Author Topic: multiple problems including keyboard issues & browser hijack attempts  (Read 32959 times)

0 Members and 1 Guest are viewing this topic.

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #45 on: February 17, 2008, 10:54:25 PM »
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\: URLSearchHooks\\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\JUSearch\SearchEnh1.dll [URLSearchHook Class] -> United Online, Inc. [Ver = 2.1.03 | Size = 102472 bytes | Modified Date = 11/9/2004 3:36:29 AM | Attr =    ]
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\: ProxyOverride -> <local> ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5607 domain(s) found. ->
  .[msn] -> My Computer ->
126 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 57 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3524 domain(s) found. ->
131 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3524 domain(s) found. ->
131 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3525 domain(s) found. ->
131 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3525 domain(s) found. ->
131 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\] > -> HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5607 domain(s) found. ->
  .[msn] -> My Computer ->
126 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\] > -> HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 57 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Companion BHO] -> Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 292947 bytes | Modified Date = 9/29/2004 11:02:16 AM | Attr =    ]
{1C2E5D27-A17C-4D89-85DD-3553C189380D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\RABCO\RABCO.dll [Search Enhancer Class] -> Rabio [Ver = 1, 0, 0, 26 | Size = 414992 bytes | Modified Date = 1/30/2008 2:02:22 PM | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 12:04:00 AM | Attr =    ]
{601ED020-FB6C-11D3-87D8-0050DA59922B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Ipswitch\WS_FTP Home\wsbho2k0.dll [WsftpBrowserHelper Class] -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 [Ver = 9,0,1,0 | Size = 118839 bytes | Modified Date = 8/16/2004 1:51:22 PM | Attr =    ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #46 on: February 17, 2008, 10:55:48 PM »
Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\] > -> HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Juno\Toolbar.dll [JunoBar] ->  [Ver = 2, 0, 0, 1 | Size = 292336 bytes | Modified Date = 10/7/2005 1:41:09 AM | Attr =    ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 292947 bytes | Modified Date = 9/29/2004 11:02:16 AM | Attr =    ]
SITEguard [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar2.dll [&Google] -> File not found
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar2.dll [&Google] -> File not found
WebBrowser\\{5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Juno\Toolbar.dll [JunoBar] ->  [Ver = 2, 0, 0, 1 | Size = 292336 bytes | Modified Date = 10/7/2005 1:41:09 AM | Attr =    ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 292947 bytes | Modified Date = 9/29/2004 11:02:16 AM | Attr =    ]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\] > -> HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar2.dll [&Google] -> File not found
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar2.dll [&Google] -> File not found
WebBrowser\\{5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Juno\Toolbar.dll [JunoBar] ->  [Ver = 2, 0, 0, 1 | Size = 292336 bytes | Modified Date = 10/7/2005 1:41:09 AM | Attr =    ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 292947 bytes | Modified Date = 9/29/2004 11:02:16 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to AD Black List -> %ProgramFiles%\Avant Browser\AddToADBlackList.htm -> File not found
Block All Images from the Same Server -> %ProgramFiles%\Avant Browser\AddAllToADBlackList.htm -> File not found
Highlight -> %ProgramFiles%\Avant Browser\Highlight.htm -> File not found
Open All Links in This Page... -> %ProgramFiles%\Avant Browser\OpenAllLinks.htm -> File not found
Search -> %ProgramFiles%\Avant Browser\Search.htm -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\] > ->
HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\] > -> HKEY_USERS\S-1-5-21-142928211-1550766908-524529910-1006\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to AD Black List -> %ProgramFiles%\Avant Browser\AddToADBlackList.htm -> File not found
Block All Images from the Same Server -> %ProgramFiles%\Avant Browser\AddAllToADBlackList.htm -> File not found
Highlight -> %ProgramFiles%\Avant Browser\Highlight.htm -> File not found
Open All Links in This Page... -> %ProgramFiles%\Avant Browser\OpenAllLinks.htm -> File not found
Search -> %ProgramFiles%\Avant Browser\Search.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{485447B3-C4C0-4D36-944E-8F26FD15C124} ->    (1394 Net Adapter) ->
{57DC4F1F-B8DE-40C4-BFC2-C4432BB0DFC4} ->    (Intel(R) PRO/Wireless 2200BG Network Connection) ->
{69E25F5A-D790-4A00-8826-D43AF7C3A849} ->    (Sierra Wireless AirCard 555 Adapter) ->
{D1D59301-252D-4BCB-98E1-6D21C255368B} ->    (Intel(R) PRO/100 VE Network Connection) ->
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #47 on: February 17, 2008, 10:56:44 PM »
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found


[Files/Folders - Created Within 90 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 2/17/2008 3:45:33 PM | Attr =    ]
1 C:\*.tmp files -> C:\*.tmp ->
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 2/10/2008 2:49:57 AM | Attr =    ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2/10/2008 5:27:42 PM | Attr =    ]
aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 9:49:02 AM | Attr =    ]
aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Modified Date = 12/4/2007 9:56:02 AM | Attr =    ]
aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 9:55:46 AM | Attr =    ]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 9:53:39 AM | Attr =    ]
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 9:51:52 AM | Attr =    ]
cdr4_xp.sys -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 9336 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =    ]
cdralw2k.sys -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 9464 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =    ]
actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Modified Date = 1/9/2004 4:13:58 AM | Attr =    ]
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Modified Date = 12/4/2007 8:04:28 AM | Attr =    ]
AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Modified Date = 12/4/2007 7:54:04 AM | Attr =    ]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
grep.exe -> %SystemRoot%\System32\grep.exe ->  [Ver =  | Size = 80412 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
pxafs.dll -> %SystemRoot%\System32\pxafs.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 129784 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =    ]
pxcpya64.exe -> %SystemRoot%\System32\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.40a | Size = 64760 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =    ]
pxinsa64.exe -> %SystemRoot%\System32\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.56a | Size = 64760 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =    ]
pxsfs.dll -> %SystemRoot%\System32\pxsfs.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 1628920 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =    ]
sed.exe -> %SystemRoot%\System32\sed.exe ->  [Ver =  | Size = 98816 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
VFind.exe -> %SystemRoot%\System32\VFind.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
zip.exe -> %SystemRoot%\System32\zip.exe ->  [Ver =  | Size = 68096 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 1/30/2008 1:33:50 AM | Attr =  H ]
46 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/11/2008 12:42:43 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/11/2008 12:42:29 PM | Attr =  H ]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 2/17/2008 3:45:33 PM | Attr =    ]
1 C:\*.tmp files -> C:\*.tmp ->
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/10/2008 2:40:05 PM | Attr =    ]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 2/10/2008 2:49:57 AM | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/15/2008 10:31:25 PM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2/17/2008 4:23:27 AM | Attr =    ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2/10/2008 2:54:55 AM | Attr =  HS]

