Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Here we go again... Spyware attack on my computer!

Started by PixelHappy , Dec 28 2007 12:37 PM

This topic is locked

#46
PixelHappy

Posted 12 January 2008 - 09:03 AM

Member

Topic Starter
Member
47 posts

sorry

WinPFind3 logfile created on: 1/12/2008 10:00:26 AM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Jamie Silva\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1.25 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 63.93% Memory free
1.48 Gb Paging File | 1.10 Gb Available in Paging File | 74.16% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.77 Gb Free Space | 31.63% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: JAMIE
Current User Name: Jamie Silva
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
astsrv.exe -> %System32%\AstSrv.exe -> Advanced Software Technologies [Ver = 1, 0, 1, 0 | Size = 53248 bytes | Modified Date = 6/20/2007 10:11:58 AM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/23/2007 6:15:10 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/20/2007 6:21:54 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 7/15/2007 7:22:26 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
kodaksvc.exe -> %ProgramFiles%\Kodak\Printer\Center\KodakSvc.exe -> SDSD [Ver = 1.2.484.0 | Size = 9728 bytes | Modified Date = 3/22/2007 6:04:18 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 6/2/2003 11:01:26 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 6/2/2003 10:56:02 AM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
swagent.exe -> %SystemDrive%\CFusionMX7\db\slserver54\bin\swagent.exe -> [Ver = | Size = 733253 bytes | Modified Date = 10/2/2003 2:37:24 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(astcc) AST Service [Win32_Own | Auto | Running] -> %System32%\AstSrv.exe -> Advanced Software Technologies [Ver = 1, 0, 1, 0 | Size = 53248 bytes | Modified Date = 6/20/2007 10:11:58 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/23/2007 6:15:10 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 7/15/2007 7:22:26 PM | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(ColdFusion MX 7 Application Server) ColdFusion MX 7 Application Server [Win32_Own | Disabled | Stopped] -> %SystemDrive%\CFusionMX7\runtime\bin\jrunsvc.exe -> Macromedia Inc. [Ver = 4,0,5,92909 | Size = 61440 bytes | Modified Date = 6/13/2006 10:30:06 AM | Attr = ]
(ColdFusion MX 7 ODBC Agent) ColdFusion MX 7 ODBC Agent [Win32_Own | Auto | Running] -> %SystemDrive%\CFusionMX7\db\slserver54\bin\swagent.exe -> [Ver = | Size = 733253 bytes | Modified Date = 10/2/2003 2:37:24 PM | Attr = ]
(ColdFusion MX 7 ODBC Server) ColdFusion MX 7 ODBC Server [Win32_Own | Disabled | Stopped] -> %SystemDrive%\CFusionMX7\db\slserver54\bin\swstrtr.exe -> [Ver = | Size = 118853 bytes | Modified Date = 10/2/2003 2:37:26 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 12/24/2007 2:26:20 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 6/1/2007 4:51:22 PM | Attr = ]
(KodakSvc) Kodak AiO Device Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Kodak\Printer\Center\KodakSvc.exe -> SDSD [Ver = 1.2.484.0 | Size = 9728 bytes | Modified Date = 3/22/2007 6:04:18 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 6/2/2003 11:01:26 AM | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> File not found
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/20/2007 6:21:54 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
RegistryMechanic -> -> File not found
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
-> -> File not found
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System ->
kdets.exe -> kdets.exe -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
WgaLogon -> Reg Data - Value does not exist -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.msn.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> Reg Data - Value does not exist [AIM Search] -> File not found
WebBrowser\\{A1C18A7B-55E9-4DA3-A880-D112C791A9D8} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0CCE52FE-DABB-456A-B05F-7992A3973928} -> 85.255.113.91,85.255.112.238 (Broadcom 440x 10/100 Integrated Controller) ->
{63C84492-5472-4FB3-A898-08A82CAFA0AD} -> 85.255.113.91,85.255.112.238 () ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.micros...tes/ieawsdc.cab ->
{0B79F48A-E8D6-11DB-9283-E25056D89593} -> F-Secure Online Scanner 3.1 - CodeBase = http://support.f-sec...m/ols/fscax.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky...can_unicode.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.micr...922/wmv9VCM.CAB ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc3.cab ->
{48DD0448-9209-4F81-9F6D-D83562940134} -> MySpace Uploader Control - CodeBase = http://lads.myspace....ploader1005.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/...ows-i586-jc.cab ->
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_01 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macr...ash/swflash.cab ->

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 700 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> ´™|„ºS‹<¼S'14a4a6a1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> …×œÙÛŠC
->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> #9Aq}R ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> #Y+`‘ÚëB"=—6ÌsÞ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> „O³·³Ä ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> €oã”øyÄ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11749 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Explorer.EXE -> C:\WINDOWS\Explorer.EXE:*:Enabled:enable ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = Reg Data - Value does not exist] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = Reg Data - Value does not exist] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0046FA01-C5B9-4985-BACB-398DC480FC05} -> Adobe Photoshop CS3 ->
{03EDED24-8375-407D-A721-4643D9768BE1} -> kgchlwn ->
{04AF207D-9A77-465A-8B76-991F6AB66245} -> Adobe Help Viewer CS3 ->
{08094E03-AFE4-4853-9D31-6D0743DF5328} -> QuickTime ->
{08B32819-6EEF-4057-AEDA-5AB681A36A23} -> Adobe Bridge Start Meeting ->
{0996C331-6DCB-4E38-A3EC-0A77ABAE1361} -> Help_CTR ->
{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3} -> Destinations ->
{11F1920A-56A2-4642-B6E0-3B31A12C9288} -> Dell Solution Center ->
{11F3F858-4131-4FFA-A560-3FE282933B6E} -> kgchday ->
{15EE79F4-4ED1-4267-9B0F-351009325D7D} -> HP Software Update ->
{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} -> Adobe WinSoft Linguistics Plugin ->
{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862} -> Adobe ExtendScript Toolkit 2 ->
{2274624C-5B38-41AD-AD27-CEC0924EB628} -> Adobe Setup ->
{2875A5F5-E613-4F99-9B47-8882C9DD24A5} -> OfotoNow ->
{29E5EA97-5F74-4A57-B8B2-D4F169117183} -> Adobe Stock Photos CS3 ->
{2A97D5B3-A989-47E1-B207-1CA9E3635655} -> aioprnt ->
{30C19FF2-7FBA-4d09-B9DE-1659977F64F6} -> TrayApp ->
{3248F0A8-6813-11D6-A77B-00B0D0150070} -> J2SE Runtime Environment 5.0 Update 7 ->
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java™ SE Runtime Environment 6 Update 1 ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{35BDEFF1-A610-4956-A00D-15453C116395} -> Internet Explorer Default Page ->
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978) ->
{3819891A-030B-4a4e-98ED-B28A649E48AB} -> HP Deskjet 3900 series ->
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting ->
{42F6BED9-41DD-40F1-85A8-8E0350493626} -> HPDeskjet3900Series ->
{4537EA4B-F603-4181-89FB-2953FC695AB1} -> netbrdg ->
{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA} -> Rio Internet Update ->
{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF} -> Banctec Service Agreement ->
{51846830-E7B2-4218-8968-B77F0FF475B8} -> Adobe Color EU Extra Settings ->
{54793AA1-5001-42F4-ABB6-C364617C6078} -> Adobe Linguistics CS3 ->
{553E56C3-7AA1-45FE-A2FC-2C43DC27F765} -> iTunes ->
{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE} -> WebReg ->
{5C29CB8B-AC1E-4114-8D68-9CD080140D4A} -> Sony USB Driver ->
{5F26311C-B135-4F7F-B11E-8E650F83651E} -> DeviceFunctionQFolder ->
{609F7AC8-C510-11D4-A788-009027ABA5D0} -> Easy CD Creator 5 Basic ->
{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder ->
{68D60342-7686-45C9-B8EB-40EF843D0460} -> Dell Networking Guide ->
{693C08A7-9E76-43FF-B11E-9A58175474C4} -> kgckids ->
{6ABE0BEE-D572-4FE8-B434-9E72A289431B} -> Adobe Fonts All ->
{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} -> Adobe Asset Services CS3 ->
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 ->
{7148F0A8-6813-11D6-A77B-00B0D0142010} -> Java 2 Runtime Environment, SE v1.4.2_01 ->
{73F1681F-ADE1-461F-9F18-B7640507D395} -> ksdip ->
{791E3D44-33D3-4446-82AD-5CD4B0169083} -> aiofw ->
{79E41D91-BA1C-44B9-9358-48E598263ECF} -> center ->
{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} -> DellSupport ->
{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper ->
{802771A9-A856-4A41-ACF7-1450E523C923} -> Adobe XMP Panels CS3 ->
{843081BD-351F-46FC-8A17-517A0D9117A3} -> helptut ->
{8855FF30-19CE-4CB1-A654-87B38369CCE1} -> Stomp RecordNow MAX ->
{89EE857B-8970-4F9F-AB58-A1C873AC72B3} -> Broadcom Management Programs ->
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel® Extreme Graphics Driver ->
{8A8664E1-84C8-4936-891C-BC1F07797549} -> kgcvday ->
{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} -> Adobe Device Central CS3 ->
{8D7574B1-49D7-41E6-9C2E-6B49A8619E64} -> BCL easyPDF Printer Driver 5.0 ->
{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} -> Adobe Type Support ->
{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26} -> Musicmatch® Jukebox ->
{90176341-0A8B-4CCC-A78D-F862228A6B95} -> Adobe Anchor Service CS3 ->
{90280409-6000-11D3-8CFE-0050048383C9} -> Microsoft Office XP Professional with FrontPage ->
{90D55A3F-1D99-4C94-A77E-46DC14F0BF08} -> Help and Support Customization ->
{95655ED4-7CA5-46DF-907F-7144877A32E5} -> Adobe Color NA Recommended Settings ->
{9BD54685-1496-46A5-AB62-357CD140ED8B} -> kgcinvt ->
{9C9824D9-9000-4373-A6A5-D0E5D4831394} -> Adobe Bridge CS3 ->
{A1588373-1D86-4D44-86C9-78ABD190F9CC} -> kgcmove ->
{A260B422-70E1-41E2-957D-F76FA21266D5} -> Apple Software Update ->
{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} -> Adobe CMaps ->
{A2D81E70-2A98-4A08-A628-94388B063C5E} -> Adobe Color - Photoshop Specific ->
{AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder ->
{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} -> PDF Settings ->
{AC76BA86-7AD7-1033-7B44-A00000000001} -> Adobe Reader 6.0.1 ->
{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8} -> Citrix Presentation Server Client ->
{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} -> Adobe Camera Raw 4.0 ->
{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} -> CCScore ->
{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC} -> BufferChm ->
{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} -> KSU ->
{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} -> Adobe Default Language CS3 ->
{C0251585-1BE8-4278-B3CB-964B6E01C59D} -> aioscnnr ->
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181) ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition ->
{D0DFF92A-492E-4C40-B862-A74A173C25C5} -> Adobe Version Cue CS3 Client ->
{D1BB4446-AE9C-4256-9A7F-4D46604D2462} -> Adobe Setup ->
{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} -> Adobe PDF Library Files ->
{D32470A1-B10C-4059-BA53-CF0486F68EBC} -> KODAK EASYSHARE 5000 Series All-in-One Software ->
{D504303A-717D-414C-BA9F-FE01093E2EF8} -> Adobe Setup ->
{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} -> Adobe Color Common Settings ->
{DB02F716-6275-42E9-B8D2-83BA2BF5100B} -> SFR ->
{DC626A21-EDF1-40C7-8F2F-D2BA7535529F} -> helpug ->
{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} -> Adobe Color JA Extra Settings ->
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware 2007 ->
{E18B549C-5D15-45DA-8D8F-8FD2BD946344} -> kgcbaby ->
{E3F90083-80D4-4b5a-87C7-E97E12F5516D} -> HPProductAssistant ->
{E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect ->
{E69AE897-9E0B-485C-8552-7841F48D42D8} -> Adobe Update Manager CS3 ->
{EA103B64-C0E4-4C0E-A506-751590E1653D} -> SolutionCenter ->
{F45298E5-0083-426F-A668-1A2C5F04B8A0} -> FaxTools ->
{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4} -> Status ->
{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B} -> Banctec Service Agreement ->
{FE64AE29-0883-4C70-8388-DC026019C900} -> HP Image Zone Express ->
Adobe_2ac78060bc5856b0c1cf873bb919b58 -> Adobe Photoshop CS3 ->
Adobe_5bc0f8414ec36c555a3e7e5ec2e225e -> Adobe ExtendScript Toolkit 2 ->
Adobe_cbb2ea61da9c780bd7e47a5230a9ed7 -> Adobe Stock Photos CS3 ->
AVG7Uninstall -> AVG 7.5 ->
AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 ->
CNXT_MODEM_PCI_VEN_14F1&DEV_2702 -> Conexant SmartHSFi V.9x 56K DF PCI Modem ->
Dell AIO Printer A920 -> Dell AIO Printer A920 ->
Dell Digital Jukebox Driver -> Dell Digital Jukebox Driver ->
HijackThis -> HijackThis 2.0.2 ->
HP Imaging Device Functions -> HP Imaging Device Functions 5.0 ->
HP Solution Center & Imaging Support Tools -> HP Solution Center & Imaging Support Tools 5.0 ->
InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3} -> Broadcom Management Programs ->
Investment Performance Calculator (Evaluation)_is1 -> Investment Performance Calculator Version 3.0 ->
Investment Performance Calculator_is1 -> Investment Performance Calculator - 2.01 ->
Kaspersky Online Scanner -> Kaspersky Online Scanner ->
KB834707 -> Windows XP Hotfix - KB834707 ->
KB867282 -> Windows XP Hotfix - KB867282 ->
KB870669 -> Microsoft Data Access Components KB870669 ->
KB873333 -> Windows XP Hotfix - KB873333 ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB883939 -> Security Update for Windows XP (KB883939) ->
KB885250 -> Windows XP Hotfix - KB885250 ->
KB885523 -> Windows XP Hotfix - KB885523 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB885884 -> Windows XP Hotfix - KB885884 ->
KB886185 -> Windows XP Hotfix - KB886185 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB887742 -> Windows XP Hotfix - KB887742 ->
KB888113 -> Windows XP Hotfix - KB888113 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890047 -> Windows XP Hotfix - KB890047 ->
KB890175 -> Windows XP Hotfix - KB890175 ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB890923 -> Windows XP Hotfix - KB890923 ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) ->
KB893066 -> Windows XP Hotfix - KB893066 ->
KB893086 -> Windows XP Hotfix - KB893086 ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803 -> Windows Installer 3.1 (KB893803) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894391 -> Update for Windows XP (KB894391) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896422 -> Security Update for Windows XP (KB896422) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896424 -> Security Update for Windows XP (KB896424) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB896688 -> Security Update for Windows XP (KB896688) ->
KB896727 -> Update for Windows XP (KB896727) ->
KB898458 -> Security Update for Step By Step Interactive Training (KB898458) ->
KB898461 -> Update for Windows XP (KB898461) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899588 -> Security Update for Windows XP (KB899588) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB903235 -> Security Update for Windows XP (KB903235) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB904942 -> Update for Windows XP (KB904942) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB905915 -> Security Update for Windows XP (KB905915) ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908531 -> Update for Windows XP (KB908531) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB911280 -> Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB911565 -> Security Update for Windows Media Player 9 (KB911565) ->
KB911567 -> Security Update for Windows XP (KB911567) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912812 -> Security Update for Windows XP (KB912812) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB913446 -> Security Update for Windows XP (KB913446) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB914440 -> Hotfix for Windows XP (KB914440) ->
KB915865 -> Hotfix for Windows XP (KB915865) ->
KB916281 -> Security Update for Windows XP (KB916281) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917422 -> Security Update for Windows XP (KB917422) ->
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734) ->
KB917734_WMP8 -> Security Update for Windows Media Player 8 (KB917734) ->
KB917734_WMP9 -> Security Update for Windows Media Player 9 (KB917734) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918118 -> Security Update for Windows XP (KB918118) ->
KB918439 -> Security Update for Windows XP (KB918439) ->
KB919007 -> Security Update for Windows XP (KB919007) ->
KB920213 -> Security Update for Windows XP (KB920213) ->
KB920670 -> Security Update for Windows XP (KB920670) ->
KB920683 -> Security Update for Windows XP (KB920683) ->
KB920685 -> Security Update for Windows XP (KB920685) ->
KB920872 -> Update for Windows XP (KB920872) ->
KB921398 -> Security Update for Windows XP (KB921398) ->
KB921503 -> Security Update for Windows XP (KB921503) ->
KB921883 -> Security Update for Windows XP (KB921883) ->
KB922582 -> Update for Windows XP (KB922582) ->
KB922616 -> Security Update for Windows XP (KB922616) ->
KB922819 -> Security Update for Windows XP (KB922819) ->
KB923191 -> Security Update for Windows XP (KB923191) ->
KB923414 -> Security Update for Windows XP (KB923414) ->
KB923689 -> Security Update for Windows XP (KB923689) ->
KB923694 -> Security Update for Windows XP (KB923694) ->
KB923723 -> Security Update for Step By Step Interactive Training (KB923723) ->
KB923980 -> Security Update for Windows XP (KB923980) ->
KB924191 -> Security Update for Windows XP (KB924191) ->
KB924270 -> Security Update for Windows XP (KB924270) ->
KB924496 -> Security Update for Windows XP (KB924496) ->
KB924667 -> Security Update for Windows XP (KB924667) ->
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) ->
KB925902 -> Security Update for Windows XP (KB925902) ->
KB926255 -> Secu

