Thread: reformatted after winsock takeover, still having problems
View Single Post
Old 01-12-2006, 09:54 PM   #23 (permalink)
tinkerbellnhl
Registered User
 
Join Date: Jan 2006
Posts: 25
OS: Windows XP


Red Faced
The Doug Knox utility was not formatted to work with your instructions. You said to check the "System Security" tab and then see if I can take control of the firewall. You can highlight the System Security in the left column, but then there are several boxes which you can check on the right side. I'm not sure which ones I am supposed to check.

As for the Root Kit, here is the log:

HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{231CBD2D-D5CD-4FD8-95F2-DF0E0C3F06CE} 1/12/2006 9:56 PM 164 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\bobbie\Local Settings\Temporary Internet Files\Content.IE5\8HYJ8TE7\mail[1].htm 1/12/2006 9:59 PM 680 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\bobbie\Local Settings\Temporary Internet Files\Content.IE5\8HYJ8TE7\mail[2].htm 1/12/2006 10:01 PM 680 bytes Hidden from Windows API.
C:\Documents and Settings\bobbie\Local Settings\Temporary Internet Files\Content.IE5\8HYJ8TE7\test[1].htm 1/12/2006 10:37 PM 449 bytes Visible in Windows API, MFT, but not in directory index.
C:\WINDOWS\Temp\5ff8_appcompat.txt 1/12/2006 10:28 PM 0 bytes Hidden from Windows API.
tinkerbellnhl is offline