Author Topic: multiple problems including keyboard issues & browser hijack attempts  (Read 33004 times)

0 Members and 1 Guest are viewing this topic.

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #30 on: February 15, 2008, 07:11:06 AM »
no improvement that is permanent ???

i was just about to post the virustotal results for one of the last files you wanted me to scan

File chtOna0119.exe received on 02.15.2008 06:55:55 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 15/32 (46.88%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 41 and 59 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:    
   
Antivirus    Version    Last Update    Result
AhnLab-V3   2008.2.15.11   2008.02.15   -
AntiVir   7.6.0.65   2008.02.14   -
Authentium   4.93.8   2008.02.15   -
Avast   4.7.1098.0   2008.02.14   Win32:Trojano-2873
AVG   7.5.0.516   2008.02.14   -
BitDefender   7.2   2008.02.15   Dropped:Trojan.Downloader.Small.BUY
CAT-QuickHeal   None   2008.02.14   -
ClamAV   0.92.1   2008.02.15   Trojan.Downloader-2966
DrWeb   4.44.0.09170   2008.02.14   Trojan.DownLoader.5013
eSafe   7.0.15.0   2008.02.14   Win32.Small.buy
eTrust-Vet   31.3.5538   2008.02.14   -
Ewido   4.0   2008.02.14   -
FileAdvisor   1   2008.02.15   -
Fortinet   3.14.0.0   2008.02.15   -
F-Prot   4.4.2.54   2008.02.14   -
F-Secure   6.70.13260.0   2008.02.15   W32/DLoader.MXM.dropper
Ikarus   T3.1.1.20   2008.02.15   Virus.Win32.AdWare
Kaspersky   7.0.0.125   2008.02.15   Trojan-Downloader.Win32.Small.buy
McAfee   5230   2008.02.14   -
Microsoft   1.3204   2008.02.14   Adware:Win32/iSearch.Toolbar
NOD32v2   2877   2008.02.15   Win32/TrojanDownloader.Small.BUY
Norman   5.80.02   2008.02.14   W32/DLoader.MXM.dropper
Panda   9.0.0.4   2008.02.14   Spyware/7r7t
Prevx1   V2   2008.02.15   -
Rising   20.31.30.00   2008.02.14   Trojan.DL.Adservs
Sophos   4.26.0   2008.02.15   CommAd Installer
Sunbelt   2.2.907.0   2008.02.14   -
Symantec   10   2008.02.15   -
TheHacker   6.2.9.220   2008.02.14   -
VBA32   3.12.6.1   2008.02.14   Trojan.Win32.TrojanDownloader.Small.BUY
VirusBuster   4.3.26:9   2008.02.14   -
Webwasher-Gateway   6.6.2   2008.02.14   -
Additional information
File size: 483406 bytes
MD5: c5af7b9231d95f5f6ac82c5bcc0a8174
SHA1: 3151851405fc4662a764a3e003a69fabd7196012
PEiD: -
packers: UPX
packers: UPX, PE_Patch.Upolyx, PE_Patch.UPX, UPX
norman sandbox: [ General information ]<br /> * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.<br /> * File length: 483406 bytes.<br /><br /> [ Changes to filesystem ]<br /> * Creates directory C:\WINDOWS\TEMP\.<br /> * Creates file C:\WINDOWS\TEMP\nsr8999.tmp.<br /> * Deletes file C:\WINDOWS\TEMP\nsr8999.tmp.<br /> * Creates directory C:\WINDOWS\SYSTEM32\ac1.<br /> * Creates file C:\WINDOWS\SYSTEM32\ac1\tliamdll2.exe.<br /> * Creates directory C:\WINDOWS\SYSTEM32\vb6.<br /> * Creates file C:\WINDOWS\SYSTEM32\vb6\dromdrv3.exe.<br /><br /> [ Signature Scanning ]<br /> * C:\WINDOWS\SYSTEM32\ac1\tliamdll2.exe (25105 bytes) : W32/DLoader.MXM.<br /><br />

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #31 on: February 15, 2008, 09:17:09 AM »
Some improvement from time to time? I'm going to research that catchme fella. It's just wierd the way it disappeared.

Seeing that you have Avenger we will feed that last file to it.

Quote
Files to delete:
C:\TEMP\chtOna0119.exe


Just let me know what the results where. Finish up the previous items then we will look deeper.

Download WinPFind35u.exe  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
      Reg - BotCheck

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the log. I will review it when it comes in.




Make the settings look like this except set the time to 60 Days and include the additional scans as indicated above.


http://forum.avast.com/index.php?topic=31261.msg260811#msg260811


Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #32 on: February 17, 2008, 10:47:43 AM »
I was able to paste "CFscript.txt"  into Combofix.  Also, as you can see, I could also attach the Combofix log, this time :)

I'm a bit foggy about what to do next...forgive me, my husband and kids are both sick and I have had about an hour of sleep in the last 36 hours.  Perhaps I should go to bed and try to pick it up again tomorrow.

I can't begin to tell you how much I appreciate your help.


Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #33 on: February 17, 2008, 11:20:03 AM »
Yeah, tell me about the bugs, been fighting it for months now.

Getting more functunality out of your omputer has to be a good sign.

You're almost caught up, pick up at this point with the avenger script, then do the WinPFind35u

click this link, it will take you there.

http://forum.avast.com/index.php?topic=33048.msg278062#msg278062

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #34 on: February 17, 2008, 09:53:29 PM »
Here is the log for Avenger
When I opened the computer again this morning it is back to business as usual
However when Avenger tried to restart my computer a window popped up in the lower right hand corner that said some process or other wanted to reboot the computer and there were two check boxes
one to allow and one to override

The name of the program was WINAntispyware which is the original troublemaker I thought Avast had gotten rid of months ago

Anyway here is the avenger log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vjocxwib

*******************


Fatal error:  integrity of Services key failed verification check!  Security may be fatally compromised.  Exiting immediately.

Could not open script file!  Status: 0xc0000034  Abort!

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #35 on: February 17, 2008, 10:07:31 PM »
When you said "business as usual" was that in a good way?

I can't find the file we gave to Avenger, so I think it got it.

What do you know about this program?

RABCO

Go ahead with the WinPFind35u


I didn't see any thing in your last log about WINAntispyware

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #36 on: February 17, 2008, 10:24:23 PM »
Sorry by business as usual I meant that all of the usual problems are back
I did not post anything about WINAntispyware because it has been gone for months
It is malware (a fake virus removal program) and it does not seem to show up in any log
Is it possible that I have virus remnants causing these problems?
I do not know what RABCO is

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #37 on: February 17, 2008, 10:36:05 PM »
here is the log for winpfind:

Code: [Select]
WinPFind35 logfile created on: 2/17/2008 4:28:24 PM
WinPFind35U Version Beta52     Folder = C:\Documents and Settings\Carrie\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.92 Mb Total Physical Memory | 180.41 Mb Available Physical Memory | 35.31% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.74% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 35.40 Gb Free Space | 63.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CARRIE
Current User Name: Carrie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
s24evmon.exe -> %SystemRoot%\system32\S24EvMon.exe -> Intel Corporation  [Ver = 8, 0, 0, 161 | Size = 311363 bytes | Modified Date = 12/16/2003 6:42:32 PM | Attr =    ]
zcfgsvc.exe -> %SystemRoot%\system32\ZCfgSvc.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 376832 bytes | Modified Date = 12/16/2003 6:47:42 PM | Attr =    ]
1xconfig.exe -> %SystemRoot%\system32\1XConfig.exe -> Intel [Ver = 8, 0, 0, 161 | Size = 184320 bytes | Modified Date = 12/16/2003 6:43:06 PM | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =    ]
00thotkey.exe -> %SystemRoot%\system32\00THotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 4/15/2003 11:01:28 PM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 2/6/2004 7:31:44 PM | Attr =    ]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 4/18/2003 2:20:10 PM | Attr =    ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 5/30/2003 10:25:02 PM | Attr =    ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 5/30/2003 10:23:14 PM | Attr =    ]
touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 9:00:06 PM | Attr =    ]
tfnf5.exe -> %SystemRoot%\system32\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 2, 0, 0 | Size = 73728 bytes | Modified Date = 7/18/2003 8:41:26 PM | Attr =    ]
ezsp_px.exe -> %SystemRoot%\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 1:29:26 PM | Attr =    ]
pinger.exe -> %SystemDrive%\TOSHIBA\Ivp\ISM\pinger.exe -> TOSHIBA Corporation [Ver = 3.3 | Size = 159744 bytes | Modified Date = 10/20/2003 11:39:26 AM | Attr =    ]
bsclip.exe -> %ProgramFiles%\B's CLiP\Win2K\BsCLiP.exe ->  [Ver =  | Size = 1409024 bytes | Modified Date = 2/4/2004 8:43:00 AM | Attr =    ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Modified Date = 12/2/2003 8:05:54 PM | Attr =    ]
network adapter manager.exe -> %ProgramFiles%\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe -> Sierra Wireless Inc. [Ver = 2, 5, 11, 1 | Size = 163840 bytes | Modified Date = 10/9/2003 4:20:32 PM | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 8/18/2004 9:34:48 AM | Attr =    ]
picasamediadetector.exe -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe ->  [Ver =  | Size = 135168 bytes | Modified Date = 2/4/2005 6:32:51 PM | Attr =    ]
stacmon.exe -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 8/3/2003 7:01:14 PM | Attr =    ]
tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.01.01 | Size = 102400 bytes | Modified Date = 8/18/2003 12:51:02 PM | Attr =    ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =    ]
dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 4:38:26 PM | Attr =    ]
toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 6:24:46 AM | Attr =    ]
tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 0 | Size = 45056 bytes | Modified Date = 9/25/2003 1:19:10 PM | Attr =    ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 77824 bytes | Modified Date = 9/24/2003 9:00:00 PM | Attr =    ]
regsrvc.exe -> %SystemRoot%\system32\RegSrvc.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 122880 bytes | Modified Date = 12/16/2003 6:41:40 PM | Attr =    ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =    ]
swupdtmr.exe -> %SystemDrive%\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 10/21/2003 1:26:14 PM | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =    ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/16/2008 1:03:26 PM | Attr =    ]

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #38 on: February 17, 2008, 10:41:05 PM »
[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =    ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Modified Date = 12/2/2003 8:05:54 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =    ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 4:38:26 PM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 6/2/2007 7:46:15 PM | Attr =    ]
(iPodService) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.6.0.15 | Size = 401408 bytes | Modified Date = 6/4/2004 11:37:56 AM | Attr =    ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe ->  [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 9/23/2007 11:38:12 PM | Attr =    ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 77824 bytes | Modified Date = 9/24/2003 9:00:00 PM | Attr =    ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\hpzipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 8/11/2003 3:07:38 AM | Attr =    ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %SystemRoot%\system32\RegSrvc.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 122880 bytes | Modified Date = 12/16/2003 6:41:40 PM | Attr =    ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\S24EvMon.exe -> Intel Corporation  [Ver = 8, 0, 0, 161 | Size = 311363 bytes | Modified Date = 12/16/2003 6:42:32 PM | Attr =    ]
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 10/21/2003 1:26:14 PM | Attr =    ]


Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #39 on: February 17, 2008, 10:43:48 PM »
part three:
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
000StTHK -> %SystemRoot%\system32\000StTHK.exe ->  [Ver =  | Size = 24576 bytes | Modified Date = 6/23/2001 11:28:06 PM | Attr =    ]
00THotkey -> %SystemRoot%\system32\00THotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 4/15/2003 11:01:28 PM | Attr =    ]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 4/18/2003 2:20:10 PM | Attr =    ]
AirCardEnabler -> %ProgramFiles%\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe -> Sierra Wireless Inc. [Ver = 2, 5, 11, 1 | Size = 163840 bytes | Modified Date = 10/9/2003 4:20:32 PM | Attr =    ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =    ]
B'sCLiP -> %ProgramFiles%\B's CLiP\Win2K\BsCLiP.exe ->  [Ver =  | Size = 1409024 bytes | Modified Date = 2/4/2004 8:43:00 AM | Attr =    ]
ezShieldProtector for Px -> %SystemRoot%\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 1:29:26 PM | Attr =    ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 4861952 bytes | Modified Date = 9/24/2003 9:00:00 PM | Attr =    ]
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe ->  [Ver =  | Size = 135168 bytes | Modified Date = 2/4/2005 6:32:51 PM | Attr =    ]
Pinger -> %SystemDrive%\TOSHIBA\Ivp\ISM\pinger.exe -> TOSHIBA Corporation [Ver = 3.3 | Size = 159744 bytes | Modified Date = 10/20/2003 11:39:26 AM | Attr =    ]
PRONoMgr.exe -> %ProgramFiles%\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe -> Intel(R) Corporation [Ver = 6.1.304.0 | Size = 86016 bytes | Modified Date = 12/10/2003 4:36:16 AM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 8/18/2004 9:34:48 AM | Attr =    ]
SigmaTel StacMon -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 8/3/2003 7:01:14 PM | Attr =    ]
SpyBlocker -> %ProgramFiles%\SpyBlocker Software\spyblocker.exe -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 2/6/2004 7:31:44 PM | Attr =    ]

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #40 on: February 17, 2008, 10:46:18 PM »
part four:

SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 5/30/2003 10:23:14 PM | Attr =    ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 5/30/2003 10:25:02 PM | Attr =    ]
TFncKy -> TFncKy.exe -> File not found
TFNF5 -> %SystemRoot%\system32\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 2, 0, 0 | Size = 73728 bytes | Modified Date = 7/18/2003 8:41:26 PM | Attr =    ]
TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 9:00:06 PM | Attr =    ]
TPSMain -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 9/25/2003 1:19:40 PM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =    ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> File not found
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 6:24:46 AM | Attr =    ]
< Run [HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\] > -> HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =    ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> File not found
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 6:24:46 AM | Attr =    ]

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #41 on: February 17, 2008, 10:47:08 PM »
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 98304 bytes | Modified Date = 5/19/2000 12:03:18 AM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =    ]
 -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\j2 DllCmd 4.0.lnk -> %ProgramFiles%\j2 Messenger 4.0\J2GDllCmd.exe -> j2 Global Communications, Inc. [Ver = 4.0.134.0 | Size = 107008 bytes | Modified Date = 6/23/2005 5:51:58 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\j2 Live Menu 3.2.lnk -> %ProgramFiles%\j2 Messenger 3.2\J2GDllCmd.exe -> j2 Global Communications, Inc. [Ver = 3.2.0.3 | Size = 17408 bytes | Modified Date = 6/10/2004 1:39:44 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\j2 Tray Menu 3.2.lnk -> %ProgramFiles%\j2 Messenger 3.2\J2GTray.exe -> j2 Global Communications, Inc. [Ver = 3.2.0.3 | Size = 39936 bytes | Modified Date = 6/10/2004 1:38:26 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\j2 Tray Menu 4.0.lnk -> %ProgramFiles%\j2 Messenger 4.0\J2GTray.exe -> j2 Global Communications, Inc. [Ver = 4.0.134.0 | Size = 500224 bytes | Modified Date = 6/23/2005 5:53:42 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 3/14/2003 2:38:12 PM | Attr =    ]
< Carrie Startup Folder > -> C:\Documents and Settings\Carrie\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\RABCO - Auto Update.lnk -> %ProgramFiles%\RABCO\RABCOse.exe -> Rabio [Ver = 1, 0, 0, 26 | Size = 183216 bytes | Modified Date = 1/30/2008 4:19:42 PM | Attr =    ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #42 on: February 17, 2008, 10:47:52 PM »
< ICQ Agent [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ ->
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006] > -> HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =    ]
Sebring -> %SystemRoot%\system32\LgNotify.dll -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 110592 bytes | Modified Date = 12/16/2003 6:49:34 PM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #43 on: February 17, 2008, 10:48:28 PM »
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006] > -> HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #44 on: February 17, 2008, 10:53:34 PM »
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\JUSearch\SearchEnh1.dll [URLSearchHook Class] -> United Online, Inc. [Ver = 2.1.03 | Size = 102472 bytes | Modified Date = 11/9/2004 3:36:29 AM | Attr =    ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> <local> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.toshiba.com/search ->
HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://www.toshiba.com ->
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.toshiba.com/search ->
HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://www.toshiba.com ->
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\] > -> ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->