Meeme

  • Guest
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #48 on: February 17, 2008, 10:57:06 PM »
Code: [Select]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/10/2008 2:50:26 AM | Attr =  HS]
TEMP -> %SystemDrive%\TEMP ->  [Folder | Modified Date = 2/17/2008 4:17:54 AM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/17/2008 3:40:59 PM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/14/2008 3:58:30 PM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 2/14/2008 3:58:30 PM | Attr =    ]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/9/2008 4:34:50 PM | Attr =    ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/14/2008 9:07:53 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/9/2008 4:33:25 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/17/2008 3:45:34 PM | Attr =    ]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 1/30/2008 1:39:43 AM | Attr =    ]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2/10/2008 2:50:26 AM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 2/17/2008 3:45:39 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/30/2008 1:40:33 AM | Attr =    ]
46 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/17/2008 3:45:20 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/10/2008 2:54:55 AM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2/10/2008 5:28:05 PM | Attr =    ]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/30/2008 4:20:03 AM | Attr =    ]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 1/30/2008 1:35:56 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 1/30/2008 1:39:19 AM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 1/30/2008 1:40:43 AM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/9/2008 4:33:25 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/10/2008 2:40:05 PM | Attr =  HS]
machine.ver -> %SystemRoot%\machine.ver ->  [Ver =  | Size = 2838 bytes | Modified Date = 2/7/2008 11:34:51 AM | Attr =    ]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 1/30/2008 1:36:24 AM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/17/2008 4:27:31 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/11/2008 12:42:43 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/11/2008 12:42:29 PM | Attr =  H ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 1/20/2008 1:33:07 AM | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/8/2008 3:55:15 PM | Attr =    ]
swupdate.INI -> %SystemRoot%\swupdate.INI ->  [Ver =  | Size = 67 bytes | Modified Date = 2/7/2008 11:34:20 AM | Attr =    ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 2/5/2008 1:56:44 PM | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2/17/2008 4:21:48 AM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/17/2008 4:23:30 AM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/14/2008 3:55:00 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/17/2008 3:47:49 PM | Attr =    ]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 1/30/2008 1:36:41 AM | Attr =    ]
winamp.ini -> %SystemRoot%\winamp.ini ->  [Ver =  | Size = 1125 bytes | Modified Date = 1/20/2008 1:29:19 AM | Attr =    ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 1/20/2008 1:32:50 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/17/2008 3:45:28 PM | Attr =  H ]
WebReg 20040630191426.job -> %SystemRoot%\tasks\WebReg 20040630191426.job ->  [Ver =  | Size = 434 bytes | Modified Date = 2/14/2008 7:14:00 PM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 2/9/2008 4:31:05 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/9/2008 4:31:05 PM | Attr =    ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat ->  [Ver =  | Size = 1538 bytes | Modified Date = 11/5/2004 12:27:56 PM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8658 bytes | Modified Date = 6/14/2004 9:02:59 PM | Attr =    ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 5/31/2005 10:25:17 AM | Attr =    ]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat ->  [Ver =  | Size = 526924 bytes | Modified Date = 3/26/2006 12:37:04 PM | Attr =    ]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat ->  [Ver =  | Size = 526924 bytes | Modified Date = 3/26/2006 12:37:04 PM | Attr =    ]
SSUPDATE.EXE -> C:\Documents and Settings\Carrie\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr =    ]
4 C:\Documents and Settings\Carrie\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Carrie\Local Settings\Temp\*.tmp ->
Perflib_Perfdata_4fc.dat -> C:\Documents and Settings\Carrie\Local Settings\Temp\Perflib_Perfdata_4fc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/17/2008 3:45:34 PM | Attr =    ]
4 C:\Documents and Settings\Carrie\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Carrie\Local Settings\Temp\*.tmp ->
Perflib_Perfdata_660.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_660.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/17/2008 3:43:20 PM | Attr =    ]
Perflib_Perfdata_8b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8b8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/15/2008 10:32:24 PM | Attr =    ]
Perflib_Perfdata_93c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_93c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/17/2008 3:45:38 PM | Attr =    ]
Perflib_Perfdata_a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/15/2008 10:32:16 PM | Attr =    ]
Perflib_Perfdata_a8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/17/2008 3:45:28 PM | Attr =    ]

< End of report >

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #49 on: February 17, 2008, 11:00:03 PM »
Okay, I've got to go out for awhile and will go over thhe log then.

I found "Microsoft AntiSpyware" in the log. Is this what you saw? This one I believe is ok.

But we'll get rid of Rabco.

Go to add/remove programs and uninstall these if present.

Rabio
Cool
RABCO


You may want to look for WinWINAntispyware


Open HJT, run a system scan only, check mark these lines if present

O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe


Close all other browsers/windows, click fix, close HJT.



Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled.

Copy and paste all the text in the quote box below into Notepad.

Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.


Quote
File::
C:\Program Files\RABCO\RABCO.dll
C:\Program Files\RABCO\RABCOse.exe

Folder::
C:\Program Files\RABCO


This will start ComboFix again.Close  all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HJT log.



Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #50 on: February 17, 2008, 11:03:39 PM »
Hi oldman,

Consider the use of sdfix here as well, and what Ritchie performed here with a RABCO infestation:
http://www.bleepingcomputer.com/forums/index.php?s=1954ba93daa6a6d78b019da7ba89ac36&showuser=75975


polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #51 on: February 17, 2008, 11:19:50 PM »
Thanks pol, but that was a link to his profile. Got one for the thread?

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #52 on: February 17, 2008, 11:30:54 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: multiple problems including keyboard issues & browser hijack attempts
« Reply #53 on: February 19, 2008, 06:24:33 AM »
Sorry it took so long. How you doing?

Did you get the rabco done?


Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Quote
[Files/Folders - Created Within 90 days]
YY -> sed.exe -> %SystemRoot%\System32\sed.exe
NY -> 46 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 46 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
YY -> imsins.BAK -> %SystemRoot%\imsins.BAK
YY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
YY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> 4 C:\Documents and Settings\Carrie\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Carrie\Local Settings\Temp\*.tmp
NY -> 4 C:\Documents and Settings\Carrie\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Carrie\Local Settings\Temp\*.tmp
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .