1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trouble accessing certain websites

Discussion in 'Virus & Other Malware Removal' started by smoothone23, Nov 29, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    Dear Techguy,

    Out of the blue the other day, I started having trouble accessing certain websites that I use everyday like yahoo.com and facebook.com. My roommate is having the same problem with some other sites (we share a wireless network connection) as well. Everytime I try to access these sites I get the error message "Cannot find server". I have also tried this with Mozilla and I got the same result. I didn't know if some malware was preventing me from accessing these sites so I ran Adaware, but that did nothing. I have all the latest updates from Microsoft. I've disconnect and reconnected my internet and rebooted my computer, but I still can't access yahoo/facebook. I can live without facebook but I need to be able to read my email. I am including my HJT log incase it might help solve this problem. Thanks for your time and any help is much appreciated.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:59:05 PM, on 11/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\tmp200.tmp.dll
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
    O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
    O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,904
    First Name:
    Derek
    you are showing lots of problems

    first of all HJT needs to be in a permanent & not temp folder to eb able to fix anything safely so please do this

    go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
    Click on the entry in start menu or on the desktop to run HijackThis

    then

    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    and then post a new HJT log
    I am moving this to security where we can help better
     
  3. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    Thanks for looking at my post Derek. I did what you said about the HJT and ComboFix. Although, last time I ran HJT, I downloaded it to my computer and put it in a folder on my desktop. I did not run it through a website. I would also like to add that I have been getting a lot of random website pop-ups (especially when I do searches through google, a random internet site, or sites, will pop up and do related searches of their own). Here are my latest logs...

    Jeremy Brown - 06-11-30 16:32:39.62 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Jeremy Brown\Desktop\Installations"

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-30 to 2006-11-30 ))))))))))))))))))))))))))))))))))


    2006-11-28 18:04 <DIR> d-------- C:\WINDOWS\LastGood
    2006-11-28 17:49 <DIR> d-------- C:\Documents and Settings\Jeremy Brown\.housecall6.6
    2006-11-20 10:26 <DIR> d-------- C:\Program Files\DirectVobSub1
    2006-11-20 10:22 <DIR> d-------- C:\Program Files\DirectVobSub
    2006-11-13 22:02 <DIR> d-------- C:\Program Files\Computer Alarm Clock
    2006-11-13 21:36 <DIR> d-------- C:\VundoFix Backups
    2006-11-12 06:11 36,635 --a------ C:\WINDOWS\system32\tmp200.tmp.dll
    2006-11-09 20:44 <DIR> d-------- C:\Program Files\Sateira
    2006-11-07 14:27 36,635 --a------ C:\WINDOWS\system32\tmp9F.tmp.dll
    2006-11-06 18:59 <DIR> d-------- C:\Documents and Settings\Jeremy Brown\Contacts
    2006-11-06 18:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2006-10-31 09:36 32,866 --a------ C:\WINDOWS\slrundll.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-28 17:57 -------- d-------- C:\Documents and Settings\Jeremy Brown\Application Data\Skype
    2006-11-28 17:55 73 --a------ C:\WINDOWS\system32\ssprs.dll
    2006-11-28 17:55 335 --a------ C:\WINDOWS\system32\lsprst7.dll
    2006-11-28 10:40 -------- d-------- C:\Program Files\PokerStars
    2006-11-27 11:19 -------- d-------- C:\Documents and Settings\Jeremy Brown\Application Data\dvdcss
    2006-11-15 11:46 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-11 16:53 -------- d-------- C:\Program Files\Yahoo!
    2006-11-06 18:59 -------- d---s---- C:\Documents and Settings\Jeremy Brown\Application Data\Microsoft
    2006-11-06 18:58 -------- d-------- C:\Program Files\MSN Messenger
    2006-10-31 09:35 -------- d-------- C:\Program Files\QuickTime
    2006-10-31 08:12 -------- d-------- C:\Program Files\AIM
    2006-10-31 08:11 -------- d-------- C:\Program Files\AOD
    2006-10-29 18:44 -------- d-------- C:\Program Files\Full Tilt Poker
    2006-10-29 14:06 -------- d-------- C:\Program Files\Skype
    2006-10-26 16:09 -------- d-------- C:\Program Files\PCFriendly
    2006-10-26 16:09 -------- d-------- C:\Program Files\EarthLink TotalAccess
    2006-10-26 16:09 -------- d-------- C:\Program Files\DivX
    2006-10-26 16:09 -------- d-------- C:\Program Files\ATI Technologies
    2006-10-26 16:09 -------- d-------- C:\Program Files\_uninstallation_info
    2006-10-26 11:15 -------- d-------- C:\Program Files\TurboTranslator
    2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
    2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
    2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
    2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "SemanticInsight"="C:\\Program Files\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
    "Computer Alarm Clock"="C:\\Program Files\\Computer Alarm Clock\\cac.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Windows USB controler"="winusb.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
    "Windows USB controler"="winusb.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "Windows USB controler"="winusb.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
    "Windows USB controler"="winusb.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeremy Brown^Start Menu^Programs^Startup^DLHelperEXE.exe]
    "path"="C:\\Documents and Settings\\Jeremy Brown\\Start Menu\\Programs\\Startup\\DLHelperEXE.exe"
    "backup"="C:\\WINDOWS\\pss\\DLHelperEXE.exeStartup"
    "location"="Startup"
    "command"="C:\\Documents and Settings\\Jeremy Brown\\Start Menu\\Programs\\Startup\\DLHelperEXE.exe"
    "item"="DLHelperEXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AGRSMMSG"
    "hkey"="HKLM"
    "command"="AGRSMMSG.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Apoint"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Apoint2K\\Apoint.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Ares"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Ati2mdxx"
    "hkey"="HKLM"
    "command"="Ati2mdxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="atiptaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ccApp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cpqset"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="EabServr"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hpztsb09"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mimboot"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mimboot.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mmtask"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mm_tray"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdypnqko]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ifdccvt"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\ifdccvt.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DrgToDsc"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="EngUtil"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ViewMgr"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows USB controler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winusb"
    "hkey"="HKLM"
    "command"="winusb.exe"
    "inimapping"="0"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdc

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-11-30 16:33:28.15
    C:\ComboFix.txt ... 06-11-30 16:33
    C:\ComboFix2.txt ... 06-11-30 16:25
    C:\ComboFix3.txt ... 06-11-30 16:16


    Logfile of HijackThis v1.99.1
    Scan saved at 4:42:50 PM, on 11/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jeremy Brown\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\tmp200.tmp.dll
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
    O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Thanks again for all your help!
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,904
    First Name:
    Derek
    Ok I can see quite a few things there

    lets see what this will clear up before we resort to manual cleaning

    first

    You have disabled lots of things from starting at boot time with MSconfig

    doing that doesn't stop them running or being started by something else on the computer

    At least one item there is known malware

    go to start/run and type msconfig, press ok & on the start up tab enable EVERYTHING
    Then on the general tab select normal astart up all drivers & services
    press ok & reboot

    then

    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
    • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
    • Install it. Once the program is installed, it will open.
    • It will prompt you to update to the latest definitions, click Yes.
    • Once the definitions are installed, click Options on the left side.
    • Click the Sweep Options tab.
    • Under What to Sweep please put a check next to the following:
      • Sweep Memory Objects
      • Sweep Windows Registry
      • Sweep Cookies
      • Sweep All User Accounts
      • Enable Direct Disk Sweeping
      • Sweep Compressed Files
      • Sweep for Rootkits
      • Please UNCHECK Sweep System Restore Folder.
    • Click Sweep Now on the left side.
    • Click the Start button.
    • When it's done scanning, click the Next button.
    • Make sure everything has a check next to it, then click the Next button.
    • It will remove all of the items found.
    • Click Session Log in the upper right corner, copy everything in that window.
    • Click the Summary tab and click Finish.
    • Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  5. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    Derek, I ran Spy Sweeper and came up with the following results. I believe that the list is probably lacking because I ran a previous scan with a program called A-Squared Anti-Malware. I am also including a copy of that log along with my new HJT log.

    10:25 PM: Removal process completed. Elapsed time 00:00:19
    10:25 PM: Quarantining All Traces: 180search assistant/zango
    10:25 PM: Quarantining All Traces: 2o7.net cookie
    10:25 PM: Quarantining All Traces: go.com cookie
    10:25 PM: Quarantining All Traces: atwola cookie
    10:25 PM: Quarantining All Traces: pointroll cookie
    10:25 PM: Quarantining All Traces: specificclick.com cookie
    10:25 PM: Quarantining All Traces: 3 cookie
    10:25 PM: Quarantining All Traces: winad
    10:25 PM: Quarantining All Traces: virtumonde
    10:25 PM: Removal process initiated
    10:23 PM: Traces Found: 16
    10:23 PM: Full Sweep has completed. Elapsed time 01:14:32
    10:23 PM: File Sweep Complete, Elapsed Time: 01:06:18
    10:23 PM: Warning: Unable to sweep compressed file: "c:\documents and settings\jb\my documents\downloads\lost.s02e15.proper.hdtv.xvid-xor\xor-lost.215.rar": File not found
    9:34 PM: C:\temp\salmau.dat (ID = 93788)
    9:34 PM: Found Adware: 180search assistant/zango
    9:17 PM: Starting File Sweep
    9:17 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
    9:17 PM: c:\documents and settings\jb\cookies\[email protected][1].txt (ID = 2729)
    9:17 PM: c:\documents and settings\jb\cookies\[email protected][1].txt (ID = 2729)
    9:17 PM: c:\documents and settings\jb\cookies\[email protected][1].txt (ID = 2729)
    9:17 PM: c:\documents and settings\jb\cookies\[email protected][1].txt (ID = 1958)
    9:17 PM: Found Spy Cookie: 2o7.net cookie
    9:17 PM: c:\documents and settings\jb\cookies\[email protected][2].txt (ID = 2728)
    9:17 PM: c:\documents and settings\jb\cookies\[email protected][1].txt (ID = 2729)
    9:17 PM: Found Spy Cookie: go.com cookie
    9:17 PM: c:\documents and settings\jb\cookies\[email protected][1].txt (ID = 2255)
    9:17 PM: Found Spy Cookie: atwola cookie
    9:17 PM: c:\documents and settings\jb\cookies\[email protected][2].txt (ID = 3148)
    9:17 PM: Found Spy Cookie: pointroll cookie
    9:17 PM: c:\documents and settings\jb\cookies\[email protected][2].txt (ID = 3400)
    9:17 PM: Found Spy Cookie: specificclick.com cookie
    9:17 PM: c:\documents and settings\jb\cookies\[email protected][1].txt (ID = 1960)
    9:17 PM: Found Spy Cookie: 3 cookie
    9:17 PM: Starting Cookie Sweep
    9:17 PM: Registry Sweep Complete, Elapsed Time:00:01:07
    9:17 PM: HKLM\software\microsoft\rasap2k\ (ID = 1511572)
    9:17 PM: HKLM\software\microsoft\dstr5\ (ID = 1511570)
    9:17 PM: Found Adware: virtumonde
    9:16 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadtoolsx.dll (ID = 147225)
    9:16 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} (ID = 147197)
    9:16 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || .owner (ID = 147196)
    9:16 PM: Found Adware: winad
    9:16 PM: Starting Registry Sweep
    9:16 PM: Memory Sweep Complete, Elapsed Time: 00:06:50
    9:09 PM: Starting Memory Sweep
    9:09 PM: Start Full Sweep
    9:09 PM: Sweep initiated using definitions version 811
    9:09 PM: Spy Sweeper 5.2.3.2132 started
    9:09 PM: | Start of Session, Thursday, November 30, 2006 |
    ********
    9:09 PM: | End of Session, Thursday, November 30, 2006 |
    Keylogger: Off
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    9:05 PM: Shield States
    9:04 PM: Spyware Definitions: 804
    9:04 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
    9:04 PM: Spy Sweeper 5.2.3.2132 started
    9:04 PM: Spy Sweeper 5.2.3.2132 started
    9:04 PM: | Start of Session, Thursday, November 30, 2006 |
    ********



