pitt.edu
WindowsUpdate\\WUStatusServer - http://updates.pitt.edu
\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile - No SUBKEYS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile - not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e - No SUBKEYS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e - not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
Control\\CurrentUser - USERNAME
Control\\WaitToKillServiceTimeout - 20000
Control\\SystemStartOptions - FASTDETECT NOEXECUTE=OPTIN SAFEBOOT:MINIMAL SOS BOOTLOG NOGUIBOOT
Control\\SystemBootDevice - multi(0)disk(0)rdisk(0)partition(1)
\AGP
\Arbiters
\BackupRestore
\Biosinfo
\BootVerificationProgram
\Class
\CoDeviceInstallers
\COM Name Arbiter
\ComputerName
\ContentIndex
\ContentIndexCommon
\CrashControl
\CriticalDeviceDatabase
\DeviceClasses
\FileSystem
\GraphicsDrivers
\GroupOrderList
\HAL
\IDConfigDB
\Keyboard Layout
\Keyboard Layouts
\Lsa
\MediaCategories
\MediaInterfaces
\MediaProperties
\MediaResources
\MediaSets
\Network
\NetworkProvider
\Nls
\NTMS
\PnP
\Print
\PriorityControl
\ProductOptions
\SafeBoot
\ScsiPort
\SecurePipeServers
\SecurityProviders
\Server Applications
\ServiceGroupOrder
\ServiceProvider
\Session Manager
\Setup
\StillImage
\SystemResources
\Terminal Server
\TimeZoneInformation
\Update
\UsbFlags
\Video
\VirtualDeviceDrivers
\Watchdog
\Windows
\WMI
\WOW
\hivelist
\ServiceCurrent

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
Lsa\\Authentication Packages - msv1_0;
Lsa\\Bounds - 00 30 00 00 00 20 00 00
Lsa\\Security Packages - kerberos;msv1_0;schannel;wdigest;
Lsa\\LsaPid - 324
Lsa\\SecureBoot - 1
Lsa\\auditbaseobjects - 0
Lsa\\crashonauditfail - 0
Lsa\\disabledomaincreds - 0
Lsa\\everyoneincludesanonymous - 0
Lsa\\fipsalgorithmpolicy - 0
Lsa\\forceguest - 1
Lsa\\fullprivilegeauditing - 00
Lsa\\limitblankpassworduse - 1
Lsa\\lmcompatibilitylevel - 0
Lsa\\nodefaultadminowner - 1
Lsa\\nolmhash - 0
Lsa\\restrictanonymous - 0
Lsa\\restrictanonymoussam - 1
Lsa\\Notification Packages - scecli;
Lsa\\Windows USB controler - winusb.exe
Lsa\\ImpersonatePrivilegeUpgradeToolHasRun - 1
Lsa\\enabledcom - y
\AccessProviders
\Audit
\Data
\GBG
\JD
\Kerberos
\msv1_0
\Skew1
\SSO
\SspiCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameter s - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameter s]
Parameters\\autodisconnect - 15
Parameters\\enableforcedlogoff - 1
Parameters\\enablesecuritysignature - 0
Parameters\\requiresecuritysignature - 0
Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
Parameters\\NullSessionShares - COMCFG;DFS$;
Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
Parameters\\Lmannounce - 0
Parameters\\Size - 1
Parameters\\Guid - 9C 96 BC DA 97 84 F2 4D AF FE 6C 41 C9 A9 83 B4
Parameters\\CachedOpenLimit - 0
Parameters\\AdjustedNullSessionPipes - 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters]
Parameters\\autodisconnect - 15
Parameters\\enableforcedlogoff - 1
Parameters\\enablesecuritysignature - 0
Parameters\\requiresecuritysignature - 0
Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
Parameters\\NullSessionShares - COMCFG;DFS$;
Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
Parameters\\Lmannounce - 0
Parameters\\Size - 1
Parameters\\Guid - 9C 96 BC DA 97 84 F2 4D AF FE 6C 41 C9 A9 83 B4
Parameters\\CachedOpenLimit - 0
Parameters\\AdjustedNullSessionPipes - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Para meters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Para meters]
Parameters\\enableplaintextpassword - 0
Parameters\\enablesecuritysignature - 1
Parameters\\requiresecuritysignature - 0
Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
Parameters\\OtherDomains -

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Paramete rs - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Paramete rs]
Parameters\\enableplaintextpassword - 0
Parameters\\enablesecuritysignature - 1
Parameters\\requiresecuritysignature - 0
Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
Parameters\\OtherDomains -

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup -
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
\Epoch
\Parameters
\Security
\Setup
\Enum

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
RemoteRegistry\\DependOnService - RPCSS;
RemoteRegistry\\DisplayName - Remote Registry
RemoteRegistry\\ErrorControl - 1
RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
RemoteRegistry\\Group -
RemoteRegistry\\Start - 2
RemoteRegistry\\Type - 32
RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
\Parameters
\Security
\Enum

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
RemoteRegistry\\DependOnService - RPCSS;
RemoteRegistry\\DisplayName - Remote Registry
RemoteRegistry\\ErrorControl - 1
RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
RemoteRegistry\\Group -
RemoteRegistry\\Start - 2
RemoteRegistry\\Type - 32
RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
\Parameters
\Security
\Enum

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - No SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - not found.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - No SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
TlntSvr\\Type - 16
TlntSvr\\Start - 4
TlntSvr\\ErrorControl - 1
TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
TlntSvr\\DisplayName - Telnet
TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
TlntSvr\\DependOnGroup -
TlntSvr\\ObjectName - LocalSystem
TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
\Security

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr]
TlntSvr\\Type - 16
TlntSvr\\Start - 4
TlntSvr\\ErrorControl - 1
TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
TlntSvr\\DisplayName - Telnet
TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
TlntSvr\\DependOnGroup -
TlntSvr\\ObjectName - LocalSystem
TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
\Security

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
\Parameters
\Security
\Enum

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
\Parameters
\Security
\Enum

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings]
Internet Settings\\ProxyEnable - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
Internet Settings\\ProxyEnable - 0

>>>>Output for AddOn file BotCheck_Subs.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
Ole\\DefaultLaunchPermission - 01 00 04 80 64 00 00 00 80 00 00 00 00 00 00 00 14 00 00 00 02 00 50 00 03 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00
Ole\\EnableDCOM - Y
Ole\\Windows USB controler - winusb.exe
Ole\\MachineLaunchRestriction - 01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
Ole\\MachineAccessRestriction - 01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} - 1
Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} - 1
Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} - 1
Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} - 1
Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
WindowsUpdate\\WUServer - http://updates.pitt.edu
WindowsUpdate\\WUStatusServer - http://updates.pitt.edu
WindowsUpdate\AU\\RescheduleWaitTime - 5
WindowsUpdate\AU\\UseWUServer - 1
WindowsUpdate\AU\\NoAutoUpdate - 0
WindowsUpdate\AU\\AUOptions - 4
WindowsUpdate\AU\\ScheduledInstallDay - 0
WindowsUpdate\AU\\ScheduledInstallTime - 3

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile - Include SUBKEYS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile - not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e - Include SUBKEYS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e - not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
Control\\CurrentUser - USERNAME
Control\\WaitToKillServiceTimeout - 20000
Control\\SystemStartOptions - FASTDETECT NOEXECUTE=OPTIN SAFEBOOT:MINIMAL SOS BOOTLOG NOGUIBOOT
Control\\SystemBootDevice - multi(0)disk(0)rdisk(0)partition(1)
\AGP
\Arbiters
\BackupRestore
\Biosinfo
\BootVerificationProgram
\Class
\CoDeviceInstallers
\COM Name Arbiter
\ComputerName
\ContentIndex
\ContentIndexCommon
\CrashControl
\CriticalDeviceDatabase
\DeviceClasses
\FileSystem
\GraphicsDrivers
\GroupOrderList
\HAL
\IDConfigDB
\Keyboard Layout
\Keyboard Layouts
\Lsa
\MediaCategories
\MediaInterfaces
\MediaProperties
\MediaResources
\MediaSets
\Network
\NetworkProvider
\Nls
\NTMS
\PnP
\Print
\PriorityControl
\ProductOptions
\SafeBoot
\ScsiPort
\SecurePipeServers
\SecurityProviders
\Server Applications
\ServiceGroupOrder
\ServiceProvider
\Session Manager
\Setup
\StillImage
\SystemResources
\Terminal Server
\TimeZoneInformation
\Update
\UsbFlags
\Video
\VirtualDeviceDrivers
\Watchdog
\Windows
\WMI
\WOW
\hivelist
\ServiceCurrent
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
03-Dec-2006, 12:55 PM #13
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
Lsa\\Authentication Packages - msv1_0;
Lsa\\Bounds - 00 30 00 00 00 20 00 00
Lsa\\Security Packages - kerberos;msv1_0;schannel;wdigest;
Lsa\\LsaPid - 324
Lsa\\SecureBoot - 1
Lsa\\auditbaseobjects - 0
Lsa\\crashonauditfail - 0
Lsa\\disabledomaincreds - 0
Lsa\\everyoneincludesanonymous - 0
Lsa\\fipsalgorithmpolicy - 0
Lsa\\forceguest - 1
Lsa\\fullprivilegeauditing - 00
Lsa\\limitblankpassworduse - 1
Lsa\\lmcompatibilitylevel - 0
Lsa\\nodefaultadminowner - 1
Lsa\\nolmhash - 0
Lsa\\restrictanonymous - 0
Lsa\\restrictanonymoussam - 1
Lsa\\Notification Packages - scecli;
Lsa\\Windows USB controler - winusb.exe
Lsa\\ImpersonatePrivilegeUpgradeToolHasRun - 1
Lsa\\enabledcom - y
Lsa\AccessProviders\\ProviderOrder - Windows NT Access Provider;
Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath - %SystemRoot%\system32\ntmarta.dll
Lsa\Data\\Pattern - BF F4 E3 0B B3 01 CE 5A 4E 30 DE 82 47 A3 E9 81 39 65 37 33 33 65 31 30 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 BB E7 E0 5D
Lsa\GBG\\GrafBlumGroup - 3D 40 C3 46 CA B6 3C 24 36
Lsa\JD\\Lookup - B7 51 87 D3 EC 2B
Lsa\msv1_0\\ntlmminclientsec - 0
Lsa\msv1_0\\ntlmminserversec - 0
Lsa\msv1_0\\Auth132 - IISSUBA
Lsa\Skew1\\SkewMatrix - A1 A4 A7 FC A9 8D D4 B4 F7 A0 A5 FB C1 D8 72 CB
Lsa\SSO\Passport1.4\\SSOURL - http://www.passport.com
Lsa\SspiCache\\Time - 06 EA 15 C3 B2 A4 C4 01
Lsa\SspiCache\digest.dll\\Name - Digest
Lsa\SspiCache\digest.dll\\Comment - Digest SSPI Authentication Package
Lsa\SspiCache\digest.dll\\Capabilities - 16464
Lsa\SspiCache\digest.dll\\RpcId - 65535
Lsa\SspiCache\digest.dll\\Version - 1
Lsa\SspiCache\digest.dll\\TokenSize - 65535
Lsa\SspiCache\digest.dll\\Time - 00 D9 4A 94 F8 79 C4 01
Lsa\SspiCache\digest.dll\\Type - 49
Lsa\SspiCache\msapsspc.dll\\Name - DPA
Lsa\SspiCache\msapsspc.dll\\Comment - DPA Security Package
Lsa\SspiCache\msapsspc.dll\\Capabilities - 55
Lsa\SspiCache\msapsspc.dll\\RpcId - 17
Lsa\SspiCache\msapsspc.dll\\Version - 1
Lsa\SspiCache\msapsspc.dll\\TokenSize - 768
Lsa\SspiCache\msapsspc.dll\\Time - 00 D9 4A 94 F8 79 C4 01
Lsa\SspiCache\msapsspc.dll\\Type - 49
Lsa\SspiCache\msnsspc.dll\\Name - MSN
Lsa\SspiCache\msnsspc.dll\\Comment - MSN Security Package
Lsa\SspiCache\msnsspc.dll\\Capabilities - 55
Lsa\SspiCache\msnsspc.dll\\RpcId - 18
Lsa\SspiCache\msnsspc.dll\\Version - 1
Lsa\SspiCache\msnsspc.dll\\TokenSize - 768
Lsa\SspiCache\msnsspc.dll\\Time - 80 6F E3 94 F8 79 C4 01
Lsa\SspiCache\msnsspc.dll\\Type - 49

