PDA

View Full Version : check my hijack log



mister
2007-02-12, 14:52
Logfile of HijackThis v1.99.1
Scan saved at 13:24:46, on 12-2-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\mister\Bureaublad\ ZONE\Setup\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [drvsyskit] "C:\Documents and Settings\Jevithan\Application Data\hidires\hidr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Snelkoppeling naar Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

What have to do?

Rawe
2007-02-12, 15:12
Hello and welcome to the forums :)

Please run a scan with HijackThis and check the following objects for removal:

O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [drvsyskit] "C:\Documents and Settings\Jevithan\Application Data\hidires\hidr.exe"

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis and reboot.

-----

After reboot, please navigate to and delete the following file & folder if present:

C:\WINDOWS\system32\hldrrr.exe
C:\Documents and Settings\Jevithan\Application Data\hidires

Empty recycle bin.

------

Please download GMER (http://www.majorgeeks.com/GMER_d5198.html):
Unzip it and double-click GMER.exe
Click the rootkit-tab and click scan.
Once done, click Copy.
This will copy the results to clipboard.
Paste the results in your next reply.

mister
2007-02-12, 17:12
The results was to long i have upload it, this is the results
http://www.badongo.com/file/2220545

mister
2007-02-12, 19:15
U have click the follow link...

mister
2007-02-13, 14:12
can anybody help me...?

Rawe
2007-02-13, 16:01
Looks like I didn't get my email subscription even when I have subscriped to the thread. Well it was a good thing I noticed.

Tell me... Did you check the "Show All" box before running the scan?

Please download Combofix (http://download.bleepingcomputer.com/sUBs/combofix.exe) to your desktop:
Double-click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

mister
2007-02-13, 17:30
"mister" - 07-02-13 16:21:06 Service Pack 2
ComboFix 07.01.30 - Running from: "C:\Documents and Settings\mister\Bureaublad"

ERROR !!! /wow section not completed

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Documents and Settings\mister\Application Data\CROSOF~1
C:\qoobox\purity\Documents and Settings\mister\Application Data\CROSOF~1\??crosoft
C:\qoobox\purity\WINDOWS\ECURIT~1


((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 16:17 <DIR> d-------- C:\WINDOWS\LastGood
2007-02-13 13:57 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-02-13 13:57 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-02-13 13:57 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-02-12 21:06 <DIR> d----c--- C:\ComboScan
2007-02-12 19:04 187,008 --a------ C:\WINDOWS\system32\drivers\trlkprot.sys
2007-02-12 19:04 <DIR> d-------- C:\WINDOWS\trlrm
2007-02-12 19:03 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Prevx
2007-02-12 19:03 <DIR> d-------- C:\Program Files\Prevx1
2007-02-12 19:02 <DIR> d-------- C:\Program Files\SpyWall
2007-02-12 18:22 <DIR> d-------- C:\Program Files\Ashampoo
2007-02-11 21:13 <DIR> d-------- C:\DOCUME~1\mister\Application Data\MailFrontier
2007-02-11 19:48 <DIR> d----c--- C:\fixwareout
2007-02-11 18:11 <DIR> d-------- C:\Program Files\Hitman Pro
2007-02-11 15:14 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-02-11 15:13 <DIR> d-------- C:\Program Files\MSECACHE
2007-02-11 15:10 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\SecTaskMan
2007-02-11 15:10 <DIR> d-------- C:\Program Files\Security Task Manager
2007-02-10 22:19 <DIR> d-------- C:\Program Files\xp-AntiSpy
2007-02-09 22:12 <DIR> dr-h----- C:\DOCUME~1\mister\Onlangs geopend
2007-02-09 22:04 <DIR> d-------- C:\Program Files\XoftSpy
2007-02-06 15:27 <DIR> d-------- C:\Program Files\Flash Menu Factory
2007-02-06 15:23 <DIR> d-------- C:\Program Files\AnvSoft
2007-02-06 11:47 <DIR> d-------- C:\DOCUME~1\mister\Application Data\COWON
2007-02-06 11:45 <DIR> d-------- C:\Program Files\JetAudio
2007-02-05 22:08 190 --a------ C:\WINDOWS\p2p_turbo.exe
2007-02-05 21:00 <DIR> d-------- C:\Program Files\Movavi Video Converter 5.0
2007-02-05 21:00 <DIR> d-------- C:\Program Files\MOVAVI
2007-02-04 17:41 <DIR> d-------- C:\Program Files\InterMute
2007-01-30 19:16 <DIR> d-------- C:\WINDOWS\IBN WMV to Video
2007-01-30 18:56 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2007-01-29 15:55 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\River Past G5
2007-01-29 15:55 <DIR> d-------- C:\DOCUME~1\mister\Application Data\River Past G5
2007-01-28 12:56 <DIR> d-------- C:\Program Files\Xvid
2007-01-23 10:20 <DIR> d-------- C:\Program Files\Easy GIF Animator
2007-01-23 10:00 258,352 --a------ C:\WINDOWS\system32\Unicows.dll
2007-01-23 09:55 <DIR> d-------- C:\Program Files\Advanced GIF Animator
2007-01-22 22:45 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-01-22 22:45 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2007-01-22 02:24 1,252 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-21 04:36 <DIR> d-------- C:\Program Files\Flash SWF to GIF AVI Converter
2007-01-19 09:53 <DIR> d-------- C:\Program Files\Studio V5
2007-01-18 22:34 <DIR> d-------- C:\Program Files\Easy Video Capture
2007-01-18 13:43 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-15 17:43 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-01-15 17:43 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 16:22 -------- d-------- C:\DOCUME~1\mister\Application Data\azureus
2007-02-12 18:21 -------- d--h----- C:\Program Files\installshield installation information
2007-02-11 18:15 -------- d-------- C:\Program Files\emule
2007-02-10 21:53 -------- d---s---- C:\DOCUME~1\mister\Application Data\microsoft
2007-02-07 09:04 -------- d-------- C:\Program Files\shopinsite mmi
2007-02-06 10:34 5632 --ahs---- C:\Program Files\thumbs.db
2007-02-04 17:59 -------- d-------- C:\Program Files\poweriso
2007-02-04 17:59 -------- d-------- C:\Program Files\msn messenger
2007-02-04 17:42 -------- d-------- C:\Program Files\azureus
2007-02-04 16:50 -------- d-------- C:\Program Files\allok video splitter
2007-01-30 20:37 -------- d-------- C:\Program Files\acd systems
2007-01-29 22:02 -------- d-------- C:\Program Files\dc++
2007-01-29 20:56 -------- d-------- C:\Program Files\deskshare
2007-01-24 22:41 -------- d-------- C:\Program Files\Common Files\deskshare shared
2007-01-22 02:52 -------- d-------- C:\Program Files\google
2007-01-21 04:34 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-18 17:21 816128 ---h----- C:\WINDOWS\system32\wodfamoh.dll
2007-01-18 13:41 -------- d-------- C:\DOCUME~1\mister\Application Data\google
2007-01-11 23:28 -------- d-------- C:\Program Files\abrosoft
2007-01-07 18:04 -------- d-------- C:\Program Files\k-lite codec pack
2007-01-04 23:40 -------- d-------- C:\Program Files\Common Files\acd systems
2007-01-03 07:35 -------- d-------- C:\Program Files\Common Files\l&h
2007-01-03 07:34 -------- d-------- C:\Program Files\microsoft works
2007-01-01 19:04 164352 --a------ C:\WINDOWS\system32\spoonuninstall.exe
2006-12-31 16:10 -------- d-------- C:\Program Files\mp3 workshop
2006-12-27 15:17 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-12-22 17:50 -------- d-------- C:\Program Files\virtualdj
2006-12-21 12:36 -------- d-------- C:\Program Files\admiresoft
2006-12-21 10:08 -------- d-------- C:\Program Files\webroot
2006-12-18 21:36 -------- d-------- C:\Program Files\globalscape
2006-12-16 17:31 -------- d-------- C:\Program Files\torquegamebuilder
2006-12-16 14:22 -------- d-------- C:\Program Files\web page maker v2
2006-12-15 18:23 -------- d-------- C:\Program Files\quicktime alternative
2006-12-15 18:22 -------- d-------- C:\Program Files\media player classic
2006-12-14 10:18 720896 --a------ C:\WINDOWS\iun6002.exe
2006-11-27 14:48 57344 --a------ C:\WINDOWS\system32\scanatstartup.dll
2006-11-21 21:58 16 --a------ C:\WINDOWS\system32\jgldog11.dll
2006-11-21 11:27 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-21 05:01 1 --a------ C:\WINDOWS\system32\wincfgds.dll
2006-11-20 07:15 3082 --a------ C:\WINDOWS\system32\affv208325p1now.sys
2006-11-16 10:54 90112 --a------ C:\WINDOWS\system32\regdacl.exe
2006-11-16 10:54 4096 --a------ C:\WINDOWS\system32\reboot.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BlueSoleil.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE "
"item"="BlueSoleil"
"backup"="C:\\WINDOWS\\pss\\BlueSoleil.lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^KOBISHI 54Mbps Wireless Client Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\KOBISHI 54Mbps Wireless Client Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\KOBISHI 54Mbps Wireless Client Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\KOBISHI\\KOBISH~1\\KOBISH~1.EXE "
"item"="KOBISHI 54Mbps Wireless Client Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WordWeb Pro.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\WordWeb Pro.lnk"
"backup"="C:\\WINDOWS\\pss\\WordWeb Pro.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WordWeb\\wweb32.exe "
"item"="WordWeb Pro"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Zone Labs Security (2).lnk]
"location"="Common Startup"
"item"="Zone Labs Security (2)"
"backup"="C:\\WINDOWS\\pss\\Zone Labs Security (2).lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mister^Menu Start^Programma's^Opstarten^BitDefender 9 Professional Plus.lnk]
"path"="C:\\Documents and Settings\\mister\\Menu Start\\Programma's\\Opstarten\\BitDefender 9 Professional Plus.lnk"
"backup"="C:\\WINDOWS\\pss\\BitDefender 9 Professional Plus.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe "
"item"="BitDefender 9 Professional Plus"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mister^Menu Start^Programma's^Opstarten^Snelkoppeling naar PXConsole.lnk]
"path"="C:\\Documents and Settings\\mister\\Menu Start\\Programma's\\Opstarten\\Snelkoppeling naar PXConsole.lnk"
"backup"="C:\\WINDOWS\\pss\\Snelkoppeling naar PXConsole.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Prevx1\\PXCONS~1.EXE "
"item"="Snelkoppeling naar PXConsole"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mister^Menu Start^Programma's^Opstarten^Snelkoppeling naar sndvol32.lnk]
"path"="C:\\Documents and Settings\\mister\\Menu Start\\Programma's\\Opstarten\\Snelkoppeling naar sndvol32.lnk"
"backup"="C:\\WINDOWS\\pss\\Snelkoppeling naar sndvol32.lnkStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\system32\\sndvol32.exe "
"item"="Snelkoppeling naar sndvol32"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mister^Menu Start^Programma's^Opstarten^Snelkoppeling naar zlclient.lnk]
"location"="Startup"
"item"="Snelkoppeling naar zlclient"
"backup"="C:\\WINDOWS\\pss\\Snelkoppeling naar zlclient.lnkStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mister^Menu Start^Programma's^Opstarten^start.lnk]
"path"="C:\\Documents and Settings\\mister\\Menu Start\\Programma's\\Opstarten\\start.lnk"
"backup"="C:\\WINDOWS\\pss\\start.lnkStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\system32\\svcost\\svcost.exe "
"item"="start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PAVSRV"=dword:00000002
"PAVFIRES"=dword:00000002
"SDhelper"=dword:00000002
"wampmysqld"=dword:00000003
"wampapache"=dword:00000002
"TUWinStylerThemeSvc"=dword:00000003
"AVP"=dword:00000002
"VSSERV"=dword:00000002
"bdss"=dword:00000002
"LIVESRV"=dword:00000002
"XCOMM"=dword:00000002
"WinDefend"=dword:00000002
"WWW File Share Pro"=dword:00000002
"MSIServer"=dword:00000003
"svcWRSSSDK"=dword:00000002
"BARCASE"=dword:00000002
"McRedirector"=dword:00000002
"ASEService"=dword:00000002
"aswUpdSv"=dword:00000002
"avast! Web Scanner"=dword:00000003
"avast! Mail Scanner"=dword:00000003
"avast! Antivirus"=dword:00000002
"AntiVirScheduler"=dword:00000002
"AntiVirService"=dword:00000002
"AVG Anti-Spyware Guard"=dword:00000002
"BthServ"=dword:00000002
"avGuard"=dword:00000002
"vsmon"=dword:00000002
"mcusrmgr"=dword:00000002
"mcmispupdmgr"=dword:00000002
"mctskshd.exe"=dword:00000002
"McSysmon"=dword:00000002
"MSK80Service"=dword:00000002
"McODS"=dword:00000002
"McShield"=dword:00000002
"McProxy"=dword:00000002
"mcpromgr"=dword:00000002
"MPS9"=dword:00000002
"MpfService"=dword:00000002
"McNASvc"=dword:00000002
"McLogManagerService"=dword:00000002
"McAfee HackerWatch Service"=dword:00000002
"Emproxy"=dword:00000003
"PREVXAgent"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"=dword:00000001
"NoClose"=dword:00000001
"NoLogOff"=dword:00000001
"NoRun"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Internet Explorer\podosipil.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
MessageServices REG_MULTI_SZ MessageServices\0
MessageService REG_MULTI_SZ \0
bthsvcs REG_MULTI_SZ BthServ\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Templates



