Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post RunDLL error on startup after virus remo ...
Go to first new post Windows 8 running slowly
Go to first new post Computer running slowly
Go to first new post Memory upgrade problems.
Go to first new post Unable to turn on Windows Security Centr ...
Go to first new post What is findGala and why does my browser ...
Go to first new post Suspected Malware - Radio plays randomly ...
Go to first new post Windows Update not working
Go to first new post only command prompt apears on boot
Go to first new post Trojan virus
Go to first new post Freezing Computer and beyond ridiculousl ...
Go to first new post virus n error loading problem
Go to first new post Unable to use HJT
Go to first new post Browser shutdown
Go to first new post FBI Virus - Simi fixed
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: evil emailer has taken over!

(New)
(!)

Reply
Page 2 of 5 1 2 345
justchange's Avatar
Member with 38 posts.
THREAD STARTER
  
Join Date: Oct 2004
Experience: Intermediate
24-Nov-2006, 11:15 PM #16
I'll get better info posted in a few minutes.
justchange's Avatar
Member with 38 posts.
THREAD STARTER
  
Join Date: Oct 2004
Experience: Intermediate
24-Nov-2006, 11:49 PM #17
Contents of [user]/temp/:

Directory of C:\Documents and Settings\Nice Person\Local Settings\Temp

~DF3DAD.tmp 16,384 11/24/2006 A
~DF4003.tmp 16,384 11/24/2006 A
~DF5675.tmp 540,672 11/24/2006 A
~DF567B.tmp 16,384 11/24/2006 A
~DF6460.tmp 655,360 11/24/2006 A
~DF6465.tmp 16,384 11/24/2006 A
~DF6869.tmp 589,824 11/24/2006 A
~DF7883.tmp 16,384 11/24/2006 A
~DFDFCB.tmp 655,360 11/24/2006 A
~DFDFD1.tmp 16,384 11/24/2006 A
~DFFE40.tmp 655,360 11/24/2006 A
16exhdd.l.exe 25,088 11/24/2006 A
21exinjs.q.exe 35,328 11/24/2006 A
26exmodul32e.q.exe 37,376 11/24/2006 A
26exssd32.o.exe 23,552 11/24/2006 A
2exmodul32e.q.exe 37,376 11/24/2006 A
32exinjs.q.exe 35,328 11/24/2006 A
35exssd32.o.exe 23,552 11/24/2006 A
36exhdd.l.exe 25,088 11/24/2006 A
39exssd32.o.exe 23,552 11/24/2006 A
40exhdd.l.exe 25,088 11/24/2006 A
40exmodul32e.q.exe 37,376 11/24/2006 A
45exhdd.l.exe 25,088 11/24/2006 A
49exmodul32e.q.exe 37,376 11/24/2006 A
4exhdd.l.exe 25,088 11/24/2006 A
51exinjs.q.exe 35,328 11/24/2006 A
57exmodul32e.q.exe 37,376 11/24/2006 A
58exhdd.l.exe 25,088 11/24/2006 A
60exhdd.l.exe 25,088 11/24/2006 A
64exssd32.o.exe 23,552 11/24/2006 A
65exinjs.q.exe 35,328 11/24/2006 A
69exhdd.l.exe 25,088 11/24/2006 A
6exinjs.q.exe 35,328 11/24/2006 A
72exssd32.o.exe 23,552 11/24/2006 A
74exmodul32e.q.exe 37,376 11/24/2006 A
75exmodul32e.q.exe 37,376 11/24/2006 A
75exssd32.o.exe 23,552 11/24/2006 A
78exinjs.q.exe 35,328 11/24/2006 A
82exinjs.q.exe 35,328 11/24/2006 A
83exmodul32e.q.exe 37,376 11/24/2006 A
84exinjs.q.exe 35,328 11/24/2006 A
85exhdd.l.exe 25,088 11/24/2006 A
98exmodul32e.q.exe 37,376 11/24/2006 A
99exhdd.l.exe 25,088 11/24/2006 A
99exssd32.o.exe 23,552 11/24/2006 A
autorun.inf 43 11/24/2006 A
DFC5A2B2.TMP 107 11/21/2006 A
domains.txt 368,243 11/24/2006 A
domains.txt.cab 126,354 11/24/2006 A
fnames.txt 88,071 11/24/2006 A
fnames.txt.cab 28,894 11/24/2006 A
hdd.l.exe.conf 48 11/24/2006 A
injs.q.exe.conf 49 11/24/2006 A
java_install_reg.log 416 11/24/2006 A
lnames.txt 187,993 11/24/2006 A
lnames.txt.cab 85,470 11/24/2006 A
modul32e.q.exe.conf 53 11/24/2006 A
Perflib_Perfdata_290.dat 16,384 11/24/2006
Perflib_Perfdata_674.dat 16,384 11/24/2006
Perflib_Perfdata_884.dat 16,384 11/24/2006
setup.exe 38,912 11/24/2006 A
ssd32.o.exe.conf 50 11/24/2006 A
zbdwdols.uno 327,763 11/24/2006

63 file(s) found
Total file size 5,531,250 bytes
justchange's Avatar
Member with 38 posts.
THREAD STARTER
  
Join Date: Oct 2004
Experience: Intermediate
24-Nov-2006, 11:51 PM #18
Contents of Windows/temp/:
Volume in drive C:\ is Tony's Baby
Directory of C:\WINDOWS\Temp\

Perflib_Perfdata_108.dat 17 KB 10/20/2006
Perflib_Perfdata_110.dat 17 KB 8/26/2006
Perflib_Perfdata_114.dat 17 KB 11/19/2006
Perflib_Perfdata_11c.dat 17 KB 8/14/2006
Perflib_Perfdata_1a8.dat 17 KB 11/19/2006
Perflib_Perfdata_264.dat 17 KB 9/16/2006
Perflib_Perfdata_278.dat 17 KB 9/8/2006
Perflib_Perfdata_29c.dat 17 KB 10/10/2006
Perflib_Perfdata_2a4.dat 17 KB 8/31/2006
Perflib_Perfdata_2b8.dat 17 KB 9/14/2006
Perflib_Perfdata_2bc.dat 17 KB 8/17/2006
Perflib_Perfdata_2c0.dat 17 KB 9/21/2006
Perflib_Perfdata_2c8.dat 17 KB 8/28/2006
Perflib_Perfdata_2e4.dat 17 KB 8/27/2006
Perflib_Perfdata_2e8.dat 17 KB 11/1/2006
Perflib_Perfdata_2ec.dat 17 KB 9/17/2006
Perflib_Perfdata_2f0.dat 17 KB 11/18/2006
Perflib_Perfdata_2f4.dat 17 KB 9/14/2006
Perflib_Perfdata_2fc.dat 17 KB 8/19/2006
Perflib_Perfdata_300.dat 17 KB 10/19/2006
Perflib_Perfdata_304.dat 17 KB 11/20/2006
Perflib_Perfdata_308.dat 17 KB 10/4/2006
Perflib_Perfdata_30c.dat 17 KB 9/1/2006
Perflib_Perfdata_310.dat 17 KB 9/16/2006
Perflib_Perfdata_318.dat 17 KB 9/5/2006
Perflib_Perfdata_3a8.dat 17 KB 9/1/2006
Perflib_Perfdata_518.dat 17 KB 9/15/2006
Perflib_Perfdata_570.dat 17 KB 11/24/2006
Perflib_Perfdata_670.dat 17 KB 8/13/2006
Perflib_Perfdata_678.dat 17 KB 8/19/2006
Perflib_Perfdata_680.dat 17 KB 9/16/2006
Perflib_Perfdata_684.dat 17 KB 8/17/2006
Perflib_Perfdata_688.dat 17 KB 9/23/2006
Perflib_Perfdata_68c.dat 17 KB 11/8/2006
Perflib_Perfdata_750.dat 17 KB 10/19/2006
Perflib_Perfdata_758.dat 17 KB 11/20/2006
Perflib_Perfdata_75c.dat 17 KB 10/9/2006
Perflib_Perfdata_7cc.dat 17 KB 11/24/2006
Perflib_Perfdata_7d8.dat 17 KB 11/24/2006
Perflib_Perfdata_80.dat 17 KB 11/17/2006
Perflib_Perfdata_90c.dat 17 KB 10/18/2006
Perflib_Perfdata_b4.dat 17 KB 8/17/2006
Perflib_Perfdata_e0.dat 17 KB 11/24/2006
Perflib_Perfdata_f54.dat 17 KB 10/9/2006
ZLT01744.TMP 1 KB 11/24/2006
ZLT029d7.TMP 1 KB 11/24/2006
ZLT02a63.TMP 1 KB 11/24/2006
ZLT050e2.TMP 1 KB 11/24/2006
ZLT05f31.TMP 1 KB 11/24/2006
ZLT066f4.TMP 1 KB 11/24/2006