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameter s - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameter s]
Parameters\\autodisconnect - 15
Parameters\\enableforcedlogoff - 1
Parameters\\enablesecuritysignature - 0
Parameters\\requiresecuritysignature - 0
Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
Parameters\\NullSessionShares - COMCFG;DFS$;
Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
Parameters\\Lmannounce - 0
Parameters\\Size - 1
Parameters\\Guid - 9C 96 BC DA 97 84 F2 4D AF FE 6C 41 C9 A9 83 B4
Parameters\\CachedOpenLimit - 0
Parameters\\AdjustedNullSessionPipes - 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters]
Parameters\\autodisconnect - 15
Parameters\\enableforcedlogoff - 1
Parameters\\enablesecuritysignature - 0
Parameters\\requiresecuritysignature - 0
Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
Parameters\\NullSessionShares - COMCFG;DFS$;
Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
Parameters\\Lmannounce - 0
Parameters\\Size - 1
Parameters\\Guid - 9C 96 BC DA 97 84 F2 4D AF FE 6C 41 C9 A9 83 B4
Parameters\\CachedOpenLimit - 0
Parameters\\AdjustedNullSessionPipes - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Para meters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Para meters]
Parameters\\enableplaintextpassword - 0
Parameters\\enablesecuritysignature - 1
Parameters\\requiresecuritysignature - 0
Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
Parameters\\OtherDomains -

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Paramete rs - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Paramete rs]
Parameters\\enableplaintextpassword - 0
Parameters\\enablesecuritysignature - 1
Parameters\\requiresecuritysignature - 0
Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
Parameters\\OtherDomains -

