Smitfraud-c et al - been 3 days...HELP PLEASE?

No, 4....

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Class Name: <NO CLASS>
Last Write Time: 26/11/2006 - 13:40
Value 0
Name: Debugger
Type: REG_SZ
Data: "C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C3HP1WMM\PROCESSEXPLORER[1]\PROCEXP.EXE"


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:30
Value 0
Name: DisableHeapLookAside
Type: REG_SZ
Data: 1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:30
Value 0
Name: DisableHeapLookAside
Type: REG_SZ
Data: 1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: CheckAppHelp
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:30
Value 0
Name: ApplicationGoo
Type: REG_BINARY
Data:
00000000 14 02 00 00 10 02 00 00 - 00 02 00 00 7c 03 34 00 ............|.4.
00000010 00 00 56 00 53 00 5f 00 - 56 00 45 00 52 00 53 00 ..V.S._.V.E.R.S.
00000020 49 00 4f 00 4e 00 5f 00 - 49 00 4e 00 46 00 4f 00 I.O.N._.I.N.F.O.
00000030 00 00 00 00 bd 04 ef fe - 00 00 01 00 00 00 01 00 ....½.ïþ........
00000040 09 00 26 00 00 00 01 00 - 09 00 26 00 3f 00 00 00 .&..... .&.?...
00000050 00 00 00 00 04 00 00 00 - 01 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 - dc 02 00 00 01 00 53 00 ........Ü.....S.
00000070 74 00 72 00 69 00 6e 00 - 67 00 46 00 69 00 6c 00 t.r.i.n.g.F.i.l.
00000080 65 00 49 00 6e 00 66 00 - 6f 00 00 00 b8 02 00 00 e.I.n.f.o...¸...
00000090 01 00 30 00 34 00 30 00 - 39 00 30 00 34 00 62 00 ..0.4.0.9.0.4.b.
000000a0 30 00 00 00 66 00 27 00 - 01 00 43 00 6f 00 6d 00 0...f.'...C.o.m.
000000b0 6d 00 65 00 6e 00 74 00 - 73 00 00 00 42 00 75 00 m.e.n.t.s...B.u.
000000c0 73 00 69 00 6e 00 65 00 - 73 00 73 00 20 00 49 00 s.i.n.e.s.s. .I.
000000d0 6e 00 74 00 65 00 6c 00 - 6c 00 69 00 67 00 65 00 n.t.e.l.l.i.g.e.
000000e0 6e 00 63 00 65 00 20 00 - 6f 00 6e 00 20 00 45 00 n.c.e. .o.n. .E.
000000f0 76 00 65 00 72 00 79 00 - 20 00 44 00 65 00 73 00 v.e.r.y. .D.e.s.
00000100 6b 00 74 00 6f 00 70 00 - 00 00 00 00 48 00 14 00 k.t.o.p.....H...
00000110 01 00 43 00 6f 00 6d 00 - 70 00 61 00 6e 00 79 00 ..C.o.m.p.a.n.y.
00000120 4e 00 61 00 6d 00 65 00 - 00 00 00 00 43 00 6f 00 N.a.m.e.....C.o.
00000130 67 00 6e 00 6f 00 73 00 - 20 00 49 00 6e 00 63 00 g.n.o.s. .I.n.c.
00000140 6f 00 72 00 70 00 6f 00 - 72 00 61 00 74 00 65 00 o.r.p.o.r.a.t.e.
00000150 64 00 00 00 60 00 1c 00 - 01 00 46 00 69 00 6c 00 d...`.....F.i.l.
00000160 65 00 44 00 65 00 73 00 - 63 00 72 00 69 00 70 00 e.D.e.s.c.r.i.p.
00000170 74 00 69 00 6f 00 6e 00 - 00 00 00 00 43 00 6f 00 t.i.o.n.....C.o.
00000180 67 00 6e 00 6f 00 73 00 - 20 00 47 00 65 00 6e 00 g.n.o.s. .G.e.n.
00000190 65 00 72 00 69 00 63 00 - 20 00 49 00 6e 00 73 00 e.r.i.c. .I.n.s.
000001a0 74 00 61 00 6c 00 6c 00 - 61 00 74 00 69 00 6f 00 t.a.l.l.a.t.i.o.
000001b0 6e 00 00 00 38 00 0c 00 - 01 00 46 00 69 00 6c 00 n...8.....F.i.l.
000001c0 65 00 56 00 65 00 72 00 - 73 00 69 00 6f 00 6e 00 e.V.e.r.s.i.o.n.
000001d0 00 00 00 00 31 00 2c 00 - 20 00 30 00 2c 00 20 00 ....1.,. .0.,. .
000001e0 33 00 38 00 2c 00 20 00 - 39 00 00 00 30 00 08 00 3.8.,. .9...0...
000001f0 01 00 49 00 6e 00 74 00 - 65 00 72 00 6e 00 61 00 ..I.n.t.e.r.n.a.
00000200 6c 00 4e 00 61 00 6d 00 - 65 00 00 00 01 00 00 00 l.N.a.m.e.......
00000210 00 00 00 00 ....