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 07-02-13 16:23:52

Rawe
2007-02-13, 19:43
There are some files I'm not sure of.

Please surf here: http://virustotal.com

Next to the "Browse" button, in the blank field in the right hand upper corner,

paste each of the following one at a time (hit "Send" each time after pasting one line), wait for all the scanners to scan all the files one at a time, then post back with all the results (you'll need to paste them in several replies probably; please don't upload them).

C:\WINDOWS\p2p_turbo.exe
C:\WINDOWS\system32\scanatstartup.dll
C:\WINDOWS\system32\jgldog11.dll
C:\WINDOWS\system32\wincfgds.dll
C:\WINDOWS\system32\affv208325p1now.sys

Then, please navigate to and delete the following file if present:

C:\WINDOWS\iun6002.exe

Empty recycle bin. Please post all the filescan results back. Can you also please describe all your current issues with the PC right now?

mister
2007-02-13, 22:24
STATUS: FINISHED Complete scanning result of "affv208325p1now.sys", received in VirusTotal at 02.13.2007, 19:02:11 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.37 02.13.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.13.2007 no virus found
AVG 386 02.13.2007 no virus found
BitDefender 7.2 02.13.2007 no virus found
CAT-QuickHeal 9.00 02.13.2007 no virus found
ClamAV devel-20060426 02.13.2007 no virus found
DrWeb 4.33 02.13.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3394 02.13.2007 no virus found
Ewido 4.0 02.13.2007 no virus found
Fortinet 2.85.0.0 02.13.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.13.2007 no virus found
Ikarus T3.1.0.31 02.13.2007 no virus found
Kaspersky 4.0.2.24 02.13.2007 no virus found
McAfee 4961 02.12.2007 no virus found
Microsoft 1.2204 02.13.2007 no virus found
NOD32v2 2057 02.13.2007 no virus found
Norman 5.80.02 02.13.2007 no virus found
Panda 9.0.0.4 02.13.2007 no virus found
Prevx1 V2 02.13.2007 no virus found
Sophos 4.14.0 02.13.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.13.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.13.2007 no virus found
VBA32 3.11.2 02.12.2007 no virus found
VirusBuster 4.3.19:9 02.13.2007 no virus found

Aditional Information
File size: 3082 bytes
MD5: 919d87b692cb233f96f50e28992b9f79
SHA1: ffb24321134ad903a5badb73fe9229e088348c55
******************

STATUS: FINISHED Complete scanning result of "jgldog11.dll", received in VirusTotal at 02.13.2007, 19:19:17 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.37 02.13.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.13.2007 no virus found
AVG 386 02.13.2007 no virus found
BitDefender 7.2 02.13.2007 no virus found
CAT-QuickHeal 9.00 02.13.2007 no virus found
ClamAV devel-20060426 02.13.2007 no virus found
DrWeb 4.33 02.13.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3394 02.13.2007 no virus found
Ewido 4.0 02.13.2007 no virus found
Fortinet 2.85.0.0 02.13.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.13.2007 no virus found
Ikarus T3.1.0.31 02.13.2007 no virus found
Kaspersky 4.0.2.24 02.13.2007 no virus found
McAfee 4961 02.12.2007 no virus found
Microsoft 1.2204 02.13.2007 no virus found
NOD32v2 2057 02.13.2007 no virus found
Norman 5.80.02 02.13.2007 no virus found
Panda 9.0.0.4 02.13.2007 no virus found
Prevx1 V2 02.13.2007 no virus found
Sophos 4.14.0 02.13.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.13.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.13.2007 no virus found
VBA32 3.11.2 02.12.2007 no virus found
VirusBuster 4.3.19:9 02.13.2007 no virus found

Aditional Information
File size: 16 bytes
MD5: 8054adf23ab2af49f90ce00b0f35908b
SHA1: 107a1e780604c4bc1c7857fdadb6ef2f8591ac51
*******************

STATUS: FINISHED Complete scanning result of "p2p_turbo.exe", received in
VirusTotal at 02.13.2007, 19:39:08 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.37 02.13.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.13.2007 no virus found
AVG 386 02.13.2007 no virus found
BitDefender 7.2 02.13.2007 no virus found
CAT-QuickHeal 9.00 02.13.2007 no virus found
ClamAV devel-20060426 02.13.2007 no virus found
DrWeb 4.33 02.13.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3394 02.13.2007 no virus found
Ewido 4.0 02.13.2007 no virus found
Fortinet 2.85.0.0 02.13.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.13.2007 no virus found
Ikarus T3.1.0.31 02.13.2007 no virus found
Kaspersky 4.0.2.24 02.13.2007 no virus found
McAfee 4961 02.12.2007 no virus found
Microsoft 1.2204 02.13.2007 no virus found
NOD32v2 2057 02.13.2007 no virus found
Norman 5.80.02 02.13.2007 no virus found
Panda 9.0.0.4 02.13.2007 no virus found
Prevx1 V2 02.13.2007 no virus found
Sophos 4.14.0 02.13.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.13.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.13.2007 no virus found
VBA32 3.11.2 02.12.2007 no virus found
VirusBuster 4.3.19:9 02.13.2007 no virus found

Aditional Information
File size: 190 bytes
MD5: e5a657da4d70ad178771cf49c2065af9
SHA1: a45d2ed86b6f97a01afadc0a540f7209deb3ab8a
*********************
STATUS: FINISHEDComplete scanning result of "ScanAtStartup.dll", received in VirusTotal at 02.13.2007, 20:46:28 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.37 02.13.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.13.2007 no virus found
AVG 386 02.13.2007 no virus found
BitDefender 7.2 02.13.2007 no virus found
CAT-QuickHeal 9.00 02.13.2007 no virus found
ClamAV devel-20060426 02.13.2007 no virus found
DrWeb 4.33 02.13.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3394 02.13.2007 no virus found
Ewido 4.0 02.13.2007 no virus found
Fortinet 2.85.0.0 02.13.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.13.2007 no virus found
Ikarus T3.1.0.31 02.13.2007 no virus found
Kaspersky 4.0.2.24 02.13.2007 no virus found
McAfee 4961 02.12.2007 no virus found
Microsoft 1.2204 02.13.2007 no virus found
NOD32v2 2057 02.13.2007 no virus found
Norman 5.80.02 02.13.2007 no virus found
Panda 9.0.0.4 02.13.2007 no virus found
Prevx1 V2 02.13.2007 no virus found
Sophos 4.14.0 02.13.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.13.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.13.2007 no virus found
VBA32 3.11.2 02.13.2007 no virus found
VirusBuster 4.3.19:9 02.13.2007 no virus found

Aditional Information
File size: 57344 bytes
MD5: 07be340ccda730df634b73e8ccd4dd07
SHA1: ac12123e7604ae6c943367abd4c2c69b926b7d48
***********************

STATUS: FINISHEDComplete scanning result of "WinCfgDS.dll", received in VirusTotal at 02.13.2007, 20:56:16 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.37 02.13.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.13.2007 no virus found
AVG 386 02.13.2007 no virus found
BitDefender 7.2 02.13.2007 no virus found
CAT-QuickHeal 9.00 02.13.2007 no virus found
ClamAV devel-20060426 02.13.2007 no virus found
DrWeb 4.33 02.13.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3394 02.13.2007 no virus found
Ewido 4.0 02.13.2007 no virus found
Fortinet 2.85.0.0 02.13.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.13.2007 no virus found
Ikarus T3.1.0.31 02.13.2007 no virus found
Kaspersky 4.0.2.24 02.13.2007 no virus found
McAfee 4961 02.12.2007 no virus found
Microsoft 1.2204 02.13.2007 no virus found
NOD32v2 2057 02.13.2007 no virus found
Norman 5.80.02 02.13.2007 no virus found
Panda 9.0.0.4 02.13.2007 no virus found
Prevx1 V2 02.13.2007 Keylogger.WinSpy
Sophos 4.14.0 02.13.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.13.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.13.2007 no virus found
VBA32 3.11.2 02.13.2007 no virus found
VirusBuster 4.3.19:9 02.13.2007 no virus found

Aditional Information
File size: 1 bytes
MD5: eccbc87e4b5ce2fe28308fd9f2a7baf3
SHA1: 77de68daecd823babbb58edb1c8e14d7106e83bb
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=eccb5751241

mister
2007-02-13, 22:53
i cann't in safe mode and also not to shut down.....but i can now run....and i can't receive to other network i want to connect internet...i want to connect with internet...

Rawe
2007-02-14, 15:08
I'm still not sure of those files. Lets get them submitted.

Please surf here (http://www.thespykiller.co.uk/forum/index.php?board=1.0).

Check out the instructions for uploading files here (http://www.thespykiller.co.uk/forum/index.php?topic=5.0).

Now, navigate to and find each of the following files and right-click them -- pack them in one zip/rar archive -- then upload that archive in the topic.

C:\WINDOWS\p2p_turbo.exe
C:\WINDOWS\system32\jgldog11.dll
C:\WINDOWS\system32\wincfgds.dll
C:\WINDOWS\system32\affv208325p1now.sys

The topic name could just be "Files for Rawe". Then, in the actual post, paste this link: http://forums.spybot.info/showthread.php?t=11301

No registration is needed.

Then click to Post it. Once that is done, please copy and paste your link from thespykiller to this thread in your reply to me so I can make sure they are there. We'll continue from that once we let the experts check them out :)

mister
2007-02-14, 17:27
Can you see my rar file? i have it upload it...

http://www.thespykiller.co.uk/forum/index.php?topic=3613.0

Rawe
2007-02-15, 19:54
I'm losing my mind with these subscription issues. Sorry for the delay.

I'll check them out right away and see if anyone has checked them as of yet. :)

Rawe
2007-02-15, 20:30
Have you archived all those four files now? I mean, are they in their original locations? If not, simply delete that archive. I don't think they are clean files.

You can also check the current locations and delete them there if they are present. Let me know once you've done that and post a fresh HijackThis log with a description of your current issues :)

mister
2007-02-15, 21:33
you mean i must delete this files on my laptop
and are this files must be delete??

C:\WINDOWS\p2p_turbo.exe
C:\WINDOWS\system32\jgldog11.dll
C:\WINDOWS\system32\wincfgds.dll
C:\WINDOWS\system32\affv208325p1now.sys

Rawe
2007-02-16, 15:21
Yes, please delete all those files.

Then, please download WinPFind2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/winpfind2.exe) to your desktop.
Double-click WinPFind2.exe to extract it.
Open up the new folder on your desktop and double-click WinPFind2.exe to run the program.
Leave the default settings.
Check the following boxes on AddOn-Options:

HKCU_IEDesktop.def
Jobs.def
Policies.def
SID_Run_Policies.def

Click Run all Scans.
When the scan is ready, you'll see Scans Complete! message lower left.
Click Simple Report.
Notepad will open and the log is created in the folder where the tool was unzipped (C:\WinPFind2\WinPFind2.txt)
Make sure WordWrap is NOT checked in notepad!
Post back with the log along with a fresh HijackThis log. You may need to post multiple replies to get it all posted, so it doesn't get cut off.

mister
2007-02-16, 18:43
Logfile created on: 16-2-2007 17:32:55
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\Jevithan\Bureaublad\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< Processes (Non-Microsoft Only) >
c:\windows\system32\acs.exe - ( )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\program files\toshiba\configfree\cfsvcs.exe - (TOSHIBA CORPORATION )
c:\windows\system32\zonelabs\avsys\monitor.exe - ( )
c:\windows\system32\zonelabs\avsys\scanningprocess.exe - ( )
c:\windows\system32\zonelabs\avsys\scanningprocess.exe - ( )
c:\program files\superantispyware\superantispyware.exe - (SUPERAntiSpyware.com )
c:\windows\system32\zonelabs\vsmon.exe - (Zone Labs, LLC )
c:\documents and settings\jevithan\bureaublad\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\zone labs\zonealarm\zlclient.exe - (Zone Labs, LLC )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM->Main\\Local Page - C:\WINDOWS\SYSTEM32\blank.htm
HKCU->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU->Main\\Search Bar - http://search.msn.com/spbasic.htm
HKCU->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU->Main\\Default_Search_URL - http://www.microsoft.com/isapi
HKCU->Main\\Local Page - C:\WINDOWS\SYSTEM32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url-zoeken Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0

[>> BHO's <<]
{00C6482D-C502-44C8-8409-FCE54AD9C208} - HelperObject Class = C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip van de dag = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - &Discuss = shdocvw.dll (Microsoft Corporation )
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer-band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt = C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adres = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Koppelingen = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adres = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Koppelingen = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{D593DE91-7B41-45C2-830E-E9A99AB142AA} - Reg Data - Key not found = Reg Data - Key not found (File not found)

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Reg Data - Key not found
{09EA1F80-F40A-11D1-B792-444553540001} - 8204 - Reg Data - Key not found
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - 8195 - Reg Data - Key not found
{200DB664-75B5-47c0-8B45-A44ACCF73C00} - 8197 - Reg Data - Key not found
{200DB664-75B5-47c0-8B45-A44ACCF73F01} - 8198 - Reg Data - Key not found
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8196 - Reg Data - Key not found
{300DB664-75B5-47c0-8B45-A44ACCF73C00} - 8199 - Reg Data - Key not found
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - 8200 - Reg Data - Key not found
{669695BC-A811-4A9D-8CDF-BA8C795F261C} - 8207 - Reg Data - Key not found
{85d1f590-48f4-11d9-9669-0800200c9a66} - 8206 - Reg Data - Key not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 - Reg Data - Key not found
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - 8205 - Reg Data - Key not found
{E19ADC6E-3909-43E4-9A89-B7B676377EE3} - 8209 - Namo SWF Catcher
{F4FBA929-A891-492C-A0F6-5C79CC4F1742} - 8208 - Reg Data - Key not found
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - Reg Data - Key not found
NextId - 8210

[HKLM-> Internet Explorer Extensions]
{E19ADC6E-3909-43E4-9A89-B7B676377EE3} - ButtonText: Namo SWF Catcher = C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ( )

[HKCU-> Internet Explorer Menu Extensions]
Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ( )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data - Key not found (File not found)
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taakbalk en menu Start = Reg Data - Key not found (File not found)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - dBpowerAMP Music Converter = Reg Data - Key not found (File not found)
{2E9FFF5C-4375-494d-951F-098BAA42239E} - Spy Emergency Extension = Reg Data - Key not found (File not found)
{2F5AC606-70CF-461C-BFE1-6063670C3484} - Display CPL Extension = C:\Program Files\Toshiba\TouchED\TouchED.DLL (TOSHIBA Inc. )
{2F603045-309F-11CF-9774-0020AFD0CFF6} - Synaptics Control Panel = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc. )
{35786D3C-B075-49b9-88DD-029876E11C01} - Portable Devices = Reg Data - Key not found (File not found)
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - PhoneBrowser = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll (Nokia )
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Configuratiescherm-uitbreiding Beeldscherm-panning = Reg Data - Key not found (File not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = Reg Data - Key not found (File not found)
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions )
{6EE51AA0-77A0-11D7-B4E1-000347126E46} - Window Washer Shredding Utility = Reg Data - Key not found (File not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell-uitbreidingen voor bestandscompressie = Reg Data - Key not found (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - Gebruikersaccounts = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Snelmenu Codering = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal-pictogramuitbreiding = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. )
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt = C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation )
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} - PowerISO = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc. )
{9e49c91e-912e-4f66-bcae-377c389cce14} - LView Pro Shell Extensions = Reg Data - Key not found (File not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{B8323370-FF27-11D2-97B6-204C4F4F5020} - SmartFTP Shell Extension DLL = Reg Data - Key not found (File not found)
{CF74B903-3389-469c-B3B6-0204D204FCBD} - SnagIt Shell Extension = C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll (TechSmith Corporation )
{D120D80B-BD26-4A74-8E43-2C2AF0966139} - QuickPar ContextMenu extension = Reg Data - Key not found (File not found)
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} - Portable Devices Menu = Reg Data - Key not found (File not found)
{D9872D13-7651-4471-9EEE-F0A00218BEBB} - Multiscan = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC )
{e57ce731-33e8-4c51-8354-bb4de9d215d1} - Universele Plug en Play-apparaten = Reg Data - Key not found (File not found)
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = Reg Data - Key not found (File not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )
{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Music Converter 1 = Reg Data - Key not found (File not found)

[HKCU-> Approved Shell Extensions]
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - Webmappen = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL (Microsoft Corporation )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - {CA8ACAFA-5FBB-467B-B348-90DD488DE003} - SUPERAntiSpyware Context Menu = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com )
* - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
* - PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc. )
* - Quick Par - {D120D80B-BD26-4A74-8E43-2C2AF0966139} = Reg Data - Key not found (File not found)
* - SnagItMainShellExt - {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll (TechSmith Corporation )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - ZLAVShExt - {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC )
Directory - {CA8ACAFA-5FBB-467B-B348-90DD488DE003} - SUPERAntiSpyware Context Menu = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com )
Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
Directory - PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc. )
Directory - SnagItMainShellExt - {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll (TechSmith Corporation )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - Ashampoo Antivirus - Reg Data - Value does not exist = Reg Data - Key not found (File not found)
Folder - PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc. )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - ZLAVShExt - {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - jsfile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - vbsfile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\PrevxOne - "C:\Program Files\Prevx1\PXConsole.exe" (File not found)
HKLM->Run\\ZoneAlarm Client - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation )
HKCU->Run\\SUPERAntiSpyware - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found)

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. )
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - SABShellExecuteHook Class = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - SsiEfr.e;

[PendingFileRenameOperations]
Session Manager\\PendingFileRenameOperations - \??\c:\windows\system32\dllcache\OLD5D.tmp;

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]
Services - AntiVirScheduler
Services - AntiVirService
Services - ASEService
Services - aswUpdSv
Services - avast! Antivirus
Services - avast! Mail Scanner
Services - avast! Web Scanner
Services - AVG Anti-Spyware Guard
Services - avGuard
Services - AVP
Services - BARCASE
Services - bdss
Services - BthServ
Services - Emproxy
Services - LIVESRV
Services - McAfee HackerWatch Service
Services - McLogManagerService
Services - mcmispupdmgr
Services - McNASvc
Services - McODS
Services - mcpromgr
Services - McProxy
Services - McRedirector
Services - McShield
Services - McSysmon
Services - mctskshd.exe
Services - mcusrmgr
Services - MpfService
Services - MPS9
Services - MSIServer
Services - MSK80Service
Services - PAVFIRES
Services - PAVSRV
Services - PREVXAgent
Services - SDhelper
Services - svcWRSSSDK
Services - TUWinStylerThemeSvc
Services - vsmon
Services - VSSERV
Services - wampapache
Services - wampmysqld
Services - WinDefend
Services - WWW File Share Pro
Services - XCOMM

[>> User Agent Post Platform <<]
sv1 -

mister
2007-02-16, 18:48
[>> Winlogon <<]
HMLM->AltDefaultDomainName - YOUR-DABD102556
HMLM->AltDefaultUserName - Jevithan
HMLM->AutoAdminLogon - Reg Data - Value does not exist
HMLM->DefaultDomainName - YOUR-DABD102556
HMLM->DefaultUserName - Jevithan
HKLM->Shell - explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINDOWS\System32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\!SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com )
Notify\AtiExtEvent - Ati2evxx.dll (ATI Technologies Inc. )
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )
Notify\WRNotifier - WRLogonNTF.dll (File not found)

[>> DNS Name Servers <<]

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 (Naamruimte voor Network Location Awareness (NLA)) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000004 (Bluetooth-naamruimte) - %SystemRoot%\system32\wshbth.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000005 (Bluetooth-naamruimte) - %SystemRoot%\system32\wshbth.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000006 (Bluetooth-naamruimte) - %SystemRoot%\system32\wshbth.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000007 (NWLink IPX/SPX/NetBIOS-compatibel transportprotocol) - %SystemRoot%\System32\nwprovau.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
Atheros-clienthulpprogramma (ACS) - C:\WINDOWS\system32\acs.exe ( ) [Automatic - Running - Win32, running in it's own process]
Ati HotKey Poller (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc. ) [Automatic - Running - Win32, running in it's own process]
ConfigFree Service (CFSvcs) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION ) [Automatic - Running - Win32, running in it's own process]
Network Location Awareness (NLA) (Nla) - \SystemRoot\C:\WINDOWS\system32\svchost.exe -k netsvcs (File not found)) [ - Running - Win32, running in a shared process]
TrueVector Internet Monitor (vsmon) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (Zone Labs, LLC ) [Automatic - Running - Win32, running in it's own process]

< Files >

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 14-2-2006 12:38:22 | Attr = HS])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Menu Start\Programma's\Opstarten

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Jevithan\Menu Start\Programma's\Opstarten
C:\Documents and Settings\Jevithan\Menu Start\Programma's\Opstarten\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 14-2-2006 12:38:22 | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Menu Start\Programma's\Opstarten

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - explorer.exe
Wininit.ini: Line 1 - [Rename]
Wininit.ini: Line 2 - NUL=C:\DOCUME~1\Jevithan\LOCALS~1\Temp\uninstww.exe

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\addr_file.html - ( [Ver = | Size = 305 bytes | Date = 2-11-2006 12:11:50 | Attr = ])
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 14-2-2006 13:30:20 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\{e224b651-2644-11db-9628-00e08161165f} - ( [Ver = | Size = 44 bytes | Date = 7-1-2007 19:05:50 | Attr = ])
C:\Documents and Settings\All Users\Application Data\ÝÃÄ›Ò3113›.sys - ( [Ver = | Size = 13 bytes | Date = 17-7-2006 19:26:48 | Attr = H ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Jevithan\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 14-2-2006 13:30:20 | Attr = HS])
C:\Documents and Settings\Jevithan\Application Data\mpauth.dat - ( [Ver = | Size = 784 bytes | Date = 16-7-2006 21:10:34 | Attr = ])
C:\Documents and Settings\Jevithan\Application Data\NMM-MetaData.db - ( [Ver = | Size = 242508 bytes | Date = 18-10-2006 19:37:12 | Attr = ])

Program Files Folder
C:\Program Files\Thumbs.db - ( [Ver = | Size = 5632 bytes | Date = 6-2-2007 10:34:22 | Attr = HS])

Common Files Folder

DPF files
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

Hosts file = 686 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for WINDOWS. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a "#" symbol. -
# -
# for example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
# -
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 0
Desktop\Components\\GeneralFlags - 1
Desktop\Components\0 -
Desktop\Components\0\\Source - C:\Program Files\Internet Explorer\podosipil.html
Desktop\Components\0\\SubscribedURL -
Desktop\Components\0\\FriendlyName -
Desktop\Components\0\\Flags - 0
Desktop\Components\0\\Position - 2C 00 00 00 64 00 00 00 64 00 00 00 58 02 00 00 C8 00 00 00 E8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 14 00 00 00
Desktop\Components\0\\CurrentState - 01 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 64 00 00 00 64 00 00 00 58 02 00 00 C8 00 00 00 01 00 00 40
Desktop\Components\0\\RestoredStateInfo - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\WallpaperFileTime - 06 B6 57 67 08 4A C7 01
Desktop\General\\WallpaperLocalFileTime - 06 1E 1C C9 10 4A C7 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\Components -
Desktop\SafeMode\Components\\DeskHtmlVersion - 272
Desktop\SafeMode\Components\\DeskHtmlMinorVersion - 5
Desktop\SafeMode\Components\\Settings - 1
Desktop\SafeMode\Components\\GeneralFlags - 0
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Jobs.def<<<<

DIR - C:\WINDOWS\tasks\*.* - Parameters = Include SubFolders
C:\WINDOWS\tasks\1-Click Maintenance.job - ( [Ver = | Size = 396 bytes | Date = 2-2-2007 17:15:02 | Attr = ])
C:\WINDOWS\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 4-8-2004 12:00:00 | Attr = RH ])
C:\WINDOWS\tasks\Jevithan backup.job - ( [Ver = | Size = 562 bytes | Date = 14-2-2007 20:17:28 | Attr = ])
C:\WINDOWS\tasks\Jevithan scan and fix.job - ( [Ver = | Size = 572 bytes | Date = 14-2-2007 20:17:30 | Attr = ])
C:\WINDOWS\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 16-2-2007 17:17:08 | Attr = H ])
C:\WINDOWS\tasks\XoftSpy.job - ( [Ver = | Size = 306 bytes | Date = 14-8-2006 7:50:06 | Attr = ])

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\explorer -
policies\explorer\\NoActiveDesktopChanges - 0
policies\explorer\run -
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\Ratings\\Key - 03 6A 61 97 50 EA 13 08 B3 67 AD 4E 13 62 F6 1C
policies\Ratings\\Hint - w8woord van desitorrents
policies\Ratings\\FileName0 - C:\WINDOWS\system32\RSACi.rat
policies\Ratings\.Default -
policies\Ratings\.Default\\Allow_Unknowns - 0
policies\Ratings\.Default\\PleaseMom - 1
policies\Ratings\.Default\\Enabled - 0
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html -
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\l - 0
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\n - 0
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\s - 0
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\v - 0
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Associations -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\Explorer\\NoChangeStartMenu - 1
policies\Explorer\\NoClose - 1
policies\Explorer\\NoSaveSettings - 0
policies\Explorer\\ClassicShell - 0
policies\Explorer\\NoThemesTab - 0
policies\Explorer\run -
policies\System -
policies\System\\NoColorChoice - 0
policies\System\\NoSizeChoice - 0
policies\System\\NoDispScrSavPage - 0
policies\System\\NoDispCPL - 0
policies\System\\NoVisualStyleChoice - 0
policies\System\\NoDispSettingsPage - 0
policies\System\\NoDispAppearancePage - 0
policies\System\\NoDispBackgroundPage - 0
policies\System\\DisableRegistryTools - 0

KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\CTFMON.EXE - C:\WINDOWS\system32\CTFMON.EXE

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\CTFMON.EXE - C:\WINDOWS\system32\CTFMON.EXE

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Associations -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\Run -
Policies\System -

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Associations -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\Run -
Policies\System -

< End of report >

mister
2007-02-16, 18:49
Logfile of HijackThis v1.99.1
Scan saved at 05:43, on 16-2-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Rawe
2007-02-16, 19:11
Please print these instructions out, or write them down, as you can't read them during the fix.

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Removeservice.bat. to your desktop.


@echo off
sc stop "MS Common Service"
sc delete "MS Common Service"
Double-click on Removeservice.bat. A window will pop up and close. This is normal.

-----

Please download AVG Anti-Spyware (http://www.ewido.net/en/download/) and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
If you aren't able to finish the update within AVG Anti-Spyware for a reason or another, you can install the manual updates here (http://www.ewido.net/en/download/updates/).

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-select "Only if threats were found"

Close AVG Anti-Spyware, DO NOT run a scan just yet, we will shortly.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware, reboot your system back into Normal Mode and post back with the AVG Anti-Spyware results. Also please describe your current issues with the PC :)

mister
2007-02-16, 20:33
i can''t not in safe mode, and i can also not shutdown, and i can't not make connection with the internet....available networks reflect cant make open....but i can now restore my system


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 07:09 16-2-2007

+ Scan result:



C:\Program Files\FORTUNE3 Wizard\uninst.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\backups\backup-20070209-002934-620.dll -> Adware.Webdir : Cleaned with backup (quarantined).
HKU\S-1-5-21-1905685116-2128479738-2390903456-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : Cleaned with backup (quarantined).
C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\BURN\Torque.Game.Builder.v1.1.1.WinALL.Cracked-BM\TorqueGameBuilder_111.exe -> Trojan.Agent.ye : Cleaned with backup (quarantined).


::Report end

Rawe
2007-02-16, 21:46
i can''t not in safe mode, and i can also not shutdown, and i can't not make connection with the internet....available networks reflect cant make open....but i can now restore my system
When did you notice these problems? Before posting your log or after?

Also, what does your Windows say when you try to open up in Safe Mode (have you tried using msconfig's /safeboot option instead of pushing f8 when rebooting)?

What happens when you try to shutdown? What kind of internet connection you have?

Have you tried booting with last known good config? Please, I need all the info :)

I can also ask for help with these -- they don't seem to be because of malware.

mister
2007-02-16, 22:37
i have this problem since my first post....i have laptop thosiba, and can not open antoher network so i can get wiresless internet....i cant in start not shutdown and also in taskmanger....i can laptop shutdown to this way logg off and then shutdown....and yes i have tried in msconfig safeboot/ and last know good config both not working...and i do safe mode come a blue screen and get laptop to reboot.... i have a free internet connection...but now not...
i hope you get engough info:)

Rawe
2007-02-17, 17:52
Btw, didn't notice this one yet,

please delete this file:

C:\Program Files\Internet Explorer\podosipil.html

Empty recycle bin.

----

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Fixit.reg to your desktop.


REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Now double-click on the Fixit.reg on your desktop and allow it to merge with registry by clicking YES on the prompt.

-----

I'll ask for help with your other issues :)

mister
2007-02-17, 21:12
yes it works, however, but other problem is that my Wireless Zero Configuration do not integrate .

Rawe
2007-02-17, 23:06
Hi again, :)

Please go to Start » Run » type in: regedit » OK.
On the leftside, click to highlight My Computer at the top.
Go up to File » Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click Save and then go to File » Exit.

This is so the registry can be restored to this point if we need it. It may take a minute.

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Edit.reg to your desktop.


REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=dword:00000000
"NoLogOff"=dword:00000000
"NoRun"=dword:00000000

Now double-click on the Edit.reg on your desktop and allow it to merge with registry by clicking YES on the prompt. (Now your shutdown, taskmanager, and log off should work again)

------

Next, please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Show.bat to your desktop.


if not exist Files MkDir Files

regedit /e peek1.txt "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Safeboot"
type peek1.txt >> info.txt

del peek*.txt
start notepad info.txt

Copy files\*.txt = info.txt
rmdir /s /q files
Start Notepad info.txt

Now double-click on the Show.bat on your desktop, and paste all the info here from your info.txt file on your desktop (it should also open up automatically). :)

mister
2007-02-18, 15:33
Hi I have done those show.bat... but came those info.txt it open up automatically ... but stand none a word... what mean that?..and can not see any connection

Rawe
2007-02-18, 15:50
That means you don't have the registry key you need, so we are going to add that. Then you can get to Safe Mode again :)

Download the attached Safeboot.zip file, unzip it to your desktop, double-click it and hit YES when it asks whether you want to merge it with the registry or not. Now, please reboot. You can go ahead and delete Safeboot.reg if you wish.

Now, please tell me, can you reboot your system into safe mode, can you shut it down/log off normally, and also, are you able to use Task Manager without problems? Is your only problem with the machine your internet issue right now?

mister
2007-02-18, 16:20
yes i can now shut down/log off my computer ... and i can go to me safemode.........my problem is now i have no conecting with internet

Rawe
2007-02-18, 16:31
Good! I mean, it's good we got everything else working ok :)

Next we are going to check on that internet issue.

Please go to Start -> Run and type in: Services.msc

Click "OK".

In the services window find service: Wireless Zero Configuration

Right-click and choose "Properties". On the "General" tab under "Service Status" -- let me know what it is. Is it stopped? Is it active? If it's not active, under Service Status, please click on Start. And then, under Startup Type in the dropdown menu choose "Automatic". Click Apply then OK and close the services utility. Try your Wireless connection again please.....

mister
2007-02-18, 17:40
I tryed but getting next wrong message: The Wireless Zero Configuration can't start Configuration-service-service on local computer. Wrong 1068: dependence service or - group cannot be started.

Thanks in advanced

Rawe
2007-02-18, 18:15
Ok lets see the following then...

Click Start -> Run and type in: services.msc

Click "OK".

In the services window find service: NDIS Usermode I/O Protocol

Right-click and choose "Properties". On the "General" tab under "Service Status" -- let me know what it is. Is it stopped? Is it active? If it's not active, under Service Status, please click on Start. And then, under Startup Type in the dropdown menu choose "Automatic". Click Apply then OK.

Now, can you please redo this step for this service and check if it's active or not, if it's not, set it: Remote Procedure Call (RPC)

Then when you have checked these please try starting Wireless Zero Configuration service again (again, the same steps). Let me know how it works out :)

mister
2007-02-18, 18:41
i can't find NDIS Usermode I/O Protocol in Services...and by Wireless Zero Configuration the status STOPPED

Rawe
2007-02-18, 18:57
What about the Remote Procedure Call? Is it active or stopped? If so, did you Start it?

Did you try activating (starting and setting startup type to automatic) the Wireless Zero Configuration service?

mister
2007-02-18, 20:37
yes i have started Remote Procedure Call.....


the Wireless Zero Configuration service type is automatic.....but he wan't started it......

Rawe
2007-02-18, 20:50
What do you mean? When you try to start Wireless Zero Configuration service, what does it say? Does it give you the same error as earlier?

Rawe
2007-02-18, 20:54
The same steps w/ images: http://www.ifelix.co.uk/tech/2007.html

You might also want to check if this is of any help.... http://support.microsoft.com/kb/313242

mister
2007-02-19, 19:24
tryed nothing worked...follow yours links...other way...?

Rawe
2007-02-19, 20:42
i can't find NDIS Usermode I/O Protocol in Services...
I'm thinking about this now.... Your Wireless Zero Configuration service is dependent on this service aswell, so you need it. Have you installed all your drivers and stuff for your Wireless?

I believe this is the driver that's needed for that NDIS service.... http://msdn2.microsoft.com/en-us/library/ms892537.aspx

I don't really know much about anything concerning this, sorry I can't be much of help.

mister
2007-02-20, 11:39
i will try...any other links also welcome...

Rawe
2007-02-26, 15:08
Anything new on this? :)

tashi
2007-03-03, 03:26
mister, any feedback?

tashi
2007-03-07, 07:17
Thank you Rawe. :)

mister, this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.