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup -
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 38356
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications \List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications \List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications \List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications \List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\1900:UDP - 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\2869:TCP - 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10243:TCP - 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10280:UDP - 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10281:UDP - 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10282:UDP - 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10283:UDP - 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10284:UDP - 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 1
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowException s - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Messenger\msmsgs.exe - C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Ares\Ares.exe - C:\Program Files\Ares\Ares.exe:*:Enabled:Ares
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Internet Explorer\iexplore.exe - C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Ares Gold\AresGold.exe - C:\Program Files\Ares Gold\AresGold.exe:*:Enabled:AresGold
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe - C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\uTorrent\utorrent.exe - C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Skype\Phone\Skype.exe - C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\1900:UDP - 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\2869:TCP - 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10243:TCP - 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10280:UDP - 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10281:UDP - 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10282:UDP - 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10283:UDP - 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10284:UDP - 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4AF8BA6F-6293-485D-A7A4-846A2870FA08} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
RemoteRegistry\\DependOnService - RPCSS;
RemoteRegistry\\DisplayName - Remote Registry
RemoteRegistry\\ErrorControl - 1
RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
RemoteRegistry\\Group -
RemoteRegistry\\Start - 2
RemoteRegistry\\Type - 32
RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
RemoteRegistry\Parameters\\ServiceDll - %SystemRoot%\system32\regsvc.dll
RemoteRegistry\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
RemoteRegistry\Enum\\0 - Root\LEGACY_REMOTEREGISTRY\0000
RemoteRegistry\Enum\\Count - 1
RemoteRegistry\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
RemoteRegistry\\DependOnService - RPCSS;
RemoteRegistry\\DisplayName - Remote Registry
RemoteRegistry\\ErrorControl - 1
RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
RemoteRegistry\\Group -
RemoteRegistry\\Start - 2
RemoteRegistry\\Type - 32
RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
RemoteRegistry\Parameters\\ServiceDll - %SystemRoot%\system32\regsvc.dll
RemoteRegistry\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
RemoteRegistry\Enum\\0 - Root\LEGACY_REMOTEREGISTRY\0000
RemoteRegistry\Enum\\Count - 1
RemoteRegistry\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - Include SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - not found.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - Include SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
TlntSvr\\Type - 16
TlntSvr\\Start - 4
TlntSvr\\ErrorControl - 1
TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
TlntSvr\\DisplayName - Telnet
TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
TlntSvr\\DependOnGroup -
TlntSvr\\ObjectName - LocalSystem
TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TlntSvr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr]
TlntSvr\\Type - 16
TlntSvr\\Start - 4
TlntSvr\\ErrorControl - 1
TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
TlntSvr\\DisplayName - Telnet
TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
TlntSvr\\DependOnGroup -
TlntSvr\\ObjectName - LocalSystem
TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TlntSvr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings]
Internet Settings\\ProxyEnable - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
Internet Settings\\ProxyEnable - 0

>>>>Output for AddOn file Exe_Test.def<<<<
DIR C:\WINDOWS\*.exe (Parameters = )
C:\WINDOWS\agrsmdel.exe( (Agere Systems))
C:\WINDOWS\AGRSMMSG.exe( (Agere Systems))
C:\WINDOWS\explorer.exe( (Microsoft Corporation))
C:\WINDOWS\hh.exe( (Microsoft Corporation))
C:\WINDOWS\notepad.exe( (Microsoft Corporation))
C:\WINDOWS\QT32INST.EXE( (Apple Computer, Inc.))
C:\WINDOWS\QTW32DEL.EXE( (Apple Computer, Inc.))
C:\WINDOWS\regedit.exe( (Microsoft Corporation))
C:\WINDOWS\slrundll.exe( (Smart Link))
C:\WINDOWS\taskman.exe( (Microsoft Corporation))
C:\WINDOWS\twunk_16.exe( (Twain Working Group))
C:\WINDOWS\twunk_32.exe( (Twain Working Group))
C:\WINDOWS\winhelp.exe( (Microsoft Corporation))
C:\WINDOWS\winhlp32.exe( (Microsoft Corporation))

DIR C:\*.* (Parameters = )
C:\AUTOEXEC.BAT( ())
C:\avenger.txt( ())
C:\az.log( ())
C:\boot.ini( ())
C:\ComboFix.txt( ())
C:\ComboFix2.txt( ())
C:\ComboFix3.txt( ())
C:\CONFIG.SYS( ())
C:\data( ())
C:\debug.txt( ())
C:\DVDPATH.TXT( ())
C:\hpfr5100.log( ())
C:\IO.SYS( ())
C:\IPH.PH( ())
C:\lesen.nfo( ())
C:\MSDOS.SYS( ())
C:\NTDETECT.COM( ())
C:\ntldr( ())
C:\resolve.log( ())
C:\Saugstube www.saugstube.to The best EmulePage Emuleseite Eselseite.url( ())
C:\setup.log( ())
C:\sunjava.log( ())
C:\VundoFix.txt( ())
C:\Wie_entpacken...txt( ())
C:\YServer.txt( ())

DIR C:\Program Files\*.* (Parameters = )
C:\Program Files\desktop.ini( ())

>>>>Output for AddOn file FileAssoc.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat]
.bat\\ - batfile
\PersistentHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile]
batfile\\ - MS-DOS Batch File
batfile\\EditFlags - 30 04 00 00
batfile\DefaultIcon\\ - %SystemRoot%\System32\shell32.dll,-153
batfile\shell\edit\command\\ - %SystemRoot%\System32\NOTEPAD.EXE %1
batfile\shell\open\\EditFlags - 00 00 00 00
batfile\shell\open\command\\ - "%1" %*
batfile\shell\print\command\\ - %SystemRoot%\System32\NOTEPAD.EXE /p %1
batfile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D}
batfile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D}
batfile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd]
.cmd\\ - cmdfile
\PersistentHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile]
cmdfile\\ - Windows NT Command Script
cmdfile\\EditFlags - 30 04 00 00
cmdfile\DefaultIcon\\ - %SystemRoot%\System32\shell32.dll,-153
cmdfile\shell\edit\command\\ - %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile\shell\open\\EditFlags - 00 00 00 00
cmdfile\shell\open\command\\ - "%1" %*
cmdfile\shell\print\command\\ - %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D}
cmdfile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D}
cmdfile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com]
.com\\ - comfile
\PersistentHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile]
comfile\\ - MS-DOS Application
comfile\\EditFlags - 30 00 00 00
comfile\DefaultIcon\\ - %SystemRoot%\System32\shell32.dll,2
comfile\shell\open\\EditFlags - 00 00 00 00
comfile\shell\open\command\\ - "%1" %*
comfile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D}
comfile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]
.exe\\ - exefile
.exe\\Content Type - application/x-msdownload
\PersistentHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile]
exefile\\ - Application
exefile\\EditFlags - 38 07 00 00
exefile\\TileInfo - prop:FileDescription;Company;FileVersion
exefile\\InfoTip - prop:FileDescription;Company;FileVersion;Create;Size
exefile\DefaultIcon\\ - %1
exefile\shell\open\\EditFlags - 00 00 00 00
exefile\shell\open\command\\ - "%1" %*
exefile\shell\runas\command\\ - "%1" %*
exefile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D}
exefile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D}
exefile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\ -

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk]
.lnk\\ - lnkfile
.lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}\\ - {00021401-0000-0000-C000-000000000046}
.lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}\\ - {00021401-0000-0000-C000-000000000046}
.lnk\ShellEx\{00021500-0000-0000-C000-000000000046}\\ - {00021401-0000-0000-C000-000000000046}
.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\\ - {00021401-0000-0000-C000-000000000046}
.lnk\ShellNew\\Command - rundll32.exe appwiz.cpl,NewLinkHere %1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile]
lnkfile\\ - Shortcut
lnkfile\\EditFlags - 1
lnkfile\\IsShortcut -
lnkfile\\NeverShowExt -
lnkfile\CLSID\\ - {00021401-0000-0000-C000-000000000046}
lnkfile\shellex\ContextMenuHandlers\Offline Files\\ - {750fdf0e-2a26-11d1-a3ea-080036587f03}
lnkfile\shellex\DropHandler\\ - {00021401-0000-0000-C000-000000000046}
lnkfile\shellex\IconHandler\\ - {00021401-0000-0000-C000-000000000046}
lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
03-Dec-2006, 12:58 PM #14
HKEY_CURRENT_USER\SOFTWARE\Classes\.bat - No SUBKEYS
HKEY_CURRENT_USER\SOFTWARE\Classes\.bat - not found.

HKEY_CURRENT_USER\SOFTWARE\Classes\batfile - Include SUBKEYS
HKEY_CURRENT_USER\SOFTWARE\Classes\batfile - not found.

HKEY_CURRENT_USER\SOFTWARE\Classes\.cmd - No SUBKEYS
HKEY_CURRENT_USER\SOFTWARE\Classes\.cmd - not found.

HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile - Include SUBKEYS
HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile - not found.

HKEY_CURRENT_USER\SOFTWARE\Classes\.com - No SUBKEYS
HKEY_CURRENT_USER\SOFTWARE\Classes\.com - not found.

HKEY_CURRENT_USER\SOFTWARE\Classes\comfile - Include SUBKEYS
HKEY_CURRENT_USER\SOFTWARE\Classes\comfile - not found.

HKEY_CURRENT_USER\SOFTWARE\Classes\.exe - No SUBKEYS
HKEY_CURRENT_USER\SOFTWARE\Classes\.exe - not found.

HKEY_CURRENT_USER\SOFTWARE\Classes\exefile - Include SUBKEYS
HKEY_CURRENT_USER\SOFTWARE\Classes\exefile - not found.

HKEY_CURRENT_USER\SOFTWARE\Classes\.lnk - Include SUBKEYS
HKEY_CURRENT_USER\SOFTWARE\Classes\.lnk - not found.

HKEY_CURRENT_USER\SOFTWARE\Classes\lnkfile - Include SUBKEYS
HKEY_CURRENT_USER\SOFTWARE\Classes\lnkfile - not found.

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop]
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 1
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3A 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00
Desktop\General\\BackupWallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\WallpaperFileTime - 9A 22 52 D5 A8 FF C6 01
Desktop\General\\WallpaperLocalFileTime - 9A 1A 7C EC 7E FF C6 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Jobs.def<<<<
DIR C:\WINDOWS\tasks\*.* (Parameters = Include SubFolders)
C:\WINDOWS\tasks\desktop.ini( ())
C:\WINDOWS\tasks\SA.DAT( ())

