• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
arion

ABOUT:BLANK

22 posts in this topic

I used spybot search & destroy, and its up to date. Spybot cleared everything its able to do. Then I used CWShredder and it removed this other problem i was having. But this morning when i clicked on internet explorer to surf the internet. Now my homepage was getting redirecting to about:blank. CWShredder removes CWS.SEARCH but it returns every time. Now i used HijackThis, but im hoping the experts can tell me what I can safely remove. Thank you for your help.

 

Logfile of HijackThis v1.97.7

Scan saved at 8:24:06 AM, on 12/27/2003

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\ccPxySvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\mIRC\mirc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe

C:\Documents and Settings\Mike.JOHNMIKE\My Documents\clip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: (no name) - {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [buildBU] c:\dell\bldbubg.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msiets.dll//iemenu

O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7571.6412037037

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

Share this post


Link to post
Share on other sites

In hijackthis fix checked:

 

*R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

*O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

*O3 - Toolbar: (no name) - {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} - (no file)

*O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msiets.dll//iemenu

 

Restart computer, find and delete the 'MSIETS' folder

In \Program Files\Common Files\ subfolder.

 

When done, Go here:

http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm

Download:

-'Find-All.zip'

-'Salamand.Zip'

 

Download, install and run:

Registrar Lite

 

First,

Run reglite, copy and paste this key to the

address bar, hit 'go' tab:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

DoubleClick on 'AppInit_Dlls' value on the

right side, copy and paste here the following fields:

-Size

-Value

 

Next, *UNzip the 'Find-All' folder.

DoubleClick on the 'Find-All.bat' file inside.

Follow instructions and post the log!

Share this post


Link to post
Share on other sites

--==***@@@ 'FIND-ALL' VERSION 6 -5/21 @@@***==--

 

 

Sun Dec 28 13:11:13 2003 -- Results:

*System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (18A3:F328) - FS:NTFS clusters:4k

Total: 79 990 845 440 [74G] - Free: 4 030 664 704 [3.8G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q837009;Q832894;

 

*Google Toolbar version and Attributes:

Defaults: "A" ;"R"

Path not found - C:\Program Files\google

Path not found - C:\Program Files\google

 

*UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

*Wmplayer version:

9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe

6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

 

*M$Java version:

5.0.3810.0 C:\WINDOWS\System32\msjava.dll

 

 

*PC uptime:

1:11pm up 0 days, 0:57

 

*Locked or 'Suspect' file(s) found...

\\?\C:\WINDOWS\System32\WDMB.DLL +++ File read error

\\?\C:\WINDOWS\System32\WDMB.DLL +++ File read error

 

 

*Tasks (services):

0 System Process

4 System

508 smss.exe

564 CSRSS.EXE Title:

588 winlogon.exe Title: NetDDE Agent

648 SERVICES.EXE Svcs: Eventlog,PlugPlay

660 lsass.exe Svcs: PolicyAgent,ProtectedStorage,SamSs

860 SVCHOST.EXE Svcs: RpcSs

924 SVCHOST.EXE Svcs: AudioSrv,Browser,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,

elpsvc,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasMan,Schedule,seclo

on,SENS,SharedAccess,ShellHWDetection,srservice,TapiSrv,TermService,Themes,TrkWk

,uploadmgr,w

1112 SVCHOST.EXE Svcs: Dnscache

1132 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient

1540 SPOOLSV.EXE Svcs: Spooler

1652 alg.exe Svcs: ALG

1680 ccEvtMgr.exe Svcs: ccEvtMgr

1708 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access

1772 Navapsvc.exe Svcs: navapsvc

1868 NISUM.EXE Svcs: NISUM

1964 nvsvc32.exe Svcs: NVSvc

232 snmp.exe Svcs: SNMP

272 SVCHOST.EXE Svcs: stisvc

548 CCPXYSVC.EXE Svcs: ccPxySvc

268 devldr32.exe Title: DEVLDR

692 explorer.exe Title: Program Manager

1000 LVComS.exe Title: LVComSWnd

2040 ccApp.exe Title:

1344 BCMSMMSG.exe Title: BCM V.92 56K Modem Monitor

2840 iexplore.exe Title: SWI Forums -> ABOUT:BLANK - Microsoft Internet Explorer

3672 YPager.exe Title:

948 rl.exe Title: Registrar

2920 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe

1228 ntvdm.exe

1816 msmsgs.exe Title:

2684 tlist.exe

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"AppInit_DLLs -Size -Value"="C:\\WINDOWS\\System32\\wdmb.dll"

"AppInit_DLLs"=""

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDF882E4-A1DA-40BF-A7B3-7FAD37C00BEA}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]

"CLSID"="{60D4CB08-4CD8-45D2-8D86-0A1988EEA865}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]

"CLSID"="{60D4CB08-4CD8-45D2-8D86-0A1988EEA865}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

*Security settings for 'Windows' key:

 

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_Dlls REG_SZ

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

*ACLs list for *.* in 'junk' folder: (if exist)

 

Error: Cannot open file [C:\junk\*.*]

 

Sun Dec 28 13:11:18 2003 -- *Find-All 'Windows'.hiv list:

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\winBackup.hiv

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\windows.txt

A C:\FindallwinBackup.hiv

Share this post


Link to post
Share on other sites

Follow the reglite steps per my previous post.

 

Paste the same key to the address bar,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

 

-Rename the Folder Windows

to NotWindows highlighted as a purple folder

in the left hand pane of reglite.

 

-DoubleClick "AppInit_DLLs" value on the right pane,

and clear the data value:

C:\WINDOWS\System32\WDMB.DLL -< delete this line ,

'Apply' and 'ok' to set.

 

-Rename the NotWindows folder back to its

original name Windows

 

-Restart computer

 

-Search for this file:

C:\WINDOWS\System32\WDMB.DLL <

Try to delete it, expect to get access denied! (for now)

 

-Run 'Find-All.bat' again and post the log.

Share this post


Link to post
Share on other sites

THANKS FOR YOUR HELP

 

--==***@@@ 'FIND-ALL' VERSION 6 -5/21 @@@***==--

 

 

Mon Dec 29 02:56:16 2003 -- Results:

*System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (18A3:F328) - FS:NTFS clusters:4k

Total: 79 990 845 440 [74G] - Free: 4 030 533 632 [3.8G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q837009;Q832894;

 

*Google Toolbar version and Attributes:

Defaults: "A" ;"R"

Path not found - C:\Program Files\google

Path not found - C:\Program Files\google

 

*UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

*Wmplayer version:

9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe

6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

 

*M$Java version:

5.0.3810.0 C:\WINDOWS\System32\msjava.dll

 

 

*PC uptime:

2:56am up 0 days, 0:04

 

*Locked or 'Suspect' file(s) found...

\\?\C:\WINDOWS\System32\WDMB.DLL +++ File read error

\\?\C:\WINDOWS\System32\WDMB.DLL +++ File read error

 

 

*Tasks (services):

0 System Process

4 System

508 smss.exe

564 CSRSS.EXE Title:

588 winlogon.exe Title: NetDDE Agent

632 SERVICES.EXE Svcs: Eventlog,PlugPlay

644 lsass.exe Svcs: PolicyAgent,ProtectedStorage,SamSs

816 SVCHOST.EXE Svcs: RpcSs

872 SVCHOST.EXE Svcs: AudioSrv,Browser,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,

elpsvc,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasMan,Schedule,seclo

on,SENS,SharedAccess,ShellHWDetection,srservice,TapiSrv,TermService,Themes,TrkWk

,uploadmgr,w

1032 SVCHOST.EXE Svcs: Dnscache

1060 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient

1184 SPOOLSV.EXE Svcs: Spooler

1520 alg.exe Svcs: ALG

1532 ccEvtMgr.exe Svcs: ccEvtMgr

1552 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access

1588 Navapsvc.exe Svcs: navapsvc

1616 NISUM.EXE Svcs: NISUM

1728 nvsvc32.exe Svcs: NVSvc

1812 snmp.exe Svcs: SNMP

1844 SVCHOST.EXE Svcs: stisvc

416 CCPXYSVC.EXE Svcs: ccPxySvc

1040 explorer.exe Title: Program Manager

1400 devldr32.exe Title: DEVLDR

1420 LVComS.exe Title: LVComSWnd

1460 ccApp.exe Title: Norton AntiVirus

1684 BCMSMMSG.exe Title: BCM V.92 56K Modem Monitor

2540 msmsgs.exe Title:

2808 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe

2840 ntvdm.exe

2980 tlist.exe

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"AppInit_DLLs -Size -Value"="C:\\WINDOWS\\System32\\wdmb.dll"

"AppInit_DLLs"=""

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E1D1FB1-3A19-4993-85BB-FB98C0C26803}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]

"CLSID"="{D9691070-DE69-447F-931D-6F5951336021}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]

"CLSID"="{D9691070-DE69-447F-931D-6F5951336021}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

*Security settings for 'Windows' key:

 

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_Dlls REG_SZ

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-NI) ALLOW Full access JOHNMIKE\Mike

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

Full access JOHNMIKE\Mike

 

 

*ACLs list for *.* in 'junk' folder: (if exist)

 

Error: Cannot open file [C:\junk\*.*]

 

Mon Dec 29 02:56:18 2003 -- *Find-All 'Windows'.hiv list:

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\winBackup.hiv

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\windows.txt

A C:\FindallwinBackup.hiv

Share this post


Link to post
Share on other sites

--==***@@@ 'FIND-ALL' VERSION 6 -5/21 @@@***==--

 

 

Mon Dec 29 02:56:16 2003 -- Results:

*System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (18A3:F328) - FS:NTFS clusters:4k

Total: 79 990 845 440 [74G] - Free: 4 030 533 632 [3.8G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q837009;Q832894;

 

*Google Toolbar version and Attributes:

Defaults: "A" ;"R"

Path not found - C:\Program Files\google

Path not found - C:\Program Files\google

 

*UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

*Wmplayer version:

9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe

6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

 

*M$Java version:

5.0.3810.0 C:\WINDOWS\System32\msjava.dll

 

 

*PC uptime:

2:56am up 0 days, 0:04

 

*Locked or 'Suspect' file(s) found...

\\?\C:\WINDOWS\System32\WDMB.DLL +++ File read error

\\?\C:\WINDOWS\System32\WDMB.DLL +++ File read error

 

 

*Tasks (services):

0 System Process

4 System

508 smss.exe

564 CSRSS.EXE Title:

588 winlogon.exe Title: NetDDE Agent

632 SERVICES.EXE Svcs: Eventlog,PlugPlay

644 lsass.exe Svcs: PolicyAgent,ProtectedStorage,SamSs

816 SVCHOST.EXE Svcs: RpcSs

872 SVCHOST.EXE Svcs: AudioSrv,Browser,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,

elpsvc,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasMan,Schedule,seclo

on,SENS,SharedAccess,ShellHWDetection,srservice,TapiSrv,TermService,Themes,TrkWk

,uploadmgr,w

1032 SVCHOST.EXE Svcs: Dnscache

1060 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient

1184 SPOOLSV.EXE Svcs: Spooler

1520 alg.exe Svcs: ALG

1532 ccEvtMgr.exe Svcs: ccEvtMgr

1552 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access

1588 Navapsvc.exe Svcs: navapsvc

1616 NISUM.EXE Svcs: NISUM

1728 nvsvc32.exe Svcs: NVSvc

1812 snmp.exe Svcs: SNMP

1844 SVCHOST.EXE Svcs: stisvc

416 CCPXYSVC.EXE Svcs: ccPxySvc

1040 explorer.exe Title: Program Manager

1400 devldr32.exe Title: DEVLDR

1420 LVComS.exe Title: LVComSWnd

1460 ccApp.exe Title: Norton AntiVirus

1684 BCMSMMSG.exe Title: BCM V.92 56K Modem Monitor

2540 msmsgs.exe Title:

2808 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe

2840 ntvdm.exe

2980 tlist.exe

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"AppInit_DLLs -Size -Value"="C:\\WINDOWS\\System32\\wdmb.dll"

"AppInit_DLLs"=""

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E1D1FB1-3A19-4993-85BB-FB98C0C26803}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]

"CLSID"="{D9691070-DE69-447F-931D-6F5951336021}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]

"CLSID"="{D9691070-DE69-447F-931D-6F5951336021}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

*Security settings for 'Windows' key:

 

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_Dlls REG_SZ

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-NI) ALLOW Full access JOHNMIKE\Mike

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

Full access JOHNMIKE\Mike

 

 

*ACLs list for *.* in 'junk' folder: (if exist)

 

Error: Cannot open file [C:\junk\*.*]

 

Mon Dec 29 02:56:18 2003 -- *Find-All 'Windows'.hiv list:

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\winBackup.hiv

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\windows.txt

A C:\FindallwinBackup.hiv

Share this post


Link to post
Share on other sites

First, Download the 'Find-All' package again. I changed something.

Be sure to unzip it first!

 

Next,

Open the subfolder "Tools" inside Find-All folder.

DoubleClick (once) on the "Xfix.bat" file inside.

Nothing would appear to happen but it should

create a folder (junk) in your root drive,

&restore/clean registry keys.

 

Navigate to System32, find: WDMB.DLL, hilite

and use the folder's top menu

option : "edit-> move to folder..."

Browse to and select: C:\junk folder.

'ok' it.

Re-run Find-All.bat and post fresh output!

Share this post


Link to post
Share on other sites

I have several problems. When I click on xfix.bat file it states error: access is denied, and it didn't create a folder named junk. Now I can't find wdmb.dll.

Share this post


Link to post
Share on other sites

I checked again and I do have a folder under c:junk. The folder is empty. The problem now is I can't find WDMB.DLL I used the search option to search my whole C drive, but I was unable to find WDMB.DLL.

Share this post


Link to post
Share on other sites

Ok, repeat the reglite steps and check whether