#47
PixelHappy

Posted 12 January 2008 - 09:04 AM

Member

Topic Starter
Member
47 posts

KB926255 -> Security Update for Windows XP (KB926255) ->
KB926436 -> Security Update for Windows XP (KB926436) ->
KB927779 -> Security Update for Windows XP (KB927779) ->
KB927802 -> Security Update for Windows XP (KB927802) ->
KB927891 -> Update for Windows XP (KB927891) ->
KB928090 -> Security Update for Windows XP (KB928090) ->
KB928255 -> Security Update for Windows XP (KB928255) ->
KB928365.T1_1ToU569_1 -> Security Update for Microsoft .NET Framework 2.0 (KB928365) ->
KB928843 -> Security Update for Windows XP (KB928843) ->
KB929123 -> Security Update for Windows XP (KB929123) ->
KB929338 -> Update for Windows XP (KB929338) ->
KB929969 -> Security Update for Windows XP (KB929969) ->
KB930178 -> Security Update for Windows XP (KB930178) ->
KB930916 -> Update for Windows XP (KB930916) ->
KB931261 -> Security Update for Windows XP (KB931261) ->
KB931768 -> Security Update for Windows XP (KB931768) ->
KB931784 -> Security Update for Windows XP (KB931784) ->
KB931836 -> Update for Windows XP (KB931836) ->
KB932168 -> Security Update for Windows XP (KB932168) ->
KB933360 -> Update for Windows XP (KB933360) ->
KB933566 -> Security Update for Windows XP (KB933566) ->
KB933729 -> Security Update for Windows XP (KB933729) ->
KB935839 -> Security Update for Windows XP (KB935839) ->
KB935840 -> Security Update for Windows XP (KB935840) ->
KB936021 -> Security Update for Windows XP (KB936021) ->
KB936357 -> Update for Windows XP (KB936357) ->
KB936782_WMP9 -> Security Update for Windows Media Player 9 (KB936782) ->
KB937143 -> Security Update for Windows XP (KB937143) ->
KB938127 -> Security Update for Windows XP (KB938127) ->
KB938828 -> Update for Windows XP (KB938828) ->
KB938829 -> Security Update for Windows XP (KB938829) ->
KB939653 -> Security Update for Windows XP (KB939653) ->
KB941202 -> Security Update for Windows XP (KB941202) ->
KB941568 -> Security Update for Windows XP (KB941568) ->
KB941569 -> Security Update for Windows XP (KB941569) ->
KB941644 -> Security Update for Windows XP (KB941644) ->
KB942615 -> Security Update for Windows XP (KB942615) ->
KB942763 -> Update for Windows XP (KB942763) ->
KB942840 -> Update for Windows XP (KB942840) ->
KB943460 -> Security Update for Windows XP (KB943460) ->
KB943485 -> Security Update for Windows XP (KB943485) ->
KB944653 -> Security Update for Windows XP (KB944653) ->
KB946627 -> Update for Windows XP (KB946627) ->
M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366) ->
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 ->
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 ->
MWASPI -> MicroStaff WINASPI ->
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs ->
RealPlayer 6.0 -> RealOne Player ->
Shockwave -> Shockwave ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 ->
UltimateZip 2007_is1 -> UltimateZip 2007 ->
WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
Windows Media Player -> Windows Media Player 10 ->
Windows XP Service Pack -> Windows XP Service Pack 2 ->
WinZip -> WinZip ->

[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 12/29/2007 4:58:17 PM | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 12/14/2007 4:02:28 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1340149760 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 12/29/2007 8:26:31 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 12/28/2007 2:11:55 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 1/1/2008 10:42:19 AM | Attr = ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 12/15/2007 5:35:38 PM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 12/17/2007 6:24:36 PM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Created Date = 12/17/2007 6:24:57 PM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 12/15/2007 5:34:36 PM | Attr = H ]
$NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Created Date = 1/10/2008 3:01:19 AM | Attr = H ]
$NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Created Date = 1/10/2008 3:01:05 AM | Attr = H ]
$NtUninstallKB946627$ -> %SystemRoot%\$NtUninstallKB946627$ -> [Folder | Created Date = 12/22/2007 3:01:12 AM | Attr = H ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Created Date = 12/17/2007 6:04:30 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 13, 12551 | Size = 581632 bytes | Created Date = 12/17/2007 6:04:30 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 12/17/2007 6:04:31 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 12/17/2007 6:04:30 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 12/17/2007 6:24:59 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 12/31/2007 11:50:09 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 12/18/2007 5:39:59 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 12/18/2007 5:39:05 PM | Attr = ]
rasqervy.dll -> %System32%\rasqervy.dll -> [Ver = | Size = 7 bytes | Created Date = 12/31/2007 12:15:53 PM | Attr = ]
sdfinacs.dll -> %System32%\sdfinacs.dll -> [Ver = | Size = 8 bytes | Created Date = 12/31/2007 12:15:49 PM | Attr = ]
sdfixwcs.dll -> %System32%\sdfixwcs.dll -> [Ver = | Size = 5 bytes | Created Date = 1/1/2008 10:46:12 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 12/29/2007 8:26:13 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 12/29/2007 8:26:13 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 12/29/2007 8:26:13 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 12/18/2007 5:39:05 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 12/29/2007 8:26:13 PM | Attr = ]
wuasirvy.dll -> %System32%\wuasirvy.dll -> [Ver = | Size = 104 bytes | Created Date = 12/31/2007 11:50:29 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 1/6/2008 11:07:11 AM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Created Date = 12/17/2007 6:04:30 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 1/12/2008 9:58:06 AM | Attr = RH ]
1a55ab6e0f6f9899d7147d -> %SystemDrive%\1a55ab6e0f6f9899d7147d -> [Folder | Modified Date = 12/18/2007 5:56:42 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/1/2008 10:47:10 AM | Attr = H ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 12/29/2007 4:58:18 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 1/6/2008 11:15:18 AM | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 1/9/2008 6:15:18 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1340149760 bytes | Modified Date = 1/12/2008 7:36:16 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/2/2008 9:26:04 PM | Attr = ]
pshop7 -> %SystemDrive%\pshop7 -> [Folder | Modified Date = 12/24/2007 5:03:16 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 12/31/2007 11:50:08 AM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 12/25/2007 11:30:52 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 12/14/2007 7:12:10 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 12/28/2007 2:11:56 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/12/2008 8:43:44 AM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 1/1/2008 10:42:20 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 10:28:26 PM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 12/15/2007 5:35:40 PM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Modified Date = 12/17/2007 6:24:38 PM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Modified Date = 12/17/2007 6:24:58 PM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Modified Date = 12/15/2007 5:34:38 PM | Attr = H ]
$NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Modified Date = 1/10/2008 3:01:20 AM | Attr = H ]
$NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Modified Date = 1/10/2008 3:01:06 AM | Attr = H ]
$NtUninstallKB946627$ -> %SystemRoot%\$NtUninstallKB946627$ -> [Folder | Modified Date = 12/22/2007 3:01:14 AM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 12/18/2007 6:55:10 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/28/2007 1:40:52 PM | Attr = R S]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 1/12/2008 7:36:18 AM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/7/2008 7:37:56 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 12/31/2007 11:49:20 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/25/2007 11:30:22 AM | Attr = R S]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Modified Date = 12/17/2007 6:04:32 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 12/17/2007 6:04:32 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 12/17/2007 6:04:32 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/10/2008 3:01:16 AM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 1/10/2008 3:01:24 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/1/2008 10:47:10 AM | Attr = HS]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 12/17/2007 6:25:00 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/12/2008 10:00:04 AM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 12/24/2007 5:07:20 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 12/18/2007 7:04:06 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 12/31/2007 11:47:50 AM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 1/12/2008 8:15:36 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 12/14/2007 7:24:04 PM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 1/12/2008 8:15:24 AM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 692 bytes | Modified Date = 12/18/2007 5:51:38 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/5/2008 7:53:02 PM | Attr = ]
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job -> [Ver = | Size = 448 bytes | Modified Date = 1/6/2008 5:18:12 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/12/2008 7:36:24 AM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 12/28/2007 12:59:22 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/9/2008 10:28:14 PM | Attr = ]
CONFIG -> %System32%\CONFIG -> [Folder | Modified Date = 12/18/2007 7:04:40 PM | Attr = ]
DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 1/10/2008 3:01:22 AM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 1/10/2008 3:01:22 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 1474392 bytes | Modified Date = 12/25/2007 11:30:48 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 12/18/2007 5:39:06 PM | Attr = ]
MAPISVC.INF -> %System32%\MAPISVC.INF -> [Ver = | Size = 535 bytes | Modified Date = 12/24/2007 5:07:20 PM | Attr = ]
PERFC009.DAT -> %System32%\PERFC009.DAT -> [Ver = | Size = 63520 bytes | Modified Date = 12/14/2007 7:19:02 PM | Attr = ]
PERFH009.DAT -> %System32%\PERFH009.DAT -> [Ver = | Size = 405010 bytes | Modified Date = 12/14/2007 7:19:02 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 476786 bytes | Modified Date = 12/14/2007 7:19:02 PM | Attr = ]
rasqervy.dll -> %System32%\rasqervy.dll -> [Ver = | Size = 7 bytes | Modified Date = 12/31/2007 12:15:54 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 12/25/2007 11:30:52 AM | Attr = ]
sdfinacs.dll -> %System32%\sdfinacs.dll -> [Ver = | Size = 8 bytes | Modified Date = 12/31/2007 12:15:50 PM | Attr = ]
sdfixwcs.dll -> %System32%\sdfixwcs.dll -> [Ver = | Size = 5 bytes | Modified Date = 1/12/2008 8:13:34 AM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 12/18/2007 5:39:08 PM | Attr = ]
WBEM -> %System32%\WBEM -> [Folder | Modified Date = 12/18/2007 7:08:36 PM | Attr = ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 12/31/2007 11:46:18 AM | Attr = ]
wuasirvy.dll -> %System32%\wuasirvy.dll -> [Ver = | Size = 104 bytes | Modified Date = 1/12/2008 9:33:44 AM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/20/2007 6:21:58 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 12/20/2007 6:21:44 PM | Attr = ]
ETC -> %System32%\drivers\ETC -> [Folder | Modified Date = 12/31/2007 11:47:32 AM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Modified Date = 12/17/2007 6:04:32 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 12/13/2007 9:26:52 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 12/4/2007 1:00:44 AM | Attr = ]
winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
FSG! , -> %System32%\Wgqzgek1.xml -> [Ver = | Size = 398742 bytes | Modified Date = 1/28/2005 11:04:00 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 9/11/2006 10:56:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 12/21/2006 2:18:00 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 10/23/2007 6:15:04 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >

#48
kahdah

Posted 13 January 2008 - 09:24 AM

GeekU Teacher

Retired Staff
15,822 posts

I will need you to download this firewall and install it.
Zone Alarm.

This link will explain how to use firewalls to better understand them, Firewall tutorial
==============
Once installed I would like you to click on the Firewall tab on the left.
Then click big Stop button at the top.
This will block all internet access for now.
When we are done with this fix you can reenable it.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
====================

Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Windows\System32\kdets.exe
C:\Windows\System32\rasqervy.dll
C:\Windows\System32\sdfinacs.dll
C:\Windows\System32\sdfixwcs.dll
C:\Windows\System32\wuasirvy.dll
C:\Windows\System32\Wgqzgek1.xml
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Click "Exit" to close OTMoveIt.

**When ready to Reply on the forum, please Paste the content of the latest log which is located at the root of the drive where the OTMoveIt folder is:
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==========================
After that please run Fixwareout and save that log

and after that please run Combofix again while you are still disconnected from the internet.
==================================================
After that click on the Stop button within the Firewall sttings and then post the OTMove it log and the Fixwareout log and the Combofix log.

#49
PixelHappy

Posted 13 January 2008 - 12:21 PM

Member

Topic Starter
Member
47 posts

The MoveIt log cannot be found.

Username "Jamie Silva" - 01/13/2008 11:24:49 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdets.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.91 85.255.112.238" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0CCE52FE-DABB-456A-B05F-7992A3973928}
"nameserver"="85.255.113.91,85.255.112.238" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{63C84492-5472-4FB3-A898-08A82CAFA0AD}
"nameserver"="85.255.113.91,85.255.112.238" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}
"DhcpNameServer"="85.255.113.91,85.255.112.238" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{63C84492-5472-4FB3-A898-08A82CAFA0AD}
"DhcpNameServer"="85.255.113.91,85.255.112.238" <Value cleared.

Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\TEMP\kdets.ren 76288 06/13/2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"RegistryMechanic"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
C:\WINDOWS\System32\AUTOEXEC.NT missing
~~~~~ End report ~~~~~

ComboFix 08-01-13.1 - Jamie Silva 2008-01-13 11:37:34.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.830 [GMT -5:00]
Running from: C:\Documents and Settings\Jamie Silva\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msacm32.drv
C:\WINDOWS\system32\sdfixwcs.dll
C:\WINDOWS\system32\wuasirvy.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 11:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 11:17 . 2008-01-13 11:45 159,776 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-01-13 11:17 . 2008-01-13 11:25 1,628 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-01-13 11:16 . 2008-01-13 11:16 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-01-13 11:15 . 2008-01-13 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-13 11:15 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-13 11:15 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll
2008-01-13 11:15 . 2008-01-13 11:16 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2008-01-06 11:07 . 2008-01-06 11:07 <DIR> d-------- C:\Documents and Settings\Jamie Silva\Application Data\Grisoft
2008-01-06 11:07 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-01-05 20:32 . 2008-01-05 20:33 <DIR> d-------- C:\Documents and Settings\Jamie Silva\DoctorWeb
2007-12-29 16:58 . 2007-12-29 16:58 <DIR> d-------- C:\Deckard
2007-12-28 14:10 . 2007-12-28 14:10 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-28 13:40 . 2007-12-28 13:40 <DIR> d-------- C:\Program Files\Common Files\BCL Technologies
2007-12-28 13:40 . 2007-12-28 13:40 <DIR> d-------- C:\Program Files\BCL Technologies
2007-12-28 12:40 . 2007-12-28 12:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 14:42 . 2007-12-24 14:42 <DIR> d-------- C:\Program Files\Bonjour
2007-12-24 14:26 . 2007-12-24 14:26 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-18 17:39 . 2007-12-18 17:39 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-18 17:39 . 2007-12-18 17:39 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-17 18:24 . 2006-06-03 06:40 33,792 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2007-12-17 18:04 . 2007-12-17 18:04 250 --a------ C:\WINDOWS\gmer.ini
2007-12-13 19:19 . 2007-12-13 19:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-12-13 19:19 . 2007-12-13 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 16:05 --------- d-----w C:\Documents and Settings\Jamie Silva\Application Data\AVG7
2008-01-06 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-05 21:00 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-01 15:47 --------- d-----w C:\Documents and Settings\Jamie Silva\Application Data\SUPERAntiSpyware.com
2008-01-01 15:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 20:57 47,896 ----a-w C:\Documents and Settings\Jamie Silva\Application Data\GDIPFONTCACHEV1.DAT
2007-12-24 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-18 23:44 --------- d-----w C:\Program Files\QuickTime
2007-12-14 21:15 --------- d-----w C:\Program Files\Google
2007-12-12 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-28 00:26 --------- d-----w C:\Program Files\SmartDraw 2008
2007-11-28 00:11 --------- d-----w C:\Program Files\LimeWire
2007-11-25 17:57 --------- d-----w C:\Program Files\Lavasoft
2007-11-25 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-23 00:00 --------- d-----w C:\Documents and Settings\Jamie Silva\Application Data\BitTorrent
2007-11-14 21:05 1,086,952 ----a-w C:\WINDOWS\SYSTEM32\zpeng24.dll
2007-11-14 07:26 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 22:39 230,912 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 22:39 230,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-27 22:37 2,109,440 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmvcore.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-13 11:16 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-13 11:16 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 18:21 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 18:15 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-07 18:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
--a------ 2007-04-03 08:54 753664 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;C:\CFusionMX7\db\slserver54\bin\swagent.exe "ColdFusion MX 7 ODBC Agent" []
R2 KodakSvc;Kodak AiO Device Service;"C:\Program Files\Kodak\printer\center\KodakSvc.exe" [2007-03-22 18:04]
S4 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;"C:\CFusionMX7\runtime\bin\jrunsvc.exe" [2006-06-13 10:30]
S4 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;C:\CFusionMX7\db\slserver54\bin\swstrtr.exe "ColdFusion MX 7 ODBC Server" []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 00:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-06 22:18:11 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 11:45:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 11:47:26
ComboFix-quarantined-files.txt 2008-01-13 16:47:08
ComboFix2.txt 2007-12-31 16:50:06
ComboFix3.txt 2007-12-17 23:03:45
ComboFix4.txt 2007-12-17 01:07:35
.
2008-01-10 08:02:32 --- E O F ---

#50
kahdah

Posted 13 January 2008 - 12:34 PM

GeekU Teacher

Retired Staff
15,822 posts

Please also delete the DRweb cure it that I had you download before and the n:
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Post that log in your next reply.

#51
kahdah

Posted 23 July 2008 - 07:04 PM

GeekU Teacher

Retired Staff
15,822 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.