    a-squared Anti-Malware - Version 2.1

    Scan settings:

    Objects: Memory, Traces, Cookies, C:\
    Scan archives: On
    Heuristics: On
    ADS Scan: On

    Scan start: 11/30/2006 5:17:26 PM

    [3900] C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL detected: Adware.MySearch.e
    C:\Program Files\need2find detected: Trace.Directory.P2PNetworking
    c:\temp\salm.log detected: Trace.File.180Solutions
    c:\temp\salm_kyf.dat detected: Trace.File.180Solutions
    C:\Documents and Settings\JB\Desktop\ares.lnk detected: Trace.File.Ares
    C:\Program Files\ares\ares.exe detected: Trace.File.Ares
    C:\Program Files\ares\data\anonproxies.txt.sample detected: Trace.File.Ares
    C:\Program Files\ares\data\blocked.txt.sample detected: Trace.File.Ares
    C:\Program Files\ares\data\blocked_keywords.txt.sample detected: Trace.File.Ares
    C:\Program Files\ares\data\chanlistfilter.txt detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\chat.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\emotic.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\libbig.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\logo.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\mimesmall.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\mshareset.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\player.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\playlistbtns.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\prefs.txt detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\searchpnl.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\searchstars.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\tabsbig.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\tabssmall.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\transfer.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\gui\general\webanim.bmp detected: Trace.File.Ares
    C:\Program Files\ares\data\p2pfilter.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\dutch.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\french.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\german.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\italian.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\japanese.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\kurdish.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\polish.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\portugues.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\slovak.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\spanish.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\swedish.txt detected: Trace.File.Ares
    C:\Program Files\ares\lang\turkish.txt detected: Trace.File.Ares
    C:\Documents and Settings\JB\Start Menu\Programs\ares\ares.lnk detected: Trace.File.Ares
    Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Height detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Left detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Maximized detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Top detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Width detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Download detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Queue detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Upload detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Data --> AresNet1 detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Data --> JI.AresNet1 detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Download detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Queue detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Upload detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ServerPort detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ShowJP detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Extra.ShowActiveCaption detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoConnect detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoStartUp detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> General.LastLibraryMode detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastChatRoomBrowse detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastLibrary detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastPMBrowse detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastSearch detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Personal.GUID detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Privacy.SendRegularPath detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AllowBrowse detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AwayMessage detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Start Menu Folder detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CAvgTime detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CDnSpeed detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CFRTime detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CTtUptime detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CUpSpeed detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.HasLQCa detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQuery detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQueryInt detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.MaximizeUpBandOnIdle detected: Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.ServerPort detected: Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayName detected: Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayVersion detected: Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> Publisher detected: Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> UninstallString detected: Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLInfoAbout detected: Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLUpdateInfo detected: Trace.Registry.Ares
    Key: HKEY_CLASSES_ROOT\clsid\{f78b32d6-d6d8-4137-a18f-91ebe1a4aedb} detected: Trace.Registry.KaZaA
    Key: HKEY_CURRENT_USER\software\kazaa detected: Trace.Registry.KaZaA
    Value: HKEY_CURRENT_USER\software\kazaa --> tmp detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0 detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0seconds detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b1 detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0 detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0seconds detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b1 detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\cloudload --> sharedir detected: Trace.Registry.KaZaA
    Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo --> kazaanet detected: Trace.Registry.KaZaA
    Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> databasedir detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> downloaddir detected: Trace.Registry.KaZaA
    Key: HKEY_LOCAL_MACHINE\software\kazaa detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa --> listenport detected: Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa --> tmp detected: Trace.Registry.KaZaA
    Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking detected: Trace.Registry.KaZaA
    Key: HKEY_LOCAL_MACHINE\software\p2p networking detected: Trace.Registry.KaZaA
    Key: HKEY_CLASSES_ROOT\clsid\{014da6c9-189f-421a-88cd-07cfe51cff10} detected: Trace.Registry.MyWay
    Key: HKEY_CLASSES_ROOT\clsid\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} detected: Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b} detected: Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\need2findbar.settingsplugin.1 detected: Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\need2findbar.settingsplugin detected: Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\need2findbar.toolbarplugin.1 detected: Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\need2findbar.toolbarplugin detected: Trace.Registry.Need2Find
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net --> Changed detected: Trace.Registry.NewDotNet
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net --> SlowInfoCache detected: Trace.Registry.NewDotNet
    Key: HKEY_LOCAL_MACHINE\software\p2p networking\clients detected: Trace.Registry.P2PNetworking
    Key: HKEY_LOCAL_MACHINE\software\p2p networking detected: Trace.Registry.PeerEnabler
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> SemanticInsight detected: Trace.Registry.RXToolbar
    C:\Documents and Settings\JB\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\JB\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\JB\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\JB\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\JB\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\JB\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\fw4hgtzd.default\cookies.txt:37 detected: Trace.TrackingCookie
    C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll detected: Adware.Win32.MyWebSearch.o
    C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL detected: Adware.ToolBar.MyWebSearch.l
    C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL detected: Adware.MySearch.e
    C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL detected: Adware.Win32.MyWebSearch.o
    C:\VundoFix Backups\bopite.dll.bad detected: Trojan-Downloader.Win32.ConHook.ae
    C:\WINDOWS\system32\rpcxWIRCD.EXE detected: Riskware.Client-IRC.Win32.UnrealIRC.32

    Scanned

    Files: 107827
    Traces: 87015
    Cookies: 133
    Processes: 30

    Found

    Files: 6
    Traces: 117
    Cookies: 7
    Processes: 1
    Registry keys: 0

    Scan end: 11/30/2006 7:30:49 PM
    Scan time: 2:13:23 AM

    C:\WINDOWS\system32\rpcxWIRCD.EXE Quarantined Riskware.Client-IRC.Win32.UnrealIRC.32
    C:\VundoFix Backups\bopite.dll.bad Quarantined Trojan-Downloader.Win32.ConHook.ae
    C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL Quarantined Adware.ToolBar.MyWebSearch.l
    C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Quarantined Adware.Win32.MyWebSearch.o
    C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL Quarantined Adware.Win32.MyWebSearch.o
    C:\Documents and Settings\JB\Cookies\[email protected][2].txt Quarantined Trace.TrackingCookie
    C:\Documents and Settings\JB\Cookies\[email protected][1].txt Quarantined Trace.TrackingCookie
    C:\Documents and Settings\JB\Cookies\[email protected][1].txt Quarantined Trace.TrackingCookie
    C:\Documents and Settings\JB\Cookies\[email protected][1].txt Quarantined Trace.TrackingCookie
    C:\Documents and Settings\JB\Cookies\[email protected][1].txt Quarantined Trace.TrackingCookie
    C:\Documents and Settings\JB\Cookies\[email protected][1].txt Quarantined Trace.TrackingCookie
    C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\fw4hgtzd.default\cookies.txt:37 Quarantined Trace.TrackingCookie
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> SemanticInsight Quarantined Trace.Registry.RXToolbar
    Key: HKEY_LOCAL_MACHINE\software\p2p networking Quarantined Trace.Registry.PeerEnabler
    Key: HKEY_LOCAL_MACHINE\software\p2p networking\clients Quarantined Trace.Registry.P2PNetworking
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net --> Changed Quarantined Trace.Registry.NewDotNet
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net --> SlowInfoCache Quarantined Trace.Registry.NewDotNet
    Key: HKEY_CLASSES_ROOT\clsid\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} Quarantined Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b} Quarantined Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\need2findbar.settingsplugin.1 Quarantined Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\need2findbar.settingsplugin Quarantined Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\need2findbar.toolbarplugin.1 Quarantined Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\need2findbar.toolbarplugin Quarantined Trace.Registry.Need2Find
    Key: HKEY_CLASSES_ROOT\clsid\{014da6c9-189f-421a-88cd-07cfe51cff10} Quarantined Trace.Registry.MyWay
    Key: HKEY_CLASSES_ROOT\clsid\{f78b32d6-d6d8-4137-a18f-91ebe1a4aedb} Quarantined Trace.Registry.KaZaA
    Key: HKEY_CURRENT_USER\software\kazaa Quarantined Trace.Registry.KaZaA
    Value: HKEY_CURRENT_USER\software\kazaa --> tmp Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0 Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0seconds Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b1 Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0 Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0seconds Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b1 Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\cloudload --> sharedir Quarantined Trace.Registry.KaZaA
    Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo --> kazaanet Quarantined Trace.Registry.KaZaA
    Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> databasedir Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> downloaddir Quarantined Trace.Registry.KaZaA
    Key: HKEY_LOCAL_MACHINE\software\kazaa Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa --> listenport Quarantined Trace.Registry.KaZaA
    Value: HKEY_LOCAL_MACHINE\software\kazaa --> tmp Quarantined Trace.Registry.KaZaA
    Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Quarantined Trace.Registry.KaZaA
    Key: HKEY_LOCAL_MACHINE\software\p2p networking Quarantined Trace.Registry.KaZaA
    Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Height Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Left Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Maximized Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Top Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Width Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Download Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Queue Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Upload Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Data --> AresNet1 Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Data --> JI.AresNet1 Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Download Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Queue Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Upload Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ServerPort Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ShowJP Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Extra.ShowActiveCaption Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoConnect Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoStartUp Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> General.LastLibraryMode Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastChatRoomBrowse Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastLibrary Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastPMBrowse Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastSearch Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Personal.GUID Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Privacy.SendRegularPath Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AllowBrowse Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AwayMessage Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Start Menu Folder Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CAvgTime Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CDnSpeed Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CFRTime Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CTtUptime Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CUpSpeed Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.HasLQCa Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQuery Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQueryInt Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.MaximizeUpBandOnIdle Quarantined Trace.Registry.Ares
    Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.ServerPort Quarantined Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayName Quarantined Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayVersion Quarantined Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> Publisher Quarantined Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> UninstallString Quarantined Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLInfoAbout Quarantined Trace.Registry.Ares
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLUpdateInfo Quarantined Trace.Registry.Ares
    C:\Documents and Settings\JB\Desktop\ares.lnk Quarantined Trace.File.Ares
    C:\Program Files\ares\ares.exe Quarantined Trace.File.Ares
    C:\Program Files\ares\data\anonproxies.txt.sample Quarantined Trace.File.Ares
    C:\Program Files\ares\data\blocked.txt.sample Quarantined Trace.File.Ares
    C:\Program Files\ares\data\blocked_keywords.txt.sample Quarantined Trace.File.Ares
    C:\Program Files\ares\data\chanlistfilter.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\chat.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\emotic.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\libbig.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\logo.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\mimesmall.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\mshareset.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\player.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\playlistbtns.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\prefs.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\searchpnl.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\searchstars.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\tabsbig.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\tabssmall.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\transfer.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\gui\general\webanim.bmp Quarantined Trace.File.Ares
    C:\Program Files\ares\data\p2pfilter.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\dutch.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\french.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\german.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\italian.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\japanese.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\kurdish.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\polish.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\portugues.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\slovak.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\spanish.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\swedish.txt Quarantined Trace.File.Ares
    C:\Program Files\ares\lang\turkish.txt Quarantined Trace.File.Ares
    C:\Documents and Settings\JB\Start Menu\Programs\ares\ares.lnk Quarantined Trace.File.Ares
    c:\temp\salm.log Quarantined Trace.File.180Solutions
    c:\temp\salm_kyf.dat Quarantined Trace.File.180Solutions
    C:\Program Files\need2find Quarantined Trace.Directory.P2PNetworking
    [3900] C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL Quarantined Adware.MySearch.e
    C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL Quarantined Adware.MySearch.e

