Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How Can I Remove Registry Keys?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Chingoo

Chingoo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 27 December 2007 - 01:58 AM

I am having some trouble with my computer, but the sum of it is that i need to delete a registry key, HKLM/Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

If anyone can help me out that would be great. I thank you in advance.

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:17 AM

Posted 27 December 2007 - 02:16 AM

Why do you need to remove the key? What kind of problem are you having with the computer.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Chingoo

Chingoo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 27 December 2007 - 02:33 AM

My computer was doing strange things this morning. It was giving me an error message that wowfx.dll image could not be read and the same for shell.exe
I don't have access to my control panel since it seems to be removed from the menu. Its the same trouble as this person was having.
http://www.bleepingcomputer.com/forums/t/122525/wowfxdll-shellexe-and-cant-install-or-change-settings/ if you follow the link it will explain everything, only my problem is slightly different. I found something in the log produced by the dss highjackthis.

this is what it showed:

Deckard's System Scanner v20071014.68
Run by Valera on 2007-12-27 00:00:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Valera.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:00:08 AM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\lsass.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\mgrs.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\WINDOWS\system32\tbctray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\lsass .exe
C:\DOCUME~1\Valera\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\WINDOWS\avp .exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray .exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent .exe
C:\Program Files\QuickTime\qttask .exe
C:\PROGRA~1\mcafee.com\agent\McUpdate .exe
C:\WINDOWS\system32\tbctray .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray .exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
c:\progra~1\mcafee.com\vso\mcmnhdlr .exe
C:\WINDOWS\system32\msiexec.exe
G:\dss.exe
C:\DOCUME~1\Valera\MYDOCU~1\programs\HIJACK~1\Valera.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6060913
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6060913
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebcy.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\iifgfgg.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Psfgadeq\rytfvixn.dll
O2 - BHO: (no name) - {BD0B529F-A945-4ECB-AB61-79BFD7BDAE19} - C:\WINDOWS\system32\gebcy.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC .exe" /tray
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [mlclclyz] rundll32.exe "C:\Program Files\mlclclyz\whkrqnsh.dll",Init
O4 - HKLM\..\Run: [oxqtotel] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\oxqtotel.dll"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsec.dll,startup
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp .exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164478609062
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: iifgfgg - C:\WINDOWS\SYSTEM32\iifgfgg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


-- Files created between 2007-11-27 and 2007-12-27 -----------------------------

2007-12-26 23:42:49 9728 --a------ C:\WINDOWS\shell.exe
2007-12-26 23:42:47 9728 --a------ C:\WINDOWS\system32\
2007-12-26 23:42:10 9728 --a------ C:\WINDOWS\system32\spoolvs .exe
2007-12-26 23:28:53 9728 --a------ C:\WINDOWS\system32\spoolvs.exe
2007-12-26 23:20:04 0 d-------- C:\Documents and Settings\Valera\Application Data\PC Tools
2007-12-26 23:04:23 0 d-------- C:\Program Files\PC Tools AntiVirus
2007-12-26 23:04:23 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-12-26 22:10:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 22:01:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 14:09:23 0 d-------- C:\Program Files\Ultimate Defender
2007-12-26 14:08:18 21504 --a------ C:\WINDOWS\avp .exe
2007-12-26 14:08:15 26624 --a------ C:\WINDOWS\lsass .exe
2007-12-26 10:32:36 348160 --a------ C:\WINDOWS\system32\gebcy.exe
2007-12-26 10:32:27 7118 --ahs---- C:\WINDOWS\system32\ycbeg.ini2
2007-12-26 10:32:20 344576 --a------ C:\WINDOWS\system32\gebcy.dll
2007-12-26 03:51:30 9728 --a------ C:\Documents and Settings\Valera\Application Data\printer.exe
2007-12-26 03:48:30 0 d-------- C:\Program Files\Ultimate Cleaner
2007-12-26 03:45:13 375808 --a------ C:\WINDOWS\lsass.exe
2007-12-26 03:45:13 26624 -r-hs---- C:\Program Files\lsass.exe
2007-12-26 03:45:13 0 d-------- C:\Program Files\Helper
2007-12-26 03:45:02 14900 --a------ C:\Program Files\3269.exe
2007-12-26 03:44:47 10240 --a------ C:\Program Files\spoolsv.exe
2007-12-25 17:50:32 0 d-------- C:\Program Files\avisplit
2007-12-19 04:34:50 299008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2007-12-19 04:34:50 0 d-------- C:\Program Files\Lame MP3 Codec
2007-12-19 04:34:42 0 d-------- C:\Program Files\XviDypt9
2007-12-19 04:33:36 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-12-19 04:33:36 188416 --a------ C:\WINDOWS\system32\vorbis.dll
2007-12-19 04:33:36 110592 --a------ C:\WINDOWS\system32\tg_dump.dll
2007-12-19 04:33:36 200704 --a------ C:\WINDOWS\system32\muzwmts.dll
2007-12-19 04:33:35 237568 --a------ C:\WINDOWS\system32\OggDS.dll
2007-12-19 04:33:35 45056 --a------ C:\WINDOWS\system32\Ogg.dll
2007-12-19 04:33:35 163840 --a------ C:\WINDOWS\system32\muzapp.exe
2007-12-19 04:33:35 135168 --a------ C:\WINDOWS\system32\muzaf1.dll
2007-12-19 04:32:51 0 d-------- C:\Documents and Settings\Valera\Application Data\InstallShield
2007-12-19 04:28:38 110592 --a------ C:\WINDOWS\system32\TG_VIEW0607.DLL
2007-12-19 04:28:38 90112 --a------ C:\WINDOWS\system32\TG_SYNC.DLL
2007-12-19 04:28:38 90112 --a------ C:\WINDOWS\system32\TG_DUMP0611.DLL
2007-12-19 04:28:38 90112 --a------ C:\WINDOWS\system32\SMIIMG.DLL
2007-12-19 04:26:59 65024 --a------ C:\WINDOWS\IFinst26.exe
2007-12-19 04:25:52 57344 --a------ C:\WINDOWS\system32\MTXSYNCICON.dll
2007-12-19 04:25:52 155648 --a------ C:\WINDOWS\system32\MSFLib.dll
2007-12-19 04:25:52 245760 --a------ C:\WINDOWS\system32\MSCLib.dll
2007-12-19 04:25:50 40960 --a------ C:\WINDOWS\system32\MTTELECHIP.dll
2007-12-19 04:25:50 364544 --a------ C:\WINDOWS\system32\MASetupWizard.dll
2007-12-19 04:25:50 24576 --a------ C:\WINDOWS\system32\MASetupCleaner.exe
2007-12-19 04:25:49 57344 --a------ C:\WINDOWS\system32\MK_Lyric.dll
2007-12-19 04:25:49 45056 --a------ C:\WINDOWS\system32\MaXMLProto.dll
2007-12-19 04:25:49 106609 --a------ C:\WINDOWS\system32\MaJUtilLib.dll
2007-12-19 04:25:49 49152 --a------ C:\WINDOWS\system32\MaJGUILib.dll
2007-12-19 04:25:49 45056 --a------ C:\WINDOWS\system32\MACXMLProto.dll
2007-12-19 04:25:46 40960 --a------ C:\WINDOWS\system32\MAMACExtract.dll
2007-12-19 04:25:46 0 d-------- C:\Program Files\MarkAny
2007-12-19 04:25:39 118784 --a------ C:\WINDOWS\system32\MaDRM.dll
2007-12-19 04:25:36 0 d-------- C:\Program Files\Samsung
2007-12-19 03:23:01 0 d--hs---- C:\WINDOWS\Installer
2007-12-19 01:52:00 0 d-------- C:\Program Files\MSXML 4.0


-- Find3M Report ---------------------------------------------------------------

2007-12-26 23:41:44 0 d-------- C:\Program Files\QuickTime
2007-12-26 23:41:16 0 d-------- C:\Program Files\Messenger
2007-12-26 22:38:17 0 d-------- C:\Documents and Settings\Valera\Application Data\uTorrent
2007-12-26 22:10:26 0 d-------- C:\Program Files\Lavasoft
2007-12-26 22:01:02 0 d-------- C:\Program Files\Common Files
2007-12-26 14:07:57 701440 --a------ C:\WINDOWS\system32\tbctray.exe
2007-12-26 14:07:53 370688 --a------ C:\WINDOWS\avp.exe
2007-12-19 04:33:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-01 07:53:35 0 d-------- C:\Documents and Settings\Valera\Application Data\Adobe
2007-11-01 07:52:41 0 d-------- C:\Documents and Settings\Valera\Application Data\Canon


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
12/26/2001 03:42 AM 35328 --a------ C:\WINDOWS\system32\iifgfgg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
12/26/2001 03:43 AM 110592 --a------ C:\Program Files\Psfgadeq\rytfvixn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD0B529F-A945-4ECB-AB61-79BFD7BDAE19}]
12/26/2007 10:32 AM 344576 --a------ C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/26/2007 11:41 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [12/26/2007 11:41 PM]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC .exe" [12/26/2007 11:41 PM]
"MBMon"="CTMBHA.DLL" [05/19/2005 10:54 AM C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [12/26/2007 11:29 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 04:20 AM C:\WINDOWS\stsystra.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" [12/26/2007 11:41 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [12/26/2007 11:29 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/26/2007 11:29 PM]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [12/26/2007 11:29 PM]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [12/26/2007 11:41 PM]
"mlclclyz"="C:\Program Files\mlclclyz\whkrqnsh.dll" [12/26/2001 03:42 AM]
"oxqtotel"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\oxqtotel.dll" []
"CTDrive"="C:\WINDOWS\system32\drvsec.dll" [12/26/2001 03:43 AM]
"avp"="C:\WINDOWS\avp .exe" [12/26/2007 11:41 PM]
"lsass"="C:\WINDOWS\lsass .exe" [12/26/2007 11:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [12/26/2007 11:41 PM]
"Printer"="C:\WINDOWS\system32\printer.exe" [04/29/2005 11:07 PM]
"smgr"="mgrs.exe" [12/26/2001 03:44 AM C:\WINDOWS\mgrs.exe]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [12/26/2007 11:41 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [12/26/2007 11:41 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [12/26/2007 11:41 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [12/26/2007 11:41 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [12/26/2007 11:41 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [12/26/2007 11:41 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [12/26/2007 11:41 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [12/26/2007 11:41 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [09/26/2005 06:34 PM]
"TraySantaCruz"="C:\WINDOWS\system32\tbctray .exe" [12/26/2007 11:41 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" []
"SetDefaultMIDI"="MIDIDef.exe" [12/22/2004 06:40 PM C:\WINDOWS\MIDIDEF.EXE]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [12/26/2007 11:41 PM]
"Windows update loader"="C:\Windows\xpupdate.exe" []
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" [04/29/2005 11:07 PM]

C:\Documents and Settings\Valera\Start Menu\Programs\Startup\
findfast .exe [12/26/2007 11:42:58 PM]
findfast .exe [12/26/2007 11:41:13 PM]
findfast .exe [12/26/2007 11:41:14 PM]
findfast.exe [4/29/2005 11:07:16 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
autorun.exe [4/24/2005 6:39:15 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [8/3/2007 10:10:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [11/23/2004 04:51 PM 192512]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\iifgfgg.dll [12/26/2001 03:42 AM 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\shell.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgfgg]
iifgfgg.dll 12/26/2001 03:42 AM 35328 C:\WINDOWS\system32\iifgfgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyp32]
winjyp32.dll 12/26/2001 03:42 AM 24576 C:\WINDOWS\system32\winjyp32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
C:\Dell\DellHelp\DellHelp.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
Rundll32 CTMBHA.DLL,MBMon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
"C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Labs Licensing Service"=3 (0x3)
"MpfService"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"ose"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"iPodService"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002a170e-70db-11db-93e9-001372e4b90b}]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002a170f-70db-11db-93e9-001372e4b90b}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09dc77d8-319c-11dc-899c-001372e4b90b}]
AutoRun\command- PortableApps\PortableAppsMenu\PortableAppsMenu.exe




-- End of Deckard's System Scanner: finished at 2007-12-27 00:01:15 ------------





among other things this particularly I found curious

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)



In advance I thank you for your help.

Oh I also forgot to mention that I am unable to install any software including antivirus which was not previously installed.

Edited by Chingoo, 27 December 2007 - 03:20 AM.


#4 Chingoo

Chingoo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 27 December 2007 - 03:21 AM

I am using hijackthis but I really dont know what to delete.

Edited by Chingoo, 27 December 2007 - 03:23 AM.


#5 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:01:17 PM

Posted 27 December 2007 - 04:17 AM

Hi Chingoo,

Sorry to hear about your problem...BUT you posted that HJT log in the wrong place.

DO NOT TAKE ANY ADVICE GIVEN IN THIS FORUM IN REGARDS TO YOUR HJT LOG!

I'm going to contact a Moderator and have your topic moved to the Malware forum.

♥ Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:17 AM

Posted 27 December 2007 - 04:36 AM

Wendy, I've already left a PM for a moderator and will have to wait until later this morning to have it moved.

I would like to make a clarification in regards to your statement regarding not taking any advice from anyone in this forum. I think what you were trying to convey was that no changes should be made until the log has been read, and then to only make changes that are suggested by the person reading the log.

Edited by dc3, 27 December 2007 - 04:40 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:12:17 AM

Posted 27 December 2007 - 04:48 AM

Yeah.
Its alot safer to post stuff involving HiJack this in the HJT and Malware removal forum

Teenage.Zombiee is back ! :halloween:


#8 Chingoo

Chingoo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 27 December 2007 - 05:01 AM

oops

Wendy, thank you so much. I actually solved the problem so that will not be needed. :flowers: Thank you for your help. :thumbsup:
Teenage.Zombiee and dc3 thank you also.

As soon as I was able to install some anti virus and spyware remover everything worked just fine. Im still not exactly sure what was responsible for preventing me from installing software but as soon as i know i will be sure to post it here.

Edited by Chingoo, 27 December 2007 - 05:12 AM.


#9 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:12:17 AM

Posted 27 December 2007 - 05:21 AM

Your most welcome Chingoo

Teenage.Zombiee is back ! :halloween:


#10 hamluis

hamluis

    Moderator


  • Moderator
  • 55,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:17 AM

Posted 27 December 2007 - 08:22 AM

Addendum, worth reading for some. Note the date of the original article, it's now 4 years later and the negative aspects of malware have only increased.

http://www.microsoft.com/windowsxp/using/s...tt_spyware.mspx

Louis

#11 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:09:17 AM

Posted 27 December 2007 - 11:06 AM

Since this problem is resolved - this topic is closed.

http://www.bleepingcomputer.com/forums/ind...st&p=695596
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users