50 file(s)
Total filesize 706 KB
207736144 kilobytes free
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,554 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
25-Nov-2006, 07:32 AM #19
Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.

Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.
  • Click “Configure scan options”
  • Under “Run AdOns” select the following:
    • Policies.def
    • Security.def
  • Click “apply”
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.


When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder).
__________________
Microsoft MVP - Consumer Security
justchange's Avatar
Member with 38 posts.
THREAD STARTER
  
Join Date: Oct 2004
Experience: Intermediate
25-Nov-2006, 02:20 PM #20
Thank you. Wilco.
justchange's Avatar
Member with 38 posts.
THREAD STARTER
  
Join Date: Oct 2004
Experience: Intermediate
25-Nov-2006, 03:46 PM #21
The forum prog tells me that the file is too large (~54K) and to reduce it <30K.
Should I split it? Or upload it as an attachment?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,554 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
25-Nov-2006, 03:59 PM #22
Either one would be fine. You can put it in two posts or upload it as an attachment.
justchange's Avatar
Member with 38 posts.
THREAD STARTER
  
Join Date: Oct 2004
Experience: Intermediate
25-Nov-2006, 03:59 PM #23
Here's the split version 1 of 2: (attachment to follow)


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 11/25/2006 11:44:17 AM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Nice Person\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 6/18/2004 12:32:34 AM 15684608 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
UPX! 9/25/2006 7:45:08 AM 666240 C:\WINDOWS\SYSTEM32\aswBoot.exe ()
PEC2 8/23/2001 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 6/27/2006 4:40:02 AM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PTech 6/2/2006 12:39:54 PM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.old (Microsoft Corporation)
PECompact2 11/15/2006 9:20:40 PM 10474920 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 11/15/2006 9:20:40 PM 10474920 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/3/2004 11:56:54 PM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/3/2004 11:56:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/3/2004 11:56:44 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/23/2001 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 9:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/25/2006 11:42:36 AM S 2048 C:\WINDOWS\bootstat.dat ()
11/23/2006 6:13:28 PM HS 7680 C:\WINDOWS\Thumbs.db ()
10/13/2006 9:01:30 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat ()
10/13/2006 9:01:32 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index23.dat ()
11/22/2006 12:49:42 PM S 64 C:\WINDOWS\CSC\00000001 ()
11/22/2006 9:25:02 AM S 64 C:\WINDOWS\CSC\00000002 ()
11/25/2006 11:41:46 AM H 48882 C:\WINDOWS\system32\vsconfig.xml ()
11/24/2006 12:02:40 PM H 4212 C:\WINDOWS\system32\zllictbl.dat ()
10/16/2006 7:35:46 AM S 10965 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920213.cat ()
10/13/2006 4:55:52 AM S 10965 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923980.cat ()
10/13/2006 5:33:10 AM S 10259 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924270.cat ()
11/25/2006 11:42:32 AM H 8192 C:\WINDOWS\system32\config\default.LOG ()
11/25/2006 11:42:42 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
11/25/2006 11:42:38 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
11/25/2006 11:43:00 AM H 69632 C:\WINDOWS\system32\config\software.LOG ()
11/25/2006 11:42:40 AM H 1105920 C:\WINDOWS\system32\config\system.LOG ()
11/24/2006 10:35:36 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
11/24/2006 5:43:38 PM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 ()
11/18/2006 10:07:36 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD ()
11/24/2006 5:43:38 PM S 41774 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 ()
11/24/2006 5:43:38 PM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 ()
11/18/2006 10:07:36 PM S 146 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD ()
11/24/2006 5:43:38 PM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 ()
10/19/2006 9:00:36 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e2942726-9a99-4e4e-89a6-bfcbc2059d08 ()
10/19/2006 9:00:36 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
11/25/2006 11:41:56 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
6/18/2004 12:32:34 AM 15684608 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/3/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 12:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/23/2001 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/23/2001 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/23/2001 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/23/2001 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/3/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/23/2001 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/23/2001 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/23/2001 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/23/2001 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/par...an_unicode.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub...irector/sw.cab
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase = http://download.ewido.net/ewidoOnlineScan.cab
{2D337EB0-3BFB-42A3-B314-A24BBA8C085B} - YAutoImport Class - CodeBase = http://download.yahoo.com/dl/mail/yautoiol1.cab
{3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - WebGameLoader Class - CodeBase = http://www.shockwave.com/content/ric...GameLoader.cab
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - MJLauncherCtrl Class - CodeBase = http://www.shockwave.com/content/luxor/mjolauncher.cab
{87056D28-9730-4A47-B9F9-7E890B62C58A} - WildfireActiveXHost Class - CodeBase = http://www.shockwave.com/content/tumblebugs/axhost.cab
{89981B1D-07DA-43C3-9770-06C51E7E5DCE} - NostaleWebStarter Control - CodeBase = http://game.nostale.com/sso/NostaleWebLauncher.cab
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - - CodeBase = http://www.trendmicro.com/spyware-scan/as4web.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/s...sh/swflash.cab
{D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - Logout Class - CodeBase = http://www.gamengame.com/KALogoutComponent.cab
{F7899FAE-51C9-4EF5-B98C-A64997635235} - GSPRunGame Class - CodeBase = http://www.playinfinity.net/cab/WindyGSPAx.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
6/30/2006 12:52:52 PM 1768 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
7/23/2005 9:48:20 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/23/2005 2:36:04 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
1/15/2006 3:47:06 PM 2898 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
7/23/2005 9:48:20 PM HS 84 C:\Documents and Settings\Nice Person\Start Menu\Programs\Startup\desktop.ini ()
11/25/2006 10:43:54 AM 679 C:\Documents and Settings\Nice Person\Start Menu\Programs\Startup\MemTurbo.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
7/25/2005 10:48:42 AM 877 C:\Documents and Settings\Nice Person\Application Data\AdobeDLM.log ()
7/23/2005 2:36:04 PM HS 62 C:\Documents and Settings\Nice Person\Application Data\desktop.ini ()
7/25/2005 10:48:42 AM 0 C:\Documents and Settings\Nice Person\Application Data\dm.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Page - http://www.google.com
\\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Page - http://www.google.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{ACB1E670-3217-45C4-A021-6B829A8A27CB} - McAfee VirusScan = C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (Network Associates, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8197
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 = Windows Messenger
\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8194 = PartyPoker.com
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 = Sun Java Console
\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8196 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc.)
\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - ButtonText: PartyPoker.com = c:\program files\PartyGaming\PartyPoker\RunApp.exe ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} - OpenOffice.org Infotip Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{63542C48-9552-494A-84F7-73AA6A7C99C1} - OpenOffice.org Property Sheet Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{3B092F0C-7696-40E3-A80F-68D74DA84210} - OpenOffice.org Thumbnail Viewer = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll (Nero AG)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\{97F51F2B-E87A-4349-84B1-2D91CB2C0C1B} - = C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (Network Associates, Inc.)
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMen uHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMen uHandlers]
\ACE - {5E2121EE-0300-11D4-8D3B-444553540000} = ()

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\{97F51F2B-E87A-4349-84B1-2D91CB2C0C1B} - = C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (Network Associates, Inc.)
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll (Nero AG)
\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
Logitech Utility - C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
LVCOMSX - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
RemoteControl - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
ATICCC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
NWEReboot - Reg Data missing or invalid ()
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
.nvsvc - C:\WINDOWS\system\smss.exe ()
Zone Labs Client - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo mponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnc e]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
PhotoShow Deluxe Media Manager - C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe ()
- Reg Data missing or invalid ()
SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Nice Person\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\Nice Person\Start Menu\Programs\Startup\MemTurbo.lnk - C:\Program Files\MemTurbo\MemTurbo.exe (SoftwareOnline.com, Inc.)

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = ()
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
justchange's Avatar
Member with 38 posts.
THREAD STARTER
  
Join Date: Oct 2004
Experience: Intermediate
25-Nov-2006, 04:00 PM #24
Here's the split version 2 of 2: (attachment to follow)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{2ED82DDA-81CA-4229-84D2-12E0600AC18F} - (Actiontec Gateway)
{508E6AB4-9EBB-4BB2-B95E-C4B458FFF495} - (Actiontec Gateway)
{9680D9A8-0B05-4CF5-9A31-B4C616337842} - (Intel(R) PRO/100 WfM PCI Adapter)
{C1485B73-1642-43F9-9B18-CA40A7EACFC3} - ()
{D72A594F-57A9-468D-B734-C84A73126DCA} - (Actiontec Gateway)
{FC288D9E-67B0-4602-B55F-A56DB164EFE0} - ()

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Na meSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Pr otocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 0
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0
Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup -
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
BITS\Parameters\\ServiceDll - C:\WINDOWS\system32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup -
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 12314
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
SharedAccess\Parameters\\SharedAutoDial - 0
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications \List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\139:TCP - 139:TCP:*:Enabled:@xpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\445:TCP - 445:TCP:*:Enabled:@xpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\137:UDP - 137:UDP:*:Enabled:@xpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List \\138:UDP - 138:UDP:*:Enabled:@xpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowException s - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotification s - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\WINDOWS\system32\sessmgr.exe - C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\America's Army\System\ArmyOps.exe - C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\NovaLogic\Joint Operations Beta Demo\jodemo.exe - C:\Program Files\NovaLogic\Joint Operations Beta Demo\jodemo.exe:*isabled:jodemo
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Sierra On-Line\SIGSPat.exe - C:\Program Files\Sierra On-Line\SIGSPat.exe:*:Enabled:SIGSPat
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Skype\Phone\Skype.exe - C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*isabled:backWeb-8876480
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Xfire\Xfire.exe - C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\EA Games\American McGee's Alice\alice.exe - C:\Program Files\EA Games\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe - C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Internet Explorer\iexplore.exe - C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\BitComet\BitComet.exe - C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Azureus\Azureus.exe - C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\WINDOWS\system32\javaw.exe - C:\WINDOWS\system32\javaw.exe:*:Enabled:javaw.exe
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\WINDOWS\system32\svchost.exe - C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\62ex4.modul32.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\62ex4.modul32.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\89ex4.modul32.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\89ex4.modul32.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\eMule\emule.exe - C:\Program Files\eMule\emule.exe:*:Enabled:eMule
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\WINDOWS\system32\ActionDump\Support_Files\INITCONN.EXE - C:\WINDOWS\system32\ActionDump\Support_Files\INITCONN.EXE:*:Enabled:INITCON N
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Documents and Settings\Nice Person\Desktop\Downloads\Calba\CabalTemp\ESTdnheadless.exe - C:\Documents and Settings\Nice Person\Desktop\Downloads\Calba\CabalTemp\ESTdnheadless.exe:*:Enabled:EST! download engine
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Documents and Settings\Nice Person\Desktop\Downloads\Cabal\CabalTemp\ESTdnheadless.exe - C:\Documents and Settings\Nice Person\Desktop\Downloads\Cabal\CabalTemp\ESTdnheadless.exe:*:Enabled:EST! download engine
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Cabal_GSP\update\ESTdnheadless.exe - C:\Program Files\Cabal_GSP\update\ESTdnheadless.exe:*:Enabled:EST! download engine
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\infinity_eng\xclient.exe - C:\Program Files\infinity_eng\xclient.exe:*:Enabled:xclient
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\GPotato\SpaceCowboy\SpaceCowboy.exe - C:\Program Files\GPotato\SpaceCowboy\SpaceCowboy.exe:*:Enabled:SpaceCowboy
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\Program Files\Softnyx\Rakion\Bin\rakion.bin - C:\Program Files\Softnyx\Rakion\Bin\rakion.bin:*:Enabled:rakion
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\69exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\69exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\76exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\76exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\43exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\43exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\72exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\72exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\96exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\96exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\87exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\87exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\21exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\21exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\58exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\58exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\52exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\52exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\77exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\77exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\92exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\92exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\94exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\94exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\62exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\62exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\24exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\24exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\54exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\54exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\5exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\5exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\49exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\49exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\53exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\53exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\48exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\48exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\67exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\67exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\71exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\71exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\39exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\39exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\50exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\50exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\80exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\80exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\27exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\27exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\25exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\25exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\4exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\4exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\47exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\47exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\7exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\7exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\11exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\11exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\6exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\6exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\82exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\82exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\3exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\3exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\63exinjs.p.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\63exinjs.p.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\32exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\32exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\57exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\57exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\84exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\84exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\82exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\82exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\51exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\51exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\65exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\65exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\21exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\21exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\6exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\6exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\78exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\78exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\74exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\74exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio ns\List\\C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\72exinjs.q.exe - C:\DOCUME~1\NICEPE~1\LOCALS~1\Temp\72exinjs.q.exe:*:Enabled:Microsoft Update
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\1900:UDP - 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\2869:TCP - 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\4662:TCP - 4662:TCP:*:Enabled:eMule TCP Incoming
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\4661:TCP - 4661:TCP:*:Enabled:eMule TCP outgoing
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\14985:TCP - 14985:TCP:*:Enabled:BitComet 14985 TCP
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\14985:UDP - 14985:UDP:*:Enabled:BitComet 14985 UDP
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10201:TCP - 10201:TCP:*:Enabled:BitComet 10201 TCP
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\10201:UDP - 10201:UDP:*:Enabled:BitComet 10201 UDP
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\139:TCP - 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\445:TCP - 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\137:UDP - 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\138:UDP - 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\4711:UDP - 4711:UDP:*:Enabled:eMule UDP outgoing
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\Li st\\4665:UDP - 4665:UDP:*:Enabled:eMule UDP incoming
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{C1485B73-1642-43F9-9B18-CA40A7EACFC3} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{6A4076B6-D49E-44F9-AAE8-6426AE3A5C59} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FC288D9E-67B0-4602-B55F-A56DB164EFE0} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 4
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\System32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
justchange's Avatar
Member with 38 posts.
THREAD STARTER
  