    Quarantined

    Files: 6
    Traces: 117
    Cookies: 7
     
  6. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    Logfile of HijackThis v1.99.1
    Scan saved at 10:54:41 PM, on 11/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\MDC\AEGIS Client\mgr8021x.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Computer Alarm Clock\cac.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jeremy Brown\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\tmp200.tmp.dll
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Computer Alarm Clock] "C:\Program Files\Computer Alarm Clock\cac.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [Windows USB controler] winusb.exe
    O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [pdypnqko] C:\WINDOWS\system32\ifdccvt.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,904
    First Name:
    Derek
    much as I dislike Ares & kazaa and other P2P programs and advise people strongly NOT to use them which is quite likely the source of your infection I don't feel any antivirus/antispyware should remove them for you as Asquared has done

    First stop any downloads or file sharing you are doing and close any file sharing/torrents you have working as otherwise we cannot even attempt to fix it


    then

    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the quote box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    when it reboots

    Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked



    O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\tmp200.tmp.dll
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
    O4 - HKLM\..\Run: [Windows USB controler] winusb.exe
    O4 - HKLM\..\Run: [pdypnqko] C:\WINDOWS\system32\ifdccvt.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\


    download the attached winusb_rem.zip & save to desktop
    unzip it & double click it the reg file & say yes to prompts to merge with registry

    reboot & post new HJT log and tell us how it is
     

    Attached Files:

  8. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    Can I stop all the programs from starting when Windows starts or should I wait until we fix the entire problem? Here's the latest HJT log and Avenger txt

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\ueuffrud

    *******************

    Script file located at: \??\C:\Program Files\fqlbsycf.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\SYSTEM32\notification.dll deleted successfully.


    File C:\WINDOWS\system32\ifdccvt.exe not found!
    Deletion of file C:\WINDOWS\system32\ifdccvt.exe failed!

    Could not process line:
    C:\WINDOWS\system32\ifdccvt.exe
    Status: 0xc0000034



    File C:\WINDOWS\system32\winusb.exe not found!
    Deletion of file C:\WINDOWS\system32\winusb.exe failed!

    Could not process line:
    C:\WINDOWS\system32\winusb.exe
    Status: 0xc0000034

    File C:\WINDOWS\system32\tmp200.tmp.dll deleted successfully.
    File C:\WINDOWS\system32\tmp9F.tmp.dll deleted successfully.


    Folder C:\Program Files\RXToolBar not found!
    Deletion of folder C:\Program Files\RXToolBar failed!

    Could not process line:
    C:\Program Files\RXToolBar
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.


    Logfile of HijackThis v1.99.1
    Scan saved at 11:07:37 AM, on 12/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Documents and Settings\Jeremy Brown\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Computer Alarm Clock] "C:\Program Files\Computer Alarm Clock\cac.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,904
    First Name:
    Derek
    has that made any difference to the problem

    if not

    • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!

    Reboot into Safe Mode
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Doubleclick WinPFind.exe
    • Click " Configure Scan Options"
    • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
    • Now Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete
      • Reboot back to Normal Mode!
      • Go to the WinPFind folder
      • Locate WinPFind.txt
      • Place those results in the next post!. It will be too big to post so you will need to attach it to your reply
     
  10. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    The computer is running better than before, but I still cannot access those websites. I will run the other scan.
     
  11. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    My computer has gotten substantially slower this weekend and I believe it is because I have so many programs running in the background from the get go (since I turned on every program to find the malware). Is it alright now to only selet the necessary files that I wish to start up when I sign on? Here is my WinPFind log...

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 12/3/2006 10:31:50 AM
    WinPFind v1.5.0 Folder = C:\Documents and Settings\JB\Desktop\WinPFind\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    PEC2 3/31/2003 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    PTech 5/17/2006 11:23:38 AM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
    PECompact2 5/3/2006 8:26:24 PM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 5/3/2006 8:26:24 PM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    WSUD 8/4/2004 2:56:54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
    aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    PEC2 8/28/1996 11:00:00 PM 163384 C:\WINDOWS\SYSTEM32\ODBCJET.HLP ()
    Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    PEC2 3/6/2004 12:05:26 AM 33792 C:\WINDOWS\SYSTEM32\tre.dll ()
    PECompact2 3/6/2004 12:05:26 AM 33792 C:\WINDOWS\SYSTEM32\tre.dll ()
    winsync 3/31/2003 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PEC2 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
    WSUD 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

    Checking %System%\Drivers folder and sub-folders...
    PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    10/30/2006 12:17:50 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index24.dat ()
    10/30/2006 12:17:58 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index25.dat ()
    12/1/2006 10:34:32 AM S 64 C:\WINDOWS\CSC\00000001 ()
    11/28/2006 9:02:10 AM S 64 C:\WINDOWS\CSC\00000002 ()
    11/13/2006 9:54:32 PM S 64 C:\WINDOWS\CSC\csc1.tmp ()
    10/16/2006 10:35:46 AM S 10965 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920213.cat ()
    10/13/2006 7:55:52 AM S 10965 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923980.cat ()
    10/13/2006 8:33:10 AM S 10259 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924270.cat ()
    11/13/2006 1:05:44 AM S 15355 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925876.cat ()
    11/2/2006 11:54:58 AM S 34696 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFDist11.cat ()
    11/2/2006 12:13:58 PM S 27554 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmp11.cat ()
    12/3/2006 10:29:50 AM H 16384 C:\WINDOWS\system32\config\default.LOG ()
    12/3/2006 10:29:58 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    12/3/2006 10:29:38 AM H 24576 C:\WINDOWS\system32\config\SECURITY.LOG ()
    12/3/2006 10:34:18 AM H 151552 C:\WINDOWS\system32\config\software.LOG ()
    12/3/2006 10:34:16 AM H 909312 C:\WINDOWS\system32\config\system.LOG ()
    11/6/2006 6:57:24 PM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
    12/1/2006 7:20:52 PM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 ()
    11/6/2006 6:57:24 PM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
    11/6/2006 6:57:24 PM S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
    12/1/2006 7:20:54 PM S 42333 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 ()
    11/6/2006 6:57:24 PM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
    12/1/2006 7:20:52 PM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 ()
    11/6/2006 6:57:24 PM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
    11/6/2006 6:57:24 PM S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
    12/1/2006 7:20:54 PM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 ()
    11/30/2006 7:56:10 PM H 0 C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ()
    11/13/2006 11:02:46 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\ee4ef43b-1445-400e-b71b-4bab19a043fd ()
    11/13/2006 11:02:46 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
    10/13/2006 1:05:30 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\7ebd3495-d690-47e2-8c31-5c28e69647c3 ()
    10/13/2006 1:05:30 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
    12/3/2006 10:27:34 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()

    Checking for CPL files...
    8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    8/19/2004 8:51:24 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems)
    3/31/2003 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    3/31/2003 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    3/31/2003 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    6/26/1997 9:47:34 AM 352256 C:\WINDOWS\SYSTEM32\setnote.cpl (IBM Corporation)
    8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    3/31/2003 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    5/9/2006 9:50:00 AM 174552 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
    3/31/2003 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
    3/31/2003 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
    3/31/2003 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
    3/31/2003 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
    5/9/2006 9:50:00 AM 174552 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

    Checking for Downloaded Program Files...
    {166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - Trend Micro ActiveX Scan Agent 6.5 - CodeBase = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    {C68F9105-04FD-4B48-B6CC-2A076F711C35} - HpodPCFileCtrl2 Class - CodeBase = file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
    {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    9/15/2004 8:29:46 AM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini ()
    9/15/2004 9:18:58 PM 1730 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    9/15/2004 8:13:06 AM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini ()
    8/23/2004 8:00:26 AM 12 C:\Documents and Settings\All Users.WINDOWS\Application Data\DragToDiscUserNameD.txt ()

    Checking files in %USERPROFILE%\Startup folder...
    8/19/2004 7:58:30 PM HS 84 C:\Documents and Settings\JB\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    8/19/2004 3:44:48 PM HS 62 C:\Documents and Settings\JB\Application Data\desktop.ini ()
    11/28/2004 12:49:44 AM 29584 C:\Documents and Settings\JB\Application Data\GDIPFONTCACHEV1.DAT ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - %SystemRoot%\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.google.com/
    \\Search Bar - http://home.microsoft.com/search/lobby/search.asp
    \\Search Page - http://home.microsoft.com/access/allinone.asp
    \\Local Page - C:\WINDOWS\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll ()
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{32683183-48a0-441b-a342-7c2a440a9478} - = ()
    \{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll ()
    \{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
    \{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
    \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
    \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 =
    \\NEXTID - 8203
    \\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - 8193 =
    \\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8194 =
    \\{FA4904B4-1FAF-4afd-886C-C19D2297BA62} - 8195 =
    \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8196 =
    \\{FD7CF1CF-331A-4d9e-A3D8-82BC1B1861DA} - 8197 =
    \\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8198 =
    \\{EFFF8D47-D060-4108-B761-E8EC86622E56} - 8199 =
    \\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8200 =
    \\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - 8201 =
    \\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8202 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    \{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
    \{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)

    >>> Approved Shell Extensions (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
    \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
    \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
    \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
    \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
    \\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
    \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
    \\{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll (Roxio)
    \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
    \\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll ()
    \\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = ()
    \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
    \\{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    >>> Context Menu Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll ()

    [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
    \SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
    \SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

    >>> Column Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

    >>> Registry Run Keys <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    WinampAgent - C:\Program Files\Winamp\winampa.exe ()
    iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
    Computer Alarm Clock - C:\Program Files\Computer Alarm Clock\cac.exe (Think Art Computing.)
    a-squared - C:\Program Files\a-squared Anti-Malware\a2guard.exe (Emsi Software GmbH)
    ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
    TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
    SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
    RoxioEngineUtility - C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
    RoxioDragToDisc - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
    MMTray - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe ()
    mmtask - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe ()
    MimBoot - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe ()
    HPDJ Taskbar Utility - C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
    eabconfg.cpl - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe ()
    Cpqset - C:\Program Files\HPQ\Default Settings\cpqset.exe ()
    ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
    ATIModeChange - C:\WINDOWS\SYSTEM32\Ati2mdxx.exe (ATI Technologies, Inc.)
    Apoint - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
    AGRSMMSG - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
    SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    >>> Startup Links <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini ()
    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
    C:\Documents and Settings\JB\Start Menu\Programs\Startup\desktop.ini ()

    >>> MSConfig Disabled Items <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 0
     
  12. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    [All Users Startup Folder Disabled Items]

    [Current User Startup Folder Disabled Items]

    >>> User Agent Post Platform <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    \\SV1 -

    >>> AppInit Dll's <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

    >>> Image File Execution Options <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    \Your Image File Name Here without a path - Debugger = ntsd -d

    >>> Shell Service Object Delay Load <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
    \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
    \\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

    >>> Shell Execute Hooks <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

    >>> Shared Task Scheduler <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

    >>> Winlogon <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    \\UserInit = C:\WINDOWS\system32\userinit.exe,
    \\Shell = Explorer.exe
    \\System =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    \AtiExtEvent - Ati2evxx.dll = ()
    \crypt32chain - crypt32.dll = (Microsoft Corporation)
    \cryptnet - cryptnet.dll = (Microsoft Corporation)
    \cscdll - cscdll.dll = (Microsoft Corporation)
    \ScCertProp - wlnotify.dll = (Microsoft Corporation)
    \Schedule - wlnotify.dll = (Microsoft Corporation)
    \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
    \SensLogn - WlNotify.dll = (Microsoft Corporation)
    \termsrv - wlnotify.dll = (Microsoft Corporation)
    \WgaLogon - WgaLogon.dll = (Microsoft Corporation)
    \wlballoon - wlnotify.dll = (Microsoft Corporation)
    \WRNotifier - WRLogonNTF.dll = (Webroot Software, Inc.)

    >>> DNS Name Servers <<<
    {4AF8BA6F-6293-485D-A7A4-846A2870FA08} - (Broadcom 802.11b/g WLAN)
    {A473FDFF-DB6A-49C9-9D6B-50C7E57B3430} - (Realtek RTL8139/810x Family Fast Ethernet NIC)

    >>> All Winsock2 Catalogs <<<
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
    \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    \000000000002\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
    \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000005\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

    >>> Protocol Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
    \ipp - ()
    \msdaipp - ()

    >>> Protocol Filters (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

    >>> Selected AddOn's <<<

    >>>>Output for AddOn file BotCheck_NoSubs.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
    Ole\\DefaultLaunchPermission - 01 00 04 80 64 00 00 00 80 00 00 00 00 00 00 00 14 00 00 00 02 00 50 00 03 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00
    Ole\\EnableDCOM - Y
    Ole\\Windows USB controler - winusb.exe
    Ole\\MachineLaunchRestriction - 01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
    Ole\\MachineAccessRestriction - 01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
    \AppCompat
    \NONREDIST

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    Security Center\\AntiVirusDisableNotify - 0
    Security Center\\FirewallDisableNotify - 0
    Security Center\\UpdatesDisableNotify - 0
    Security Center\\AntiVirusOverride - 0
    Security Center\\FirewallOverride - 0
    \Monitoring

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
    WindowsUpdate\\WUServer - http://updates.pitt.edu
    WindowsUpdate\\WUStatusServer - http://updates.pitt.edu
    \AU

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile - No SUBKEYS
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile - not found.

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile - No SUBKEYS
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile - not found.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
    Control\\CurrentUser - USERNAME
    Control\\WaitToKillServiceTimeout - 20000
    Control\\SystemStartOptions - FASTDETECT NOEXECUTE=OPTIN SAFEBOOT:MINIMAL SOS BOOTLOG NOGUIBOOT
    Control\\SystemBootDevice - multi(0)disk(0)rdisk(0)partition(1)
    \AGP
    \Arbiters
    \BackupRestore
    \Biosinfo
    \BootVerificationProgram
    \Class
    \CoDeviceInstallers
    \COM Name Arbiter
    \ComputerName
    \ContentIndex
    \ContentIndexCommon
    \CrashControl
    \CriticalDeviceDatabase
    \DeviceClasses
    \FileSystem
    \GraphicsDrivers
    \GroupOrderList
    \HAL
    \IDConfigDB
    \Keyboard Layout
    \Keyboard Layouts
    \Lsa
    \MediaCategories
    \MediaInterfaces
    \MediaProperties
    \MediaResources
    \MediaSets
    \Network
    \NetworkProvider
    \Nls
    \NTMS
    \PnP
    \Print
    \PriorityControl
    \ProductOptions
    \SafeBoot
    \ScsiPort
    \SecurePipeServers
    \SecurityProviders
    \Server Applications
    \ServiceGroupOrder
    \ServiceProvider
    \Session Manager
    \Setup
    \StillImage
    \SystemResources
    \Terminal Server
    \TimeZoneInformation
    \Update
    \UsbFlags
    \Video
    \VirtualDeviceDrivers
    \Watchdog
    \Windows
    \WMI
    \WOW
    \hivelist
    \ServiceCurrent

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    Lsa\\Authentication Packages - msv1_0;
    Lsa\\Bounds - 00 30 00 00 00 20 00 00
    Lsa\\Security Packages - kerberos;msv1_0;schannel;wdigest;
    Lsa\\LsaPid - 324
    Lsa\\SecureBoot - 1
    Lsa\\auditbaseobjects - 0
    Lsa\\crashonauditfail - 0
    Lsa\\disabledomaincreds - 0
    Lsa\\everyoneincludesanonymous - 0
    Lsa\\fipsalgorithmpolicy - 0
    Lsa\\forceguest - 1
    Lsa\\fullprivilegeauditing - 00
    Lsa\\limitblankpassworduse - 1
    Lsa\\lmcompatibilitylevel - 0
    Lsa\\nodefaultadminowner - 1
    Lsa\\nolmhash - 0
    Lsa\\restrictanonymous - 0
    Lsa\\restrictanonymoussam - 1
    Lsa\\Notification Packages - scecli;
    Lsa\\Windows USB controler - winusb.exe
    Lsa\\ImpersonatePrivilegeUpgradeToolHasRun - 1
    Lsa\\enabledcom - y
    \AccessProviders
    \Audit
    \Data
    \GBG
    \JD
    \Kerberos
    \msv1_0
    \Skew1
    \SSO
    \SspiCache

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
    Parameters\\autodisconnect - 15
    Parameters\\enableforcedlogoff - 1
    Parameters\\enablesecuritysignature - 0
    Parameters\\requiresecuritysignature - 0
    Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
    Parameters\\NullSessionShares - COMCFG;DFS$;
    Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
    Parameters\\Lmannounce - 0
    Parameters\\Size - 1
    Parameters\\Guid - 9C 96 BC DA 97 84 F2 4D AF FE 6C 41 C9 A9 83 B4
    Parameters\\CachedOpenLimit - 0
    Parameters\\AdjustedNullSessionPipes - 1

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters]
    Parameters\\autodisconnect - 15
    Parameters\\enableforcedlogoff - 1
    Parameters\\enablesecuritysignature - 0
    Parameters\\requiresecuritysignature - 0
    Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
    Parameters\\NullSessionShares - COMCFG;DFS$;
    Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
    Parameters\\Lmannounce - 0
    Parameters\\Size - 1
    Parameters\\Guid - 9C 96 BC DA 97 84 F2 4D AF FE 6C 41 C9 A9 83 B4
    Parameters\\CachedOpenLimit - 0
    Parameters\\AdjustedNullSessionPipes - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters]
    Parameters\\enableplaintextpassword - 0
    Parameters\\enablesecuritysignature - 1
    Parameters\\requiresecuritysignature - 0
    Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
    Parameters\\OtherDomains -

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters]
    Parameters\\enableplaintextpassword - 0
    Parameters\\enablesecuritysignature - 1
    Parameters\\requiresecuritysignature - 0
    Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
    Parameters\\OtherDomains -

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
    SharedAccess\\Type - 32
    SharedAccess\\Start - 2
    SharedAccess\\ErrorControl - 1
    SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
    SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
    SharedAccess\\DependOnService - Netman;WinMgmt;
    SharedAccess\\DependOnGroup -
    SharedAccess\\ObjectName - LocalSystem
    SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    \Epoch
    \Parameters
    \Security
    \Setup
    \Enum

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
    RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
    RemoteRegistry\\DependOnService - RPCSS;
    RemoteRegistry\\DisplayName - Remote Registry
    RemoteRegistry\\ErrorControl - 1
    RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
    RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
    RemoteRegistry\\Group -
    RemoteRegistry\\Start - 2
    RemoteRegistry\\Type - 32
    RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
    \Parameters
    \Security
    \Enum

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
    RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
    RemoteRegistry\\DependOnService - RPCSS;
    RemoteRegistry\\DisplayName - Remote Registry
    RemoteRegistry\\ErrorControl - 1
    RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
    RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
    RemoteRegistry\\Group -
    RemoteRegistry\\Start - 2
    RemoteRegistry\\Type - 32
    RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
    \Parameters
    \Security
    \Enum

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - No SUBKEYS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - not found.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - No SUBKEYS
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - not found.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
    TlntSvr\\Type - 16
    TlntSvr\\Start - 4
    TlntSvr\\ErrorControl - 1
    TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
    TlntSvr\\DisplayName - Telnet
    TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
    TlntSvr\\DependOnGroup -
    TlntSvr\\ObjectName - LocalSystem
    TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    \Security

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr]
    TlntSvr\\Type - 16
    TlntSvr\\Start - 4
    TlntSvr\\ErrorControl - 1
    TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
    TlntSvr\\DisplayName - Telnet
    TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
    TlntSvr\\DependOnGroup -
    TlntSvr\\ObjectName - LocalSystem
    TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    \Security

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
    \Parameters
    \Security
    \Enum

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
    \Parameters
    \Security
    \Enum

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings]
    Internet Settings\\ProxyEnable - 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
    Internet Settings\\ProxyEnable - 0

    >>>>Output for AddOn file BotCheck_Subs.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
    Ole\\DefaultLaunchPermission - 01 00 04 80 64 00 00 00 80 00 00 00 00 00 00 00 14 00 00 00 02 00 50 00 03 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00
    Ole\\EnableDCOM - Y
    Ole\\Windows USB controler - winusb.exe
    Ole\\MachineLaunchRestriction - 01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
    Ole\\MachineAccessRestriction - 01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
    Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} - 1
    Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} - 1
    Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} - 1
    Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} - 1
    Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    Security Center\\AntiVirusDisableNotify - 0
    Security Center\\FirewallDisableNotify - 0
    Security Center\\UpdatesDisableNotify - 0
    Security Center\\AntiVirusOverride - 0
    Security Center\\FirewallOverride - 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
    WindowsUpdate\\WUServer - http://updates.pitt.edu
    WindowsUpdate\\WUStatusServer - http://updates.pitt.edu
    WindowsUpdate\AU\\RescheduleWaitTime - 5
    WindowsUpdate\AU\\UseWUServer - 1
    WindowsUpdate\AU\\NoAutoUpdate - 0
    WindowsUpdate\AU\\AUOptions - 4
    WindowsUpdate\AU\\ScheduledInstallDay - 0
    WindowsUpdate\AU\\ScheduledInstallTime - 3

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile - Include SUBKEYS
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile - not found.

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile - Include SUBKEYS
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile - not found.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
    Control\\CurrentUser - USERNAME
    Control\\WaitToKillServiceTimeout - 20000
    Control\\SystemStartOptions - FASTDETECT NOEXECUTE=OPTIN SAFEBOOT:MINIMAL SOS BOOTLOG NOGUIBOOT
    Control\\SystemBootDevice - multi(0)disk(0)rdisk(0)partition(1)
    \AGP
    \Arbiters
    \BackupRestore
    \Biosinfo
    \BootVerificationProgram
    \Class
    \CoDeviceInstallers
    \COM Name Arbiter
    \ComputerName
    \ContentIndex
    \ContentIndexCommon
    \CrashControl
    \CriticalDeviceDatabase
    \DeviceClasses
    \FileSystem
    \GraphicsDrivers
    \GroupOrderList
    \HAL
    \IDConfigDB
    \Keyboard Layout
    \Keyboard Layouts
    \Lsa
    \MediaCategories
    \MediaInterfaces
    \MediaProperties
    \MediaResources
    \MediaSets
    \Network
    \NetworkProvider
    \Nls
    \NTMS
    \PnP
    \Print
    \PriorityControl
    \ProductOptions
    \SafeBoot
    \ScsiPort
    \SecurePipeServers
    \SecurityProviders
    \Server Applications
    \ServiceGroupOrder
    \ServiceProvider
    \Session Manager
    \Setup
    \StillImage
    \SystemResources
    \Terminal Server
    \TimeZoneInformation
    \Update
    \UsbFlags
    \Video
    \VirtualDeviceDrivers
    \Watchdog
    \Windows
    \WMI
    \WOW
    \hivelist
    \ServiceCurrent
     
  13. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    Lsa\\Authentication Packages - msv1_0;
    Lsa\\Bounds - 00 30 00 00 00 20 00 00
    Lsa\\Security Packages - kerberos;msv1_0;schannel;wdigest;
    Lsa\\LsaPid - 324
    Lsa\\SecureBoot - 1
    Lsa\\auditbaseobjects - 0
    Lsa\\crashonauditfail - 0
    Lsa\\disabledomaincreds - 0
    Lsa\\everyoneincludesanonymous - 0
    Lsa\\fipsalgorithmpolicy - 0
    Lsa\\forceguest - 1
    Lsa\\fullprivilegeauditing - 00
    Lsa\\limitblankpassworduse - 1
    Lsa\\lmcompatibilitylevel - 0
    Lsa\\nodefaultadminowner - 1
    Lsa\\nolmhash - 0
    Lsa\\restrictanonymous - 0
    Lsa\\restrictanonymoussam - 1
    Lsa\\Notification Packages - scecli;
    Lsa\\Windows USB controler - winusb.exe
    Lsa\\ImpersonatePrivilegeUpgradeToolHasRun - 1
    Lsa\\enabledcom - y
    Lsa\AccessProviders\\ProviderOrder - Windows NT Access Provider;
    Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath - %SystemRoot%\system32\ntmarta.dll
    Lsa\Data\\Pattern - BF F4 E3 0B B3 01 CE 5A 4E 30 DE 82 47 A3 E9 81 39 65 37 33 33 65 31 30 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 BB E7 E0 5D
    Lsa\GBG\\GrafBlumGroup - 3D 40 C3 46 CA B6 3C 24 36
    Lsa\JD\\Lookup - B7 51 87 D3 EC 2B
    Lsa\msv1_0\\ntlmminclientsec - 0
    Lsa\msv1_0\\ntlmminserversec - 0
    Lsa\msv1_0\\Auth132 - IISSUBA
    Lsa\Skew1\\SkewMatrix - A1 A4 A7 FC A9 8D D4 B4 F7 A0 A5 FB C1 D8 72 CB
    Lsa\SSO\Passport1.4\\SSOURL - http://www.passport.com
    Lsa\SspiCache\\Time - 06 EA 15 C3 B2 A4 C4 01
    Lsa\SspiCache\digest.dll\\Name - Digest
    Lsa\SspiCache\digest.dll\\Comment - Digest SSPI Authentication Package
    Lsa\SspiCache\digest.dll\\Capabilities - 16464
    Lsa\SspiCache\digest.dll\\RpcId - 65535
    Lsa\SspiCache\digest.dll\\Version - 1
    Lsa\SspiCache\digest.dll\\TokenSize - 65535
    Lsa\SspiCache\digest.dll\\Time - 00 D9 4A 94 F8 79 C4 01
    Lsa\SspiCache\digest.dll\\Type - 49
    Lsa\SspiCache\msapsspc.dll\\Name - DPA
    Lsa\SspiCache\msapsspc.dll\\Comment - DPA Security Package
    Lsa\SspiCache\msapsspc.dll\\Capabilities - 55
    Lsa\SspiCache\msapsspc.dll\\RpcId - 17
    Lsa\SspiCache\msapsspc.dll\\Version - 1
    Lsa\SspiCache\msapsspc.dll\\TokenSize - 768
    Lsa\SspiCache\msapsspc.dll\\Time - 00 D9 4A 94 F8 79 C4 01
    Lsa\SspiCache\msapsspc.dll\\Type - 49
    Lsa\SspiCache\msnsspc.dll\\Name - MSN
    Lsa\SspiCache\msnsspc.dll\\Comment - MSN Security Package
    Lsa\SspiCache\msnsspc.dll\\Capabilities - 55
    Lsa\SspiCache\msnsspc.dll\\RpcId - 18
    Lsa\SspiCache\msnsspc.dll\\Version - 1
    Lsa\SspiCache\msnsspc.dll\\TokenSize - 768
    Lsa\SspiCache\msnsspc.dll\\Time - 80 6F E3 94 F8 79 C4 01
    Lsa\SspiCache\msnsspc.dll\\Type - 49

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
    Parameters\\autodisconnect - 15
    Parameters\\enableforcedlogoff - 1
    Parameters\\enablesecuritysignature - 0
    Parameters\\requiresecuritysignature - 0
    Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
    Parameters\\NullSessionShares - COMCFG;DFS$;
    Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
    Parameters\\Lmannounce - 0
    Parameters\\Size - 1
    Parameters\\Guid - 9C 96 BC DA 97 84 F2 4D AF FE 6C 41 C9 A9 83 B4
    Parameters\\CachedOpenLimit - 0
    Parameters\\AdjustedNullSessionPipes - 1

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters]
    Parameters\\autodisconnect - 15
    Parameters\\enableforcedlogoff - 1
    Parameters\\enablesecuritysignature - 0
    Parameters\\requiresecuritysignature - 0
    Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
    Parameters\\NullSessionShares - COMCFG;DFS$;
    Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
    Parameters\\Lmannounce - 0
    Parameters\\Size - 1
    Parameters\\Guid - 9C 96 BC DA 97 84 F2 4D AF FE 6C 41 C9 A9 83 B4
    Parameters\\CachedOpenLimit - 0
    Parameters\\AdjustedNullSessionPipes - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters]
    Parameters\\enableplaintextpassword - 0
    Parameters\\enablesecuritysignature - 1
    Parameters\\requiresecuritysignature - 0
    Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
    Parameters\\OtherDomains -

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters]
    Parameters\\enableplaintextpassword - 0
    Parameters\\enablesecuritysignature - 1
    Parameters\\requiresecuritysignature - 0
    Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
    Parameters\\OtherDomains -

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
    SharedAccess\\Type - 32
    SharedAccess\\Start - 2
    SharedAccess\\ErrorControl - 1
    SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
    SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
    SharedAccess\\DependOnService - Netman;WinMgmt;
    SharedAccess\\DependOnGroup -
    SharedAccess\\ObjectName - LocalSystem
    SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    SharedAccess\Epoch\\Epoch - 38356
    SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP - 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP - 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP - 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP - 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP - 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP - 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 1
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe - C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe - C:\Program Files\Ares\Ares.exe:*:Enabled:Ares
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe - C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares Gold\AresGold.exe - C:\Program Files\Ares Gold\AresGold.exe:*:Enabled:AresGold
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe - C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe - C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe - C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP - 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP - 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP - 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP - 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP - 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP - 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    SharedAccess\Setup\\ServiceUpgrade - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4AF8BA6F-6293-485D-A7A4-846A2870FA08} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430} - 1
    SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
    SharedAccess\Enum\\Count - 1
    SharedAccess\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
    RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
    RemoteRegistry\\DependOnService - RPCSS;
    RemoteRegistry\\DisplayName - Remote Registry
    RemoteRegistry\\ErrorControl - 1
    RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
    RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
    RemoteRegistry\\Group -
    RemoteRegistry\\Start - 2
    RemoteRegistry\\Type - 32
    RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
    RemoteRegistry\Parameters\\ServiceDll - %SystemRoot%\system32\regsvc.dll
    RemoteRegistry\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    RemoteRegistry\Enum\\0 - Root\LEGACY_REMOTEREGISTRY\0000
    RemoteRegistry\Enum\\Count - 1
    RemoteRegistry\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
    RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
    RemoteRegistry\\DependOnService - RPCSS;
    RemoteRegistry\\DisplayName - Remote Registry
    RemoteRegistry\\ErrorControl - 1
    RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
    RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
    RemoteRegistry\\Group -
    RemoteRegistry\\Start - 2
    RemoteRegistry\\Type - 32
    RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
    RemoteRegistry\Parameters\\ServiceDll - %SystemRoot%\system32\regsvc.dll
    RemoteRegistry\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    RemoteRegistry\Enum\\0 - Root\LEGACY_REMOTEREGISTRY\0000
    RemoteRegistry\Enum\\Count - 1
    RemoteRegistry\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - Include SUBKEYS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - not found.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - Include SUBKEYS
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - not found.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
    TlntSvr\\Type - 16
    TlntSvr\\Start - 4
    TlntSvr\\ErrorControl - 1
    TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
    TlntSvr\\DisplayName - Telnet
    TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
    TlntSvr\\DependOnGroup -
    TlntSvr\\ObjectName - LocalSystem
    TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TlntSvr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr]
    TlntSvr\\Type - 16
    TlntSvr\\Start - 4
    TlntSvr\\ErrorControl - 1
    TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
    TlntSvr\\DisplayName - Telnet
    TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
    TlntSvr\\DependOnGroup -
    TlntSvr\\ObjectName - LocalSystem
    TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TlntSvr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
    wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
    wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
    wuauserv\Enum\\Count - 1
    wuauserv\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
    wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
    wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
    wuauserv\Enum\\Count - 1
    wuauserv\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings]
    Internet Settings\\ProxyEnable - 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
    Internet Settings\\ProxyEnable - 0

    >>>>Output for AddOn file Exe_Test.def<<<<
    DIR C:\WINDOWS\*.exe (Parameters = )
    C:\WINDOWS\agrsmdel.exe( (Agere Systems))
    C:\WINDOWS\AGRSMMSG.exe( (Agere Systems))
    C:\WINDOWS\explorer.exe( (Microsoft Corporation))
    C:\WINDOWS\hh.exe( (Microsoft Corporation))
    C:\WINDOWS\notepad.exe( (Microsoft Corporation))
    C:\WINDOWS\QT32INST.EXE( (Apple Computer, Inc.))
    C:\WINDOWS\QTW32DEL.EXE( (Apple Computer, Inc.))
    C:\WINDOWS\regedit.exe( (Microsoft Corporation))
    C:\WINDOWS\slrundll.exe( (Smart Link))
    C:\WINDOWS\taskman.exe( (Microsoft Corporation))
    C:\WINDOWS\twunk_16.exe( (Twain Working Group))
    C:\WINDOWS\twunk_32.exe( (Twain Working Group))
    C:\WINDOWS\winhelp.exe( (Microsoft Corporation))
    C:\WINDOWS\winhlp32.exe( (Microsoft Corporation))

    DIR C:\*.* (Parameters = )
    C:\AUTOEXEC.BAT( ())
    C:\avenger.txt( ())
    C:\az.log( ())
    C:\boot.ini( ())
    C:\ComboFix.txt( ())
    C:\ComboFix2.txt( ())
    C:\ComboFix3.txt( ())
    C:\CONFIG.SYS( ())
    C:\data( ())
    C:\debug.txt( ())
    C:\DVDPATH.TXT( ())
    C:\hpfr5100.log( ())
    C:\IO.SYS( ())
    C:\IPH.PH( ())
    C:\lesen.nfo( ())
    C:\MSDOS.SYS( ())
    C:\NTDETECT.COM( ())
    C:\ntldr( ())
    C:\resolve.log( ())
    C:\Saugstube www.saugstube.to The best EmulePage Emuleseite Eselseite.url( ())
    C:\setup.log( ())
    C:\sunjava.log( ())
    C:\VundoFix.txt( ())
    C:\Wie_entpacken...txt( ())
    C:\YServer.txt( ())

    DIR C:\Program Files\*.* (Parameters = )
    C:\Program Files\desktop.ini( ())

    >>>>Output for AddOn file FileAssoc.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat]
    .bat\\ - batfile
    \PersistentHandler

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile]
    batfile\\ - MS-DOS Batch File
    batfile\\EditFlags - 30 04 00 00
    batfile\DefaultIcon\\ - %SystemRoot%\System32\shell32.dll,-153
    batfile\shell\edit\command\\ - %SystemRoot%\System32\NOTEPAD.EXE %1
    batfile\shell\open\\EditFlags - 00 00 00 00
    batfile\shell\open\command\\ - "%1" %*
    batfile\shell\print\command\\ - %SystemRoot%\System32\NOTEPAD.EXE /p %1
    batfile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D}
    batfile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D}
    batfile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd]
    .cmd\\ - cmdfile
    \PersistentHandler

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile]
    cmdfile\\ - Windows NT Command Script
    cmdfile\\EditFlags - 30 04 00 00
    cmdfile\DefaultIcon\\ - %SystemRoot%\System32\shell32.dll,-153
    cmdfile\shell\edit\command\\ - %SystemRoot%\System32\NOTEPAD.EXE %1
    cmdfile\shell\open\\EditFlags - 00 00 00 00
    cmdfile\shell\open\command\\ - "%1" %*
    cmdfile\shell\print\command\\ - %SystemRoot%\System32\NOTEPAD.EXE /p %1
    cmdfile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D}
    cmdfile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D}
    cmdfile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com]
    .com\\ - comfile
    \PersistentHandler

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile]
    comfile\\ - MS-DOS Application
    comfile\\EditFlags - 30 00 00 00
    comfile\DefaultIcon\\ - %SystemRoot%\System32\shell32.dll,2
    comfile\shell\open\\EditFlags - 00 00 00 00
    comfile\shell\open\command\\ - "%1" %*
    comfile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D}
    comfile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]
    .exe\\ - exefile
    .exe\\Content Type - application/x-msdownload
    \PersistentHandler

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile]
    exefile\\ - Application
    exefile\\EditFlags - 38 07 00 00
    exefile\\TileInfo - prop:FileDescription;Company;FileVersion
    exefile\\InfoTip - prop:FileDescription;Company;FileVersion;Create;Size
    exefile\DefaultIcon\\ - %1
    exefile\shell\open\\EditFlags - 00 00 00 00
    exefile\shell\open\command\\ - "%1" %*
    exefile\shell\runas\command\\ - "%1" %*
    exefile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D}
    exefile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D}
    exefile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
    exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\ -

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk]
    .lnk\\ - lnkfile
    .lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}\\ - {00021401-0000-0000-C000-000000000046}
    .lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}\\ - {00021401-0000-0000-C000-000000000046}
    .lnk\ShellEx\{00021500-0000-0000-C000-000000000046}\\ - {00021401-0000-0000-C000-000000000046}
    .lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\\ - {00021401-0000-0000-C000-000000000046}
    .lnk\ShellNew\\Command - rundll32.exe appwiz.cpl,NewLinkHere %1

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile]
    lnkfile\\ - Shortcut
    lnkfile\\EditFlags - 1
    lnkfile\\IsShortcut -
    lnkfile\\NeverShowExt -
    lnkfile\CLSID\\ - {00021401-0000-0000-C000-000000000046}
    lnkfile\shellex\ContextMenuHandlers\Offline Files\\ - {750fdf0e-2a26-11d1-a3ea-080036587f03}
    lnkfile\shellex\DropHandler\\ - {00021401-0000-0000-C000-000000000046}
    lnkfile\shellex\IconHandler\\ - {00021401-0000-0000-C000-000000000046}
    lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
     
  14. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    HKEY_CURRENT_USER\SOFTWARE\Classes\.bat - No SUBKEYS
    HKEY_CURRENT_USER\SOFTWARE\Classes\.bat - not found.

    HKEY_CURRENT_USER\SOFTWARE\Classes\batfile - Include SUBKEYS
    HKEY_CURRENT_USER\SOFTWARE\Classes\batfile - not found.

    HKEY_CURRENT_USER\SOFTWARE\Classes\.cmd - No SUBKEYS
    HKEY_CURRENT_USER\SOFTWARE\Classes\.cmd - not found.

    HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile - Include SUBKEYS
    HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile - not found.

    HKEY_CURRENT_USER\SOFTWARE\Classes\.com - No SUBKEYS
    HKEY_CURRENT_USER\SOFTWARE\Classes\.com - not found.

    HKEY_CURRENT_USER\SOFTWARE\Classes\comfile - Include SUBKEYS
    HKEY_CURRENT_USER\SOFTWARE\Classes\comfile - not found.

    HKEY_CURRENT_USER\SOFTWARE\Classes\.exe - No SUBKEYS
    HKEY_CURRENT_USER\SOFTWARE\Classes\.exe - not found.

    HKEY_CURRENT_USER\SOFTWARE\Classes\exefile - Include SUBKEYS
    HKEY_CURRENT_USER\SOFTWARE\Classes\exefile - not found.

    HKEY_CURRENT_USER\SOFTWARE\Classes\.lnk - Include SUBKEYS
    HKEY_CURRENT_USER\SOFTWARE\Classes\.lnk - not found.

    HKEY_CURRENT_USER\SOFTWARE\Classes\lnkfile - Include SUBKEYS
    HKEY_CURRENT_USER\SOFTWARE\Classes\lnkfile - not found.

    >>>>Output for AddOn file HKCU_IEDesktop.def<<<<
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop]
    Desktop\Components\\DeskHtmlVersion - 272
    Desktop\Components\\DeskHtmlMinorVersion - 5
    Desktop\Components\\Settings - 1
    Desktop\Components\\GeneralFlags - 1
    Desktop\Components\0\\Source - About:Home
    Desktop\Components\0\\SubscribedURL - About:Home
    Desktop\Components\0\\FriendlyName - My Current Home Page
    Desktop\Components\0\\Flags - 2
    Desktop\Components\0\\Position - 2C 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3A 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
    Desktop\Components\0\\CurrentState - 04 00 00 40
    Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
    Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00
    Desktop\General\\BackupWallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    Desktop\General\\WallpaperFileTime - 9A 22 52 D5 A8 FF C6 01
    Desktop\General\\WallpaperLocalFileTime - 9A 1A 7C EC 7E FF C6 01
    Desktop\General\\TileWallpaper - 0
    Desktop\General\\WallpaperStyle - 2
    Desktop\General\\Wallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    Desktop\General\\ComponentsPositioned - 1
    Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
    Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00
    Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
    Desktop\SafeMode\General\\VisitGallery - 0
    Desktop\Scheme\\Edit -
    Desktop\Scheme\\Display -

    >>>>Output for AddOn file Jobs.def<<<<
    DIR C:\WINDOWS\tasks\*.* (Parameters = Include SubFolders)
    C:\WINDOWS\tasks\desktop.ini( ())
    C:\WINDOWS\tasks\SA.DAT( ())

    >>>>Output for AddOn file Policies.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
    policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
    policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
    policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
    policies\system\\dontdisplaylastusername - 0
    policies\system\\legalnoticecaption -
    policies\system\\legalnoticetext -
    policies\system\\shutdownwithoutlogon - 1
    policies\system\\undockwithoutlogon - 1

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\Explorer\\NoDriveTypeAutoRun - 145

    >>>>Output for AddOn file Security.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    Security Center\\AntiVirusDisableNotify - 0
    Security Center\\FirewallDisableNotify - 0
    Security Center\\UpdatesDisableNotify - 0
    Security Center\\AntiVirusOverride - 0
    Security Center\\FirewallOverride - 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
    BITS\\Type - 32
    BITS\\Start - 2
    BITS\\ErrorControl - 1
    BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
    BITS\\DisplayName - Background Intelligent Transfer Service
    BITS\\DependOnService - Rpcss;
    BITS\\DependOnGroup -
    BITS\\ObjectName - LocalSystem
    BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
    BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
    BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
    BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    BITS\Enum\\0 - Root\LEGACY_BITS\0000
    BITS\Enum\\Count - 1
    BITS\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
    SharedAccess\\Type - 32
    SharedAccess\\Start - 2
    SharedAccess\\ErrorControl - 1
    SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
    SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
    SharedAccess\\DependOnService - Netman;WinMgmt;
    SharedAccess\\DependOnGroup -
    SharedAccess\\ObjectName - LocalSystem
    SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    SharedAccess\Epoch\\Epoch - 38356
    SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP - 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP - 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP - 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP - 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP - 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP - 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 1
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe - C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe - C:\Program Files\Ares\Ares.exe:*:Enabled:Ares
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe - C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares Gold\AresGold.exe - C:\Program Files\Ares Gold\AresGold.exe:*:Enabled:AresGold
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe - C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe - C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe - C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP - 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP - 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP - 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP - 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP - 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP - 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    SharedAccess\Setup\\ServiceUpgrade - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4AF8BA6F-6293-485D-A7A4-846A2870FA08} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430} - 1
    SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
    SharedAccess\Enum\\Count - 1
    SharedAccess\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
    wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
    wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
    wuauserv\Enum\\Count - 1
    wuauserv\Enum\\NextInstance - 1

    >>>>Output for AddOn file ShellState.def<<<<
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer - No SUBKEYS
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
    Explorer\\WebFindBandHook - {68F2D3FC-8366-4a46-8224-58EFA2749425}
    Explorer\\FileFindBandHook - {FFAC7A18-EDF9-40de-BA3F-49FC2269855E}
    Explorer\\Logon User Name - JB
    Explorer\\ShellState - 24 00 00 00 38 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0D 00 00 00 00 00 00 00 02 00 00 00
    Explorer\\CleanShutdown - 0
    Explorer\\FaultCount - 0
    Explorer\\FaultTime - 0
    Explorer\\Browse For Folder Width - 318
    Explorer\\Browse For Folder Height - 288
    Explorer\\link - 16 00 00 00
    Explorer\\IconUnderline - ;
    Explorer\\NoFileFolderConnection - 0
    Explorer\\SearchSystemDirs - 1
    Explorer\\SearchHidden - 1
    Explorer\\IncludeSubFolders - 1
    Explorer\\CaseSensitive - 1
    Explorer\\SearchSlowFiles - 0
    Explorer\\EnableAutoTray - 0
    \Advanced
    \AutoComplete
    \AutoplayHandlers
    \BitBucket
    \CabinetState
    \CD Burning
    \CLSID
    \ComDlg32
    \ComputerDescriptions
    \Desktop
    \Discardable
    \FileExts
    \HideMyComputerIcons
    \MenuOrder
    \MountPoints2
    \NewShortcutHandlers
    \PropSummary
    \PublishingWizard
    \RecentDocs
    \RunMRU
    \Shell Folders
    \ShellImageView
    \SmallIcons
    \StartPage
    \StreamMRU
    \Streams
    \StuckRects2
    \tips
    \TrayNotify
    \User Shell Folders
    \UserAssist
    \VisualEffects
    \Wallpaper
    \WebView
    \WorkgroupCrawler
    \SessionInfo

    >>>>Output for AddOn file SID_Run_Policies.def<<<<
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies]
    Policies\Explorer\\NoDriveTypeAutoRun - 145
    Policies\Explorer\\CDRAutoRun - 0

    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies]
    Policies\Explorer\\NoDriveTypeAutoRun - 145
    Policies\Explorer\\CDRAutoRun - 0
     
  15. smoothone23

    smoothone23 Thread Starter

    Joined:
    Nov 29, 2006
    Messages:
    18
    >>>>Output for AddOn file Svc_Tcpip.def<<<<
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]
    Tcpip\\Type - 1
    Tcpip\\Start - 1
    Tcpip\\ErrorControl - 1
    Tcpip\\Tag - 4
    Tcpip\\ImagePath - System32\DRIVERS\tcpip.sys
    Tcpip\\DisplayName - TCP/IP Protocol Driver
    Tcpip\\Group - PNP_TDI
    Tcpip\\DependOnService - IPSec;
    Tcpip\\DependOnGroup -
    Tcpip\\Description - TCP/IP Protocol Driver
    Tcpip\Linkage\\Bind - \Device\{4AF8BA6F-6293-485D-A7A4-846A2870FA08};\Device\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430};\Device\NdisWanIp;
    Tcpip\Linkage\\Route - "{4AF8BA6F-6293-485D-A7A4-846A2870FA08}";"{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}";"NdisWanIp";
    Tcpip\Linkage\\Export - \Device\Tcpip_{4AF8BA6F-6293-485D-A7A4-846A2870FA08};\Device\Tcpip_{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430};\Device\Tcpip_{D5FA6670-955A-4215-BFD6-4C0777C2D6E9};\Device\Tcpip_{17D35B00-11C6-4A26-8BA1-0AEFE5203025};
    Tcpip\Parameters\\NV Hostname - jbscomputer
    Tcpip\Parameters\\DataBasePath - %SystemRoot%\System32\drivers\etc
    Tcpip\Parameters\\NameServer -
    Tcpip\Parameters\\ForwardBroadcasts - 0
    Tcpip\Parameters\\IPEnableRouter - 0
    Tcpip\Parameters\\Domain -
    Tcpip\Parameters\\Hostname - jbscomputer
    Tcpip\Parameters\\SearchList -
    Tcpip\Parameters\\UseDomainNameDevolution - 1
    Tcpip\Parameters\\EnableICMPRedirect - 1
    Tcpip\Parameters\\DeadGWDetectDefault - 1
    Tcpip\Parameters\\DontAddDefaultGatewayDefault - 0
    Tcpip\Parameters\\EnableSecurityFilters - 0
    Tcpip\Parameters\\TcpWindowSize - 65536
    Tcpip\Parameters\\DhcpNameServer - 192.168.178.1
    Tcpip\Parameters\Adapters\NdisWanIp\\LLInterface - WANARP
    Tcpip\Parameters\Adapters\NdisWanIp\\IpConfig - Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9};Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025};
    Tcpip\Parameters\Adapters\NdisWanIp\\NumInterfaces - 2
    Tcpip\Parameters\Adapters\NdisWanIp\\IpInterfaces - 70 66 FA D5 5A 95 15 42 BF D6 4C 07 77 C2 D6 E9 00 5B D3 17 C6 11 26 4A 8B A1 0A EF E5 20 30 25
    Tcpip\Parameters\Adapters\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\LLInterface -
    Tcpip\Parameters\Adapters\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\IpConfig - Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08};
    Tcpip\Parameters\Adapters\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\LLInterface -
    Tcpip\Parameters\Adapters\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\IpConfig - Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430};
    Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\UseZeroBroadcast - 0
    Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\EnableDHCP - 0
    Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\IPAddress - 0.0.0.0;
    Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\SubnetMask - 0.0.0.0;
    Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\DefaultGateway -
    Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\EnableDeadGWDetect - 1
    Tcpip\Parameters\Interfaces\{17D35B00-11C6-4A26-8BA1-0AEFE5203025}\\DontAddDefaultGateway - 0
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\UseZeroBroadcast - 0
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\EnableDeadGWDetect - 1
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\EnableDHCP - 1
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\IPAddress - 0.0.0.0;
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\SubnetMask - 0.0.0.0;
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DefaultGateway -
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DefaultGatewayMetric -
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\NameServer -
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\Domain -
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\RegistrationEnabled - 1
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\RegisterAdapterName - 0
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\TCPAllowedPorts - 0;
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\UDPAllowedPorts - 0;
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\RawIPAllowedProtocols - 0;
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\NTEContextList - 0x00000003;
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpClassIdBin -
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpServer - 192.168.178.1
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\Lease - 864000
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\LeaseObtainedTime - 1164988814
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\T1 - 1165420814
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\T2 - 1165744814
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\LeaseTerminatesTime - 1165852814
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\IPAutoconfigurationAddress - 0.0.0.0
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\IPAutoconfigurationMask - 255.255.0.0
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\IPAutoconfigurationSeed - 1493204691
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\AddressType - 0
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpIPAddress - 192.168.178.20
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpSubnetMask - 255.255.255.0
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpNameServer - 192.168.178.1
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpDefaultGateway - 192.168.178.1;
    Tcpip\Parameters\Interfaces\{4AF8BA6F-6293-485D-A7A4-846A2870FA08}\\DhcpSubnetMaskOpt - 255.255.255.0;
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\UseZeroBroadcast - 0
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\EnableDeadGWDetect - 1
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\EnableDHCP - 1
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\IPAddress - 0.0.0.0;
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\SubnetMask - 0.0.0.0;
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DefaultGateway -
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DefaultGatewayMetric -
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\NameServer -
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\Domain -
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\RegistrationEnabled - 1
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\RegisterAdapterName - 0
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\TCPAllowedPorts - 0;
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\UDPAllowedPorts - 0;
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\RawIPAllowedProtocols - 0;
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\NTEContextList - 0x00000002;
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DhcpClassIdBin -
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DhcpServer - 192.168.1.1
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\Lease - 86400
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\LeaseObtainedTime - 1156017089
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\T1 - 1156060289
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\T2 - 1156092689
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\LeaseTerminatesTime - 1156103489
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\IPAutoconfigurationAddress - 0.0.0.0
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\IPAutoconfigurationMask - 255.255.0.0
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\IPAutoconfigurationSeed - 0
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\AddressType - 0
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DhcpIPAddress - 192.168.1.103
    Tcpip\Parameters\Interfaces\{A473FDFF-DB6A-49C9-9D6B-50C7E57B3430}\\DhcpSubnetMask - 255.255.255.0
    Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\UseZeroBroadcast - 0
    Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\EnableDHCP - 0
    Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\IPAddress - 0.0.0.0;
    Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\SubnetMask - 0.0.0.0;
    Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\DefaultGateway -
    Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\EnableDeadGWDetect - 1
    Tcpip\Parameters\Interfaces\{D5FA6670-955A-4215-BFD6-4C0777C2D6E9}\\DontAddDefaultGateway - 0
    Tcpip\Parameters\Winsock\\UseDelayedAcceptance - 0
    Tcpip\Parameters\Winsock\\HelperDllName - %SystemRoot%\System32\wshtcpip.dll
    Tcpip\Parameters\Winsock\\MaxSockAddrLength - 16
    Tcpip\Parameters\Winsock\\MinSockAddrLength - 16
    Tcpip\Parameters\Winsock\\Mapping - 0B 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 02 00 00 00 11 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00
    Tcpip\Performance\\Close - CloseTcpIpPerformanceData
    Tcpip\Performance\\Collect - CollectTcpIpPerformanceData
    Tcpip\Performance\\Library - Perfctrs.dll
    Tcpip\Performance\\Open - OpenTcpIpPerformanceData
    Tcpip\Performance\\Object List - 502 510 546 582 638 658
    Tcpip\Performance\\WbemAdapFileSignature - 96 49 2C 72 1C 6E A5 17 E2 BF D5 38 1F EF 55 E3
    Tcpip\Performance\\WbemAdapFileTime - 00 E0 23 0E 7D F7 C2 01
    Tcpip\Performance\\WbemAdapFileSize - 39936
    Tcpip\Performance\\WbemAdapStatus - 0
    Tcpip\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    Tcpip\ServiceProvider\\Class - 8
    Tcpip\ServiceProvider\\DnsPriority - 2000
    Tcpip\ServiceProvider\\HostsPriority - 500
    Tcpip\ServiceProvider\\LocalPriority - 499
    Tcpip\ServiceProvider\\ProviderPath - %SystemRoot%\System32\wsock32.dll
    Tcpip\ServiceProvider\\NetbtPriority - 2001
    Tcpip\ServiceProvider\\Name - TCP/IP
    Tcpip\Enum\\0 - Root\LEGACY_TCPIP\0000
    Tcpip\Enum\\Count - 1
    Tcpip\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    Parameters\\NV Hostname - jbscomputer
    Parameters\\DataBasePath - %SystemRoot%\System32\drivers\etc
    Parameters\\NameServer -
    Parameters\\ForwardBroadcasts - 0
    Parameters\\IPEnableRouter - 0
    Parameters\\Domain -
    Parameters\\Hostname - jbscomputer
    Parameters\\SearchList -
    Parameters\\UseDomainNameDevolution - 1
    Parameters\\EnableICMPRedirect - 1
    Parameters\\DeadGWDetectDefault - 1
    Parameters\\DontAddDefaultGatewayDefault - 0
    Parameters\\EnableSecurityFilters - 0
    Parameters\\TcpWindowSize - 65536
    Parameters\\DhcpNameServer - 192.168.178.1
    \Adapters
    \DNSRegisteredAdapters
    \Interfaces
    \PersistentRoutes
    \Winsock

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters - No SUBKEYS
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters - not found.

    DIR C:\WINDOWS\system32\drivers\etc\*.* (Parameters = )
    C:\WINDOWS\system32\drivers\etc\hosts( ())
    C:\WINDOWS\system32\drivers\etc\lmhosts.sam( ())
    C:\WINDOWS\system32\drivers\etc\networks( ())
    C:\WINDOWS\system32\drivers\etc\protocol( ())
    C:\WINDOWS\system32\drivers\etc\services( ())

    >>>>Output for AddOn file SvcHost_Check.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
    Svchost\\LocalService - Alerter;WebClient;LmHosts;RemoteRegistry;upnphost;SSDPSRV;
    Svchost\\NetworkService - DnsCache;
    Svchost\\netsvcs - 6to4;AppMgmt;AudioSrv;Browser;CryptSvc;DMServer;DHCP;ERSvc;EventSystem;FastUserSwitchingCompatibility;HidServ;Ias;Iprip;Irmon;LanmanServer;LanmanWorkstation;Messenger;Netman;Nla;Ntmssvc;NWCWorkstation;Nwsapagent;Rasauto;Rasman;Remoteaccess;Schedule;Seclogon;SENS;Sharedaccess;SRService;Tapisrv;Themes;TrkWks;W32Time;WZCSVC;Wmi;WmdmPmSp;winmgmt;TermService;wuauserv;BITS;ShellHWDetection;helpsvc;xmlprov;wscsvc;
    Svchost\\rpcss - RpcSs;
    Svchost\\imgsvc - StiSvc;
    Svchost\\termsvcs - TermService;
    Svchost\\HTTPFilter - HTTPFilter;
    Svchost\\DcomLaunch - DcomLaunch;TermService;
    Svchost\\Usnsvc - usnsvc;
    Svchost\\WudfServiceGroup - WUDFSvc;
    \DComLaunch
    \HTTPFilter
    \LocalService
    \netsvcs
    \PCHealth
    \termsvcs

    >>>>Output for AddOn file SystemRestore.def<<<<
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore - Include SUBKEYS
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore - not found.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
    sr\\Type - 2
    sr\\Start - 0
    sr\\ErrorControl - 1
    sr\\Tag - 4
    sr\\ImagePath - System32\DRIVERS\sr.sys
    sr\\DisplayName - System Restore Filter Driver
    sr\\Group - FSFilter System Recovery
    sr\Parameters\\FirstRun - 0
    sr\Parameters\\DontBackup - 0
    sr\Parameters\\MachineGuid - {22B40D71-D7F0-4DCF-850C-41853A8E1A1A}
    sr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    sr\Enum\\0 - Root\LEGACY_SR\0000
    sr\Enum\\Count - 1
    sr\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_SR - Include SUBKEYS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_SR - not found.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr]
    sr\\Type - 2
    sr\\Start - 0
    sr\\ErrorControl - 1
    sr\\Tag - 4
    sr\\ImagePath - System32\DRIVERS\sr.sys
    sr\\DisplayName - System Restore Filter Driver
    sr\\Group - FSFilter System Recovery
    sr\Parameters\\FirstRun - 0
    sr\Parameters\\DontBackup - 0
    sr\Parameters\\MachineGuid - {22B40D71-D7F0-4DCF-850C-41853A8E1A1A}
    sr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    sr\Enum\\0 - Root\LEGACY_SR\0000
    sr\Enum\\Count - 1
    sr\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_SR - Include SUBKEYS
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_SR - not found.

    >>>>Output for AddOn file ZoneMap.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - No SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
    ProtocolDefaults\\ -
    ProtocolDefaults\\http - 3
    ProtocolDefaults\\https - 3
    ProtocolDefaults\\ftp - 3
    ProtocolDefaults\\file - 3
    ProtocolDefaults\\@ivt - 1
    ProtocolDefaults\\shell - 0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - No SUBKEYS
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
    ProtocolDefaults\\ -
    ProtocolDefaults\\http - 3
    ProtocolDefaults\\https - 3
    ProtocolDefaults\\ftp - 3
    ProtocolDefaults\\file - 3
    ProtocolDefaults\\@ivt - 1
    ProtocolDefaults\\shell - 0


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/522534

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice