Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager Locked, No Shutdown/restart Buttons


  • Please log in to reply
11 replies to this topic

#1 Immediate

Immediate

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 02 June 2006 - 10:20 PM

my original problem was that my internet explorer was blocked and would not respond to any clicking, however it would show up in task manager. i found that netscape nav. would still work fine. i made my original post on this site in netscape but then when i closed netscape it would not open again. i did however manage to download ewido and windows defender before i closed it. then my taskbar became locked. after numerous scans, i believe these have enabled my internet browsers to work again. however my browser is now hijacked with the address "securityuptodate.net" with a bunch of links all over the page to "visit website." my taskbar is still locked and there are no shutdown and restart buttons. only a log off button. the run command is disabled as well. regedit is also blocked by the adware. the computer's clock is stuck in 24 hour time with ??????? instead of the date. thanks for the help

EDIT: i tried to follow the self help removal of spy quake and i when i ran roguescanfix i got a message that says " !! bfu.exe is not present!! please report this to the helper on the forum"

Logfile of HijackThis v1.99.1
Scan saved at 23:04:00 ??????, on 6/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\114929~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\114929~1\EE\AOLServiceHost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jake Page\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149296951\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Startup: Axis & Allies Registration.lnk = C:\Documents and Settings\Jake Page\Local Settings\Temp\{2497B9F6-7CC2-4B26-8642-86FA63A5B01D}\{47836B39-2465-4F39-9D7E-52F70A1C3D72}\ATR1.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

EDIT: June 3. My task manager is ok now and i can use regedit. everything is fine except no restart/shut down buttons, clock messed up, and hijacked browser.

Edited by Immediate, 03 June 2006 - 02:40 PM.


BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 June 2006 - 08:02 AM

Hi Immediate and Welcome to the Bleeping Computer!


Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).

Please download the trial version of ewido anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Close ewido anti-malware.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the Check Now button.
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When the download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

#3 Immediate

Immediate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 06 June 2006 - 03:01 PM

my IE browser is not locked anymore. the clock is still broken and there are no shutdown and restart buttons.

ewido
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 16:28:23 ??????, 6/5/2006
+ Report-Checksum: 3BB45A5A

+ Scan result:

:mozilla.24:C:\Documents and Settings\Jake Page\Application Data\Netscape\NSB\Profiles\tcthcf9z.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jake Page\Application Data\Netscape\NSB\Profiles\tcthcf9z.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jake Page\Application Data\Netscape\NSB\Profiles\tcthcf9z.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Jake Page\Application Data\Netscape\NSB\Profiles\tcthcf9z.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Jake Page\Application Data\Netscape\NSB\Profiles\tcthcf9z.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Jake Page\Application Data\Netscape\NSB\Profiles\tcthcf9z.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Jake Page\Application Data\Netscape\NSB\Profiles\tcthcf9z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Jake Page\Application Data\Netscape\NSB\Profiles\tcthcf9z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jake Page\Cookies\jake page@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\WINDOWS\system32\Win1145695.exe -> Worm.VB.ee : Cleaned with backup


::Report End

Panda

Incident Status Location

Adware:adware/emediacodec Not disinfected Windows Registry
Adware:adware/securitytoolbar Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jake Page\Application Data\Netscape\NSB\Profiles\tcthcf9z.default\Cache\3EFBEAA3d01[smitRem/Process.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jake Page\Cookies\jake page@2o7[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jake Page\Cookies\jake page@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jake Page\Cookies\jake page@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jake Page\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jake Page\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jake Page\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jake Page\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

smitfiles

smitRem © log file
version 2.9

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Mon 06/05/2006
The current time is: 15:49:43.79

Running from
C:\Documents and Settings\Jake Page\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

Security Toolbar


~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

regperf.exe
simpole.tlb
stdole3.tlb
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp
hp***.tmp


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 916 'explorer.exe'
Killing PID 916 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:

hijack this
Logfile of HijackThis v1.99.1
Scan saved at 15:57:13 ??????, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\114929~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\114929~1\EE\AOLServiceHost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\files\PFILES\COMMON\MSSHARED\DW\dw20.exe
C:\WINDOWS\ehome\ehshell.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\worldbuilder.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jake Page\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149296951\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Startup: Axis & Allies Registration.lnk = C:\Documents and Settings\Jake Page\Local Settings\Temp\{2497B9F6-7CC2-4B26-8642-86FA63A5B01D}\{47836B39-2465-4F39-9D7E-52F70A1C3D72}\ATR1.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

thanks for the assistance. it is almost clear now!

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 June 2006 - 05:31 PM

Ill have to do some looking around for an answer to the clock and Start Button issues.


Download WinPFind to your C Drive.
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart Normal and Post those results.

#5 Immediate

Immediate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 07 June 2006 - 08:22 PM

internet explorer and netscape take a long time to open, anywhere from 45 seconds to 2 minutes. still no
shutdown and restart buttons. clock still broken.

winpfind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
qoologic 6/7/2006 9:53:38 ?????? 204131 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack 7/22/2005 7:59:04 ?????? 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
PEC2 8/10/2004 11:00:00 ?????? 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 5/23/2006 5:26:00 ?????? 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 5/3/2006 9:26:24 ?????? 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/3/2006 9:26:24 ?????? 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/10/2004 11:00:00 ?????? 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/10/2004 11:00:00 ?????? 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 4/27/2006 5:49:30 ?????? 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
UPX! 1/9/2006 10:36:04 ?????? 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 1/9/2006 10:36:06 ?????? 40960 C:\WINDOWS\SYSTEM32\swsc.exe
winsync 8/10/2004 11:00:00 ?????? 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 5/23/2006 5:25:52 ?????? 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\backup_of_hosts


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/7/2006 8:50:50 ?????? S 2048 C:\WINDOWS\bootstat.dat
6/6/2006 1:57:22 ?????? H 54156 C:\WINDOWS\QTFont.qfn
5/22/2006 2:23:42 ?????? H 0 C:\WINDOWS\inf\oem19.inf
4/18/2006 3:17:08 ?????? S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
5/23/2006 5:27:00 ?????? S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
5/23/2006 5:27:00 ?????? S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\_000000_.cat
6/7/2006 8:50:54 ?????? H 16384 C:\WINDOWS\system32\config\default.LOG
6/7/2006 8:51:22 ?????? H 1024 C:\WINDOWS\system32\config\SAM.LOG
6/7/2006 8:50:52 ?????? H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
6/7/2006 8:51:24 ?????? H 86016 C:\WINDOWS\system32\config\software.LOG
6/7/2006 8:50:56 ?????? H 1028096 C:\WINDOWS\system32\config\system.LOG
6/5/2006 5:11:00 ?????? H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
6/2/2006 9:35:40 ?????? S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
6/2/2006 9:35:40 ?????? S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
5/21/2006 2:32:44 ?????? H 262144 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
5/21/2006 2:32:44 ?????? H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
5/21/2006 2:34:42 ?????? HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
5/21/2006 2:34:42 ?????? HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
5/21/2006 2:34:42 ?????? HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
5/21/2006 2:57:58 ?????? RHS 1783 C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv8000 (EU009UA#ABA)_YN_0Pavi_QCND615061H_E398811002_46_I30A6_SHP_V56.24_BF.09_T060313_WXP2_L409_M1023_J100_7Intel_8T2300_91.66_#060222_N80861092_(EU009UA#ABA)_XMOBILE_CN10_Z_2F.09.MRK
6/6/2006 8:24:36 ?????? HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\f0a0dcca-0db0-463d-82f6-dcf28f8ab7d5
6/6/2006 8:24:36 ?????? HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
5/21/2006 2:34:32 ?????? HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\14e441ae-9e58-4543-a68f-14dc5a5d6ab5
5/21/2006 2:34:32 ?????? HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1c798269-43c5-49e9-aa17-8d18ccb28aae
5/21/2006 2:34:32 ?????? HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\372b3c73-4a71-456b-ace2-b57322d2ab5d
5/21/2006 2:34:32 ?????? HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
6/7/2006 8:54:02 ?????? H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
6/7/2006 8:42:12 ?????? H 6 C:\WINDOWS\Tasks\SA.DAT
6/6/2006 11:02:58 ?????? HS 113 C:\WINDOWS\temp\History\History.IE5\desktop.ini
6/6/2006 11:02:58 ?????? HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini
6/6/2006 11:02:58 ?????? HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\0XED6INL\desktop.ini
6/6/2006 11:02:58 ?????? HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\9AMOXD3W\desktop.ini
6/6/2006 11:02:58 ?????? HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\GEQX5MXT\desktop.ini
6/6/2006 11:02:58 ?????? HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\QZJD5HIR\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/10/2004 11:00:00 ?????? 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation7/27/2004 8:50:48 ?????? 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 5:03:50 ?????? 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
12/15/2005 7:42:00 ?????? 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 6/2/2006 9:10:14 ?????? 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Hewlett-Packard Development Company, L.P.12/7/2005 2:35:08 ?????? 47104 C:\WINDOWS\SYSTEM32\WACntlPnl.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 ?????? 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 ?????? 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/17/2005 12:59:34 ?????? HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
2/22/2006 5:17:46 ?????? 798 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/17/2005 5:45:06 ?????? HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
2/22/2006 5:18:24 ?????? 373 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
5/23/2006 12:46:04 ?????? 1460 C:\Documents and Settings\Jake Page\Start Menu\Programs\Startup\Axis & Allies Registration.lnk
8/17/2005 12:59:34 ?????? HS 84 C:\Documents and Settings\Jake Page\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
8/17/2005 5:45:06 ?????? HS 62 C:\Documents and Settings\Jake Page\Application Data\desktop.ini
5/31/2006 11:28:32 ?????? 187 C:\Documents and Settings\Jake Page\Application Data\G-Force Prefs (WindowsMediaPlayer).txt

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ab7158b-4bff-4160-ad7d-4d622df548cf}
Nothing = C:\WINDOWS\system32\hp100.tmp
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray C:\WINDOWS\ehome\ehtray.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nwiz nwiz.exe /installquiet /nodetect
High Definition Audio Property Page Shortcut CHDAudPropShortcut.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
HP Software Update C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
hpWirelessAssistant C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

QPService "C:\Program Files\HP\QuickPlay\QPService.exe"
eabconfg.cpl C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
Cpqset C:\Program Files\HPQ\Default Settings\cpqset.exe
RecGuard C:\Windows\SMINST\RecGuard.exe
Reminder C:\Windows\CREATOR\Remind_XP.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
HostManager C:\Program Files\Common Files\AOL\1149296951\EE\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AOL Fast Start "C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
dcomcfg.exe dcomcfg.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoRun 
NoClose 
NoLogOff 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskmgr 0
DisableRegistryTools 0
Shutdown 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/7/2006 8:58:50 ??????


#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 June 2006 - 08:45 PM

I need another look at the SmitFraud infection,it doesnt appear to be fully cured.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

#7 Immediate

Immediate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 08 June 2006 - 09:19 AM

here is smitfraud. one other new issue i am having is that in internet explorer is about 75% of the links i click IE locks up for about 45 seconds, then it unlocks and it doesnt go to the link i clicked. netscape does not have this problem, but they are both still slow when opening.

SmitFraudFix v2.53

Scan done at 10:12:24.43, Thu 06/08/2006
Run from C:\Documents and Settings\Jake Page\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jake Page\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JAKEPA~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 June 2006 - 06:41 PM

Im attaching a Zip folder to this post,download to the desktop and unzip.

Inside is a file labled Clr.reg

Restart in Safe Mode and double click Clr.reg and allow it to merge into the registry.



Restart the Machine and Please run the F-Secure Online Scanner
  • Follow the directions in the F-Secure page for proper Installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Custom Scan and be sure the following are checked.
    • Scan whole System
    • Scan all files
    • Scan whole system for rootkits
    • Scan whole system for spyware
    • Scan inside archives
    • Use advanced heuristics
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the I want to decide item by item button.
  • For each item found,Select Disinfect and Click Next
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Tell me if you see a difference in the clock or shutdown and restart buttons?

Attached Files

  • Attached File  Clr.zip   294bytes   7 downloads


#9 Immediate

Immediate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 12 June 2006 - 03:16 PM

F-Secure

Scanning Report
Monday, June 12, 2006 12:27:59 - 16:09:40

Computer name: JAKE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\
Result: 13 malware found
P2P-Worm.Win32.VB.ee (virus)

* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04DB446D.exe (Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04DF6E6A.exe (Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04E54263.exe (Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04E86C5F.exe (Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04EC165B.exe (Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04EF4058.exe (Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04F26A54.exe (Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04F51451.exe (Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12293E48.exe (Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63825845.exe (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System

W32/Spybot.ABWM (virus)

* C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\WorldBuilder.exe

Statistics
Scanned:

* Files: 241648
* System: 5350
* Not scanned: 33

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 12
* Submitted: 10

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\SAVRT\0067NAV~.TMP
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
* C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
* C:\Program Files\Call of Duty\Main\pak2.pk3\sound\
* C:\I386\BIOS1.RO_
* C:\DOCUMENTS AND SETTINGS\ALL USERS.LOG
* C:\DOCUMENTS AND SETTINGS\DEFAULT USER.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\WEBROOT\SPY SWEEPER\TEMP\SSCS00C6DE54-5B00-4190-92AB-FA8963E5966F.TMP
* C:\DOCUMENTS AND SETTINGS\JAKE PAGE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\JAKE PAGE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{E3E014D8-9571-4014-A7C2-4E38E06B34F2}
* C:\DOCUMENTS AND SETTINGS\JAKE PAGE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\JAKE PAGE\APPLICATION DATA\NETSCAPE\NSB\PROFILES\TCTHCF9Z.DEFAULT\PARENT.LOCK
* C:\DOCUMENTS AND SETTINGS\JAKE PAGE\APPLICATION DATA\NETSCAPE\NSB\PROFILES\TCTHCF9Z.DEFAULT\CACHE\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\JAKE PAGE\APPLICATION DATA\NETSCAPE\NSB\PROFILES\TCTHCF9Z.DEFAULT\CACHE\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\JAKE PAGE\APPLICATION DATA\NETSCAPE\NSB\PROFILES\TCTHCF9Z.DEFAULT\CACHE\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\0102\0314\VALUES
* C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock
* C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock
* C:\AUDIOS\NEXTLEVEL+EXTRA5_01_CHP07.MP3
* D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\REFSPCL.TTF

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-06-12
* F-Secure Libra: 2.4.1, 2006-06-10
* F-Secure Orion: 1.2.37, 2006-06-12
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Pegasus: 1.19.0, 2006-00-19
* F-Secure Draco: 1.0.35, 0259-24-212

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics
-------------------------------------------------------------
I see no difference with the shutdown restart buttons. they are still not there. however internet explorer and netscape now execute correctly.

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 June 2006 - 07:52 PM

Go to Safe Mode and Scan with WinPFind again,restart and post those results.

#11 Immediate

Immediate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 21 June 2006 - 10:08 PM

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
qoologic 6/7/2006 9:53:38 ?????? 204131 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack 7/22/2005 7:59:04 ?????? 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
PEC2 8/10/2004 11:00:00 ?????? 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 5/23/2006 5:26:00 ?????? 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 6/8/2006 9:19:50 ?????? 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 6/8/2006 9:19:50 ?????? 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/10/2004 11:00:00 ?????? 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/10/2004 11:00:00 ?????? 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 4/27/2006 5:49:30 ?????? 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
UPX! 1/9/2006 10:36:04 ?????? 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 1/9/2006 10:36:06 ?????? 40960 C:\WINDOWS\SYSTEM32\swsc.exe
winsync 8/10/2004 11:00:00 ?????? 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 5/23/2006 5:25:52 ?????? 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\backup_of_hosts


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/21/2006 10:50:38 ?????? S 2048 C:\WINDOWS\bootstat.dat
5/22/2006 2:23:42 ?????? H 0 C:\WINDOWS\inf\oem19.inf
6/20/2006 1:38:28 ?????? H 0 C:\WINDOWS\LastGood\INF\Erma.inf
6/20/2006 1:38:28 ?????? H 0 C:\WINDOWS\LastGood\INF\Erma.PNF
6/20/2006 1:38:26 ?????? H 0 C:\WINDOWS\LastGood\INF\oem22.inf
6/20/2006 1:38:26 ?????? H 0 C:\WINDOWS\LastGood\INF\oem22.PNF
5/14/2006 6:21:52 ?????? S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
5/5/2006 10:22:46 ?????? S 12227 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914389.cat
5/29/2006 12:16:00 ?????? S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
5/18/2006 3:15:12 ?????? S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
5/4/2006 6:37:36 ?????? S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917734.cat
6/1/2006 4:28:56 ?????? S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
5/23/2006 5:27:00 ?????? S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
5/23/2006 5:27:00 ?????? S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\_000000_.cat
6/21/2006 10:50:42 ?????? H 16384 C:\WINDOWS\system32\config\default.LOG
6/21/2006 10:51:10 ?????? H 1024 C:\WINDOWS\system32\config\SAM.LOG
6/21/2006 10:50:40 ?????? H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
6/21/2006 10:51:10 ?????? H 94208 C:\WINDOWS\system32\config\software.LOG
6/21/2006 10:50:44 ?????? H 1069056 C:\WINDOWS\system32\config\system.LOG
6/20/2006 11:10:08 ?????? H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
6/2/2006 9:35:40 ?????? S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
6/2/2006 9:35:40 ?????? S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
5/21/2006 2:32:44 ?????? H 262144 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
5/21/2006 2:32:44 ?????? H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
5/21/2006 2:34:42 ?????? HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
5/21/2006 2:34:42 ?????? HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
5/21/2006 2:34:42 ?????? HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
5/21/2006 2:57:58 ?????? RHS 1783 C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv8000 (EU009UA#ABA)_YN_0Pavi_QCND615061H_E398811002_46_I30A6_SHP_V56.24_BF.09_T060313_WXP2_L409_M1023_J100_7Intel_8T2300_91.66_#060222_N80861092_(EU009UA#ABA)_XMOBILE_CN10_Z_2F.09.MRK
6/6/2006 8:24:36 ?????? HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\f0a0dcca-0db0-463d-82f6-dcf28f8ab7d5
6/6/2006 8:24:36 ?????? HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
5/21/2006 2:34:32 ?????? HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\14e441ae-9e58-4543-a68f-14dc5a5d6ab5
5/21/2006 2:34:32 ?????? HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1c798269-43c5-49e9-aa17-8d18ccb28aae
5/21/2006 2:34:32 ?????? HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\372b3c73-4a71-456b-ace2-b57322d2ab5d
5/21/2006 2:34:32 ?????? HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
6/21/2006 10:53:50 ?????? H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
6/20/2006 11:24:24 ?????? H 6 C:\WINDOWS\Tasks\SA.DAT
6/6/2006 11:02:58 ?????? HS 113 C:\WINDOWS\temp\History\History.IE5\desktop.ini
6/6/2006 11:02:58 ?????? HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini
6/6/2006 11:02:58 ?????? HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\0XED6INL\desktop.ini
6/6/2006 11:02:58 ?????? HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\9AMOXD3W\desktop.ini
6/6/2006 11:02:58 ?????? HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\GEQX5MXT\desktop.ini
6/6/2006 11:02:58 ?????? HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\QZJD5HIR\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/10/2004 11:00:00 ?????? 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation7/27/2004 8:50:48 ?????? 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 5:03:50 ?????? 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
12/15/2005 7:42:00 ?????? 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 6/2/2006 9:10:14 ?????? 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Hewlett-Packard Development Company, L.P.12/7/2005 2:35:08 ?????? 47104 C:\WINDOWS\SYSTEM32\WACntlPnl.cpl
Microsoft Corporation 8/10/2004 11:00:00 ?????? 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 ?????? 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 ?????? 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/17/2005 12:59:34 ?????? HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
2/22/2006 5:17:46 ?????? 798 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/17/2005 5:45:06 ?????? HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
2/22/2006 5:18:24 ?????? 373 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
5/23/2006 12:46:04 ?????? 1460 C:\Documents and Settings\Jake Page\Start Menu\Programs\Startup\Axis & Allies Registration.lnk
8/17/2005 12:59:34 ?????? HS 84 C:\Documents and Settings\Jake Page\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
8/17/2005 5:45:06 ?????? HS 62 C:\Documents and Settings\Jake Page\Application Data\desktop.ini
5/31/2006 11:28:32 ?????? 187 C:\Documents and Settings\Jake Page\Application Data\G-Force Prefs (WindowsMediaPlayer).txt

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ab7158b-4bff-4160-ad7d-4d622df548cf}
Nothing = C:\WINDOWS\system32\hp100.tmp
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray C:\WINDOWS\ehome\ehtray.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nwiz nwiz.exe /installquiet /nodetect
High Definition Audio Property Page Shortcut CHDAudPropShortcut.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
HP Software Update C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
hpWirelessAssistant C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
QPService "C:\Program Files\HP\QuickPlay\QPService.exe"
eabconfg.cpl C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
Cpqset C:\Program Files\HPQ\Default Settings\cpqset.exe
RecGuard C:\Windows\SMINST\RecGuard.exe
Reminder C:\Windows\CREATOR\Remind_XP.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
HostManager C:\Program Files\Common Files\AOL\1149296951\EE\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
HPDJ Taskbar Utility C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
DeviceDiscovery C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AOL Fast Start "C:\Program Files\America Online 9.0\AOL.EXE" -b
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
dcomcfg.exe dcomcfg.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoRun 
NoClose 
NoLogOff 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskmgr 0
DisableRegistryTools 0
Shutdown 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/21/2006 11:00:32 ??????

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 June 2006 - 08:30 PM

Copy the text in the quote box to a blank notepad page and save it to the desktop with the name Fix.reg


REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]



Double Click Fix.reg and allow it to merge into the registry.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users