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 2
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup -
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup -
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 38356
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications \List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications \List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications \List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications \List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\1900:UDP - 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\2869:TCP - 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10243:TCP - 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10280:UDP - 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10281:UDP - 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10282:UDP - 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10283:UDP - 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\10284:UDP - 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 1
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowException s - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Messenger\msmsgs.exe - C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Ares\Ares.exe - C:\Program Files\Ares\Ares.exe:*:Enabled:Ares
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Internet Explorer\iexplore.exe - C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Ares Gold\AresGold.exe - C:\Program Files\Ares Gold\AresGold.exe:*:Enabled:AresGold
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe - C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\uTorrent\utorrent.exe - C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Skype\Phone\Skype.exe - C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\1900:UDP - 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\2869:TCP - 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10243:TCP - 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10280:UDP - 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10281:UDP - 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10282:UDP - 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10283:UDP - 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10284:UDP - 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4AF8BA6F-6293-485D-A7A4-846A2870FA08} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

>>>>Output for AddOn file ShellState.def<<<<
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer - No SUBKEYS
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
Explorer\\WebFindBandHook - {68F2D3FC-8366-4a46-8224-58EFA2749425}
Explorer\\FileFindBandHook - {FFAC7A18-EDF9-40de-BA3F-49FC2269855E}
Explorer\\Logon User Name - JB
Explorer\\ShellState - 24 00 00 00 38 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0D 00 00 00 00 00 00 00 02 00 00 00
Explorer\\CleanShutdown - 0
Explorer\\FaultCount - 0
Explorer\\FaultTime - 0
Explorer\\Browse For Folder Width - 318
Explorer\\Browse For Folder Height - 288
Explorer\\link - 16 00 00 00
Explorer\\IconUnderline - ;
Explorer\\NoFileFolderConnection - 0
Explorer\\SearchSystemDirs - 1
Explorer\\SearchHidden - 1
Explorer\\IncludeSubFolders - 1
Explorer\\CaseSensitive - 1
Explorer\\SearchSlowFiles - 0
Explorer\\EnableAutoTray - 0
\Advanced
\AutoComplete
\AutoplayHandlers
\BitBucket
\CabinetState
\CD Burning
\CLSID
\ComDlg32
\ComputerDescriptions
\Desktop
\Discardable
\FileExts
\HideMyComputerIcons
\MenuOrder
\MountPoints2
\NewShortcutHandlers
\PropSummary
\PublishingWizard
\RecentDocs
\RunMRU
\Shell Folders
\ShellImageView
\SmallIcons
\StartPage
\StreamMRU
\Streams
\StuckRects2
\tips
\TrayNotify
\User Shell Folders
\UserAssist
\VisualEffects
\Wallpaper
\WebView
\WorkgroupCrawler
\SessionInfo

>>>>Output for AddOn file SID_Run_Policies.def<<<<
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies]
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\\CDRAutoRun - 0

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies]
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\\CDRAutoRun - 0
smoothone23's Avatar
Junior Member with 18 posts.
  
Join Date: Nov 2006
Experience: Intermediate
03-Dec-2006, 12:59 PM #15
>>>>Output for AddOn file Svc_Tcpip.def<<<<
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]
Tcpip\\Type - 1
Tcpip\\Start - 1
Tcpip\\ErrorControl - 1
Tcpip\\Tag - 4
Tcpip\\ImagePath - System32\DRIVERS\tcpip.sys
Tcpip\\DisplayName - TCP/IP Protocol Driver
Tcpip\\Group - PNP_TDI
Tcpip\\DependOnService - IPSec;
Tcpip\\DependOnGroup -
Tcpip\\Description - TCP/IP Protocol Driver
Tcpip\Linkage\\Bind - \Device\{4AF8BA6F-6293-485D-A7A4-846A2870FA08};\Device\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430};\Device\NdisWanIp;
Tcpip\Linkage\\Route - "{4AF8BA6F-6293-485D-A7A4-846A2870FA08}";"{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}";"NdisWanIp";
Tcpip\Linkage\\Export - \Device\Tcpip_{4AF8BA6F-6293-485D-A7A4-846A2870FA08};\Device\Tcpip_{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430};\Device\Tcpip_{D5FA6670-955A-4215-BFD6-4C0777C2D6E9};\Device\Tcpip_{17D35B00-11C6-4A26-8BA1-0AEFE5203025};
Tcpip\Parameters\\NV Hostname - jbscomputer
Tcpip\Parameters\\DataBasePath - %SystemRoot%\System32\drivers\etc
Tcpip\Parameters\\NameServer -
Tcpip\Parameters\\ForwardBroadcasts - 0
Tcpip\Parameters\\IPEnableRouter - 0
Tcpip\Parameters\\Domain -
Tcpip\Parameters\\Hostname - jbscomputer
Tcpip\Parameters\\SearchList -
Tcpip\Parameters\\UseDomainNameDevolution - 1
Tcpip\Parameters\\EnableICMPRedirect - 1
Tcpip\Parameters\\DeadGWDetectDefault - 1
Tcpip\Parameters\\DontAddDefaultGatewayDefault - 0
Tcpip\Parameters\\EnableSecurityFilters - 0
Tcpip\Parameters\\TcpWindowSize - 65536
Tcpip\Parameters\\DhcpNameServer - 192.168.178.1
Tcpip\Parameters\Adapters\NdisWanIp\\LLInterface - WANARP
Tcpip\Parameters\Adapters\NdisWanIp\\IpConfig - Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9};Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025};
Tcpip\Parameters\Adapters\NdisWanIp\\NumInterfaces - 2
Tcpip\Parameters\Adapters\NdisWanIp\\IpInterfaces - 70 66 FA D5 5A 95 15 42 BF D6 4C 07 77 C2 D6 E9 00 5B D3 17 C6 11 26 4A 8B A1 0A EF E5 20 30 25
Tcpip\Parameters\Adapters\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\LLInterface -
Tcpip\Parameters\Adapters\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\IpConfig - Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08};
Tcpip\Parameters\Adapters\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\LLInterface -
Tcpip\Parameters\Adapters\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\IpConfig - Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430};
Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\UseZeroBroadcast - 0
Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\EnableDHCP - 0
Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\IPAddress - 0.0.0.0;
Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\SubnetMask - 0.0.0.0;
Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\DefaultGateway -
Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\EnableDeadGWDetect - 1
Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\DontAddDefaultGateway - 0
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\UseZeroBroadcast - 0
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\EnableDeadGWDetect - 1
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\EnableDHCP - 1
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\IPAddress - 0.0.0.0;
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\SubnetMask - 0.0.0.0;
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DefaultGateway -
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DefaultGatewayMetric -
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\NameServer -
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\Domain -
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\RegistrationEnabled - 1
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\RegisterAdapterName - 0
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\TCPAllowedPorts - 0;
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\UDPAllowedPorts - 0;
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\RawIPAllowedProtocols - 0;
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\NTEContextList - 0x00000003;
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpClassIdBin -
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpServer - 192.168.178.1
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\Lease - 864000
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\LeaseObtainedTime - 1164988814
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\T1 - 1165420814
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\T2 - 1165744814
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\LeaseTerminatesTime - 1165852814
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\IPAutoconfigurationAddress - 0.0.0.0
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\IPAutoconfigurationMask - 255.255.0.0
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\IPAutoconfigurationSeed - 1493204691
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\AddressType - 0
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpIPAddress - 192.168.178.20
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpSubnetMask - 255.255.255.0
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpNameServer - 192.168.178.1
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpDefaultGateway - 192.168.178.1;
Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpSubnetMaskOpt - 255.255.255.0;
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\UseZeroBroadcast - 0
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\EnableDeadGWDetect - 1
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\EnableDHCP - 1
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\IPAddress - 0.0.0.0;
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\SubnetMask - 0.0.0.0;
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DefaultGateway -
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DefaultGatewayMetric -
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\NameServer -
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\Domain -
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\RegistrationEnabled - 1
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\RegisterAdapterName - 0
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\TCPAllowedPorts - 0;
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\UDPAllowedPorts - 0;
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\RawIPAllowedProtocols - 0;
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\NTEContextList - 0x00000002;
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DhcpClassIdBin -
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DhcpServer - 192.168.1.1
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\Lease - 86400
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\LeaseObtainedTime - 1156017089
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\T1 - 1156060289
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\T2 - 1156092689
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\LeaseTerminatesTime - 1156103489
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\IPAutoconfigurationAddress - 0.0.0.0
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\IPAutoconfigurationMask - 255.255.0.0
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\IPAutoconfigurationSeed - 0
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\AddressType - 0
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DhcpIPAddress - 192.168.1.103
Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DhcpSubnetMask - 255.255.255.0
Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\UseZeroBroadcast - 0
Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\EnableDHCP - 0
Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\IPAddress - 0.0.0.0;
Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\SubnetMask - 0.0.0.0;
Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\DefaultGateway -
Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\EnableDeadGWDetect - 1
Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\DontAddDefaultGateway - 0
Tcpip\Parameters\Winsock\\UseDelayedAcceptance - 0
Tcpip\Parameters\Winsock\\HelperDllName - %SystemRoot%\System32\wshtcpip.dll
Tcpip\Parameters\Winsock\\MaxSockAddrLength - 16
Tcpip\Parameters\Winsock\\MinSockAddrLength - 16
Tcpip\Parameters\Winsock\\Mapping - 0B 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 02 00 00 00 11 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00
Tcpip\Performance\\Close - CloseTcpIpPerformanceData
Tcpip\Performance\\Collect - CollectTcpIpPerformanceData
Tcpip\Performance\\Library - Perfctrs.dll
Tcpip\Performance\\Open - OpenTcpIpPerformanceData
Tcpip\Performance\\Object List - 502 510 546 582 638 658
Tcpip\Performance\\WbemAdapFileSignature - 96 49 2C 72 1C 6E A5 17 E2 BF D5 38 1F EF 55 E3
Tcpip\Performance\\WbemAdapFileTime - 00 E0 23 0E 7D F7 C2 01
Tcpip\Performance\\WbemAdapFileSize - 39936
Tcpip\Performance\\WbemAdapStatus - 0
Tcpip\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
Tcpip\ServiceProvider\\Class - 8
Tcpip\ServiceProvider\\DnsPriority - 2000
Tcpip\ServiceProvider\\HostsPriority - 500
Tcpip\ServiceProvider\\LocalPriority - 499
Tcpip\ServiceProvider\\ProviderPath - %SystemRoot%\System32\wsock32.dll
Tcpip\ServiceProvider\\NetbtPriority - 2001
Tcpip\ServiceProvider\\Name - TCP/IP
Tcpip\Enum\\0 - Root\LEGACY_TCPIP\0000
Tcpip\Enum\\Count - 1
Tcpip\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
Parameters\\NV Hostname - jbscomputer
Parameters\\DataBasePath - %SystemRoot%\System32\drivers\etc
Parameters\\NameServer -
Parameters\\ForwardBroadcasts - 0
Parameters\\IPEnableRouter - 0
Parameters\\Domain -
Parameters\\Hostname - jbscomputer
Parameters\\SearchList -
Parameters\\UseDomainNameDevolution - 1
Parameters\\EnableICMPRedirect - 1
Parameters\\DeadGWDetectDefault - 1
Parameters\\DontAddDefaultGatewayDefault - 0
Parameters\\EnableSecurityFilters - 0
Parameters\\TcpWindowSize - 65536
Parameters\\DhcpNameServer - 192.168.178.1
\Adapters
\DNSRegisteredAdapters
\Interfaces
\PersistentRoutes
\Winsock

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters - No SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters - not found.

DIR C:\WINDOWS\system32\drivers\etc\*.* (Parameters = )
C:\WINDOWS\system32\drivers\etc\hosts( ())
C:\WINDOWS\system32\drivers\etc\lmhosts.sam( ())
C:\WINDOWS\system32\drivers\etc\networks( ())
C:\WINDOWS\system32\drivers\etc\protocol( ())
C:\WINDOWS\system32\drivers\etc\services( ())

>>>>Output for AddOn file SvcHost_Check.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
Svchost\\LocalService - Alerter;WebClient;LmHosts;RemoteRegistry;upnphost;SSDPSRV;
Svchost\\NetworkService - DnsCache;
Svchost\\netsvcs - 6to4;AppMgmt;AudioSrv;Browser;CryptSvc;DMServer;DHCP;ERSvc;EventSystem;Fast UserSwitchingCompatibility;HidServ;Ias;Iprip;Irmon;LanmanServer;LanmanWorks tation;Messenger;Netman;Nla;Ntmssvc;NWCWorkstation;Nwsapagent;Rasauto;Rasma n;Remoteaccess;Schedule;Seclogon;SENS;Sharedaccess;SRService;Tapisrv;Themes ;TrkWks;W32Time;WZCSVC;Wmi;WmdmPmSp;winmgmt;TermService;wuauserv;BITS;Shell HWDetection;helpsvc;xmlprov;wscsvc;
Svchost\\rpcss - RpcSs;
Svchost\\imgsvc - StiSvc;
Svchost\\termsvcs - TermService;
Svchost\\HTTPFilter - HTTPFilter;
Svchost\\DcomLaunch - DcomLaunch;TermService;
Svchost\\Usnsvc - usnsvc;
Svchost\\WudfServiceGroup - WUDFSvc;
\DComLaunch
\HTTPFilter
\LocalService
\netsvcs
\PCHealth
\termsvcs

>>>>Output for AddOn file SystemRestore.def<<<<
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore - Include SUBKEYS
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore - not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
sr\\Type - 2
sr\\Start - 0
sr\\ErrorControl - 1
sr\\Tag - 4
sr\\ImagePath - System32\DRIVERS\sr.sys
sr\\DisplayName - System Restore Filter Driver
sr\\Group - FSFilter System Recovery
sr\Parameters\\FirstRun - 0
sr\Parameters\\DontBackup - 0
sr\Parameters\\MachineGuid - {22B40D71-D7F0-4DCF-850C-41853A8E1A1A}
sr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
sr\Enum\\0 - Root\LEGACY_SR\0000
sr\Enum\\Count - 1
sr\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_SR - Include SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_SR - not found.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr]
sr\\Type - 2
sr\\Start - 0
sr\\ErrorControl - 1
sr\\Tag - 4
sr\\ImagePath - System32\DRIVERS\sr.sys
sr\\DisplayName - System Restore Filter Driver
sr\\Group - FSFilter System Recovery
sr\Parameters\\FirstRun - 0
sr\Parameters\\DontBackup - 0
sr\Parameters\\MachineGuid - {22B40D71-D7F0-4DCF-850C-41853A8E1A1A}
sr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
sr\Enum\\0 - Root\LEGACY_SR\0000
sr\Enum\\Count - 1
sr\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_SR - Include SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_SR - not found.

>>>>Output for AddOn file ZoneMap.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
ProtocolDefaults\\ -
ProtocolDefaults\\http - 3
ProtocolDefaults\\https - 3
ProtocolDefaults\\ftp - 3
ProtocolDefaults\\file - 3
ProtocolDefaults\\@ivt - 1
ProtocolDefaults\\shell - 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - No SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
ProtocolDefaults\\ -
ProtocolDefaults\\http - 3
ProtocolDefaults\\https - 3
ProtocolDefaults\\ftp - 3
ProtocolDefaults\\file - 3
ProtocolDefaults\\@ivt - 1
ProtocolDefaults\\shell - 0


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Closed Thread Bookmark and Share   techguy.org/522534
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:42 PM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2010, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.