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: Debugger
Type: REG_SZ
Data: ntsd -d

Value 1
Name: GlobalFlag
Type: REG_SZ
Data: 0x000010F0


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
Class Name: <NO CLASS>
Last Write Time: 06/12/2005 - 00:25
Value 0
Name: ApplicationGoo
Type: REG_BINARY
Data:
00000000 14 02 00 00 10 02 00 00 - 00 02 00 00 a4 02 34 00 ............¤.4.
00000010 00 00 56 00 53 00 5f 00 - 56 00 45 00 52 00 53 00 ..V.S._.V.E.R.S.
00000020 49 00 4f 00 4e 00 5f 00 - 49 00 4e 00 46 00 4f 00 I.O.N._.I.N.F.O.
00000030 00 00 00 00 bd 04 ef fe - 00 00 01 00 00 00 01 00 ....½.ïþ........
00000040 01 00 00 00 00 00 01 00 - 01 00 00 00 3f 00 00 00 ............?...
00000050 00 00 00 00 01 00 01 00 - 01 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 - 04 02 00 00 01 00 53 00 ..............S.
00000070 74 00 72 00 69 00 6e 00 - 67 00 46 00 69 00 6c 00 t.r.i.n.g.F.i.l.
00000080 65 00 49 00 6e 00 66 00 - 6f 00 00 00 e0 01 00 00 e.I.n.f.o...à...
00000090 01 00 30 00 34 00 30 00 - 39 00 30 00 34 00 45 00 ..0.4.0.9.0.4.E.
000000a0 34 00 00 00 20 00 00 00 - 01 00 43 00 6f 00 6d 00 4... .....C.o.m.
000000b0 70 00 61 00 6e 00 79 00 - 4e 00 61 00 6d 00 65 00 p.a.n.y.N.a.m.e.
000000c0 00 00 00 00 58 00 18 00 - 01 00 46 00 69 00 6c 00 ....X.....F.i.l.
000000d0 65 00 44 00 65 00 73 00 - 63 00 72 00 69 00 70 00 e.D.e.s.c.r.i.p.
000000e0 74 00 69 00 6f 00 6e 00 - 00 00 00 00 49 00 4e 00 t.i.o.n.....I.N.
000000f0 53 00 54 00 41 00 4c 00 - 4c 00 20 00 4d 00 46 00 S.T.A.L.L. .M.F.
00000100 43 00 20 00 41 00 70 00 - 70 00 6c 00 69 00 63 00 C. .A.p.p.l.i.c.
00000110 61 00 74 00 69 00 6f 00 - 6e 00 00 00 30 00 08 00 a.t.i.o.n...0...
00000120 01 00 46 00 69 00 6c 00 - 65 00 56 00 65 00 72 00 ..F.i.l.e.V.e.r.
00000130 73 00 69 00 6f 00 6e 00 - 00 00 00 00 31 00 2e 00 s.i.o.n.....1...
00000140 30 00 2e 00 30 00 30 00 - 31 00 00 00 30 00 08 00 0...0.0.1...0...
00000150 01 00 49 00 6e 00 74 00 - 65 00 72 00 6e 00 61 00 ..I.n.t.e.r.n.a.
00000160 6c 00 4e 00 61 00 6d 00 - 65 00 00 00 49 00 4e 00 l.N.a.m.e...I.N.
00000170 53 00 54 00 41 00 4c 00 - 4c 00 00 00 24 00 00 00 S.T.A.L.L...$...
00000180 01 00 4c 00 65 00 67 00 - 61 00 6c 00 43 00 6f 00 ..L.e.g.a.l.C.o.
00000190 70 00 79 00 72 00 69 00 - 67 00 68 00 74 00 00 00 p.y.r.i.g.h.t...
000001a0 28 00 00 00 01 00 4c 00 - 65 00 67 00 61 00 6c 00 (.....L.e.g.a.l.
000001b0 54 00 72 00 61 00 64 00 - 65 00 6d 00 61 00 72 00 T.r.a.d.e.m.a.r.
000001c0 6b 00 73 00 00 00 00 00 - 40 00 0c 00 01 00 4f 00 k.s.....@.....O.
000001d0 72 00 69 00 67 00 69 00 - 6e 00 61 00 6c 00 46 00 r.i.g.i.n.a.l.F.
000001e0 69 00 6c 00 65 00 6e 00 - 61 00 6d 00 65 00 00 00 i.l.e.n.a.m.e...
000001f0 49 00 4e 00 53 00 54 00 - 41 00 4c 00 4c 00 2e 00 I.N.S.T.A.L.L...
00000200 45 00 58 00 45 00 00 00 - 30 00 08 00 08 00 00 00 E.X.E...0.......
00000210 00 00 00 00
 
Hi

That key what we tried to delete with reg files exists. Don't know why reg file failed.

Let's trythis:

Go to start -> run -> regedit -> ok

Browse to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

Right-click that key and choose delete

Reboot

Did it help?
 
kiitos hyvin!

;)

It's back! All fine now, thanks for getting to the bottom of this!

Could I just ask you one more question please? Digressing slightly, but still on this thread...?
Where is the line between having too much antivirus & malware software etc that slows your system, and not enough to keep you clear? I mean, lots of posts advise against having similar applications running together, but how much is too much?
I have Norton Protection Centre (with antivirus/spy plus firewall) I also have AVG 7.5 (although only trial). Is it worth buying AVG to run with Norton, and what about all the other free anti-* software you recommend in this thread? I run AdAware frequently, plus HJT and SpyBot - is this enough protection for me?
Thanking you again. : )
 
Hi

Just one firewall and antivirus active at the same time. AVG anti-spyware is ok with or without real-time protection.

If you already have purchased Norton then there's no need to uninstall it and install free av.

I'd add MVPS hosts file and spywareblaster to your protection, otherwise sounds good to me :)

And for that Process Explorer, you seemed to run it from temp folder which is always bad thing. Please always save all your downloads to permanent folder in the futute :)
 
Last edited:
siitä on paljon hyötyä, Kiitti!

:)

I have been reading about firewalls etc, and tried a recommended .exe called LeakTest which showed a vulnerability, and found Norton only blocks inbound, not outbound - is that a problem?

: )
 
Hi

Well, no firewall blocks everything. Failing in that test doesn't mean that Norton doesn't block any outbound traffic :)
 
Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.
 
You must log in or register to reply here.
Back
Top