Join Date: Oct 2004
Experience: Intermediate
25-Nov-2006, 04:06 PM #25
Here's the complete WinPFind.txt file.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Last edited by justchange; 25-Nov-2006 at 11:04 PM..
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,554 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
25-Nov-2006, 04:44 PM #26
Since you already have AVG Anti-Spyware, please do this:
  • On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


Download GMER from http://www.gmer.net

Save it somewhere safe & unzip it to desktop

Double click the gmer.exe to run it and select the rootkit tab, press scan and when it has finished press save and copy the log back here please.


Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans and the GMER log.
__________________
Microsoft MVP - Consumer Security
justchange's Avatar
Member with 38 posts.
THREAD STARTER
  
Join Date: Oct 2004
Experience: Intermediate
25-Nov-2006, 05:47 PM #27
multi-tasking today... helping another neighbor move.
I'll follow these instructions and post the logs, shortly.
Thank you for your commitment to help.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,554 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
25-Nov-2006, 06:11 PM #28
That's fine.
justchange's Avatar
Member with 38 posts.
THREAD STARTER
  
Join Date: Oct 2004
Experience: Intermediate
25-Nov-2006, 08:42 PM #29
Here are the reports you requested.

BTW, we've noticed a non-MS smss.exe (39.5k) in the Windows/System/ folder, dated 11-19-2006, about the time this started. There is another, larger file in the ../System32/ folder. Important?
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
valis's Avatar
Computer Specs
Moderator with 57,579 posts.
  
Join Date: Sep 2004
Location: as above
Experience: so below
25-Nov-2006, 08:54 PM #30
dang, panda keeps earning my respect.......
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 5 1 2 345
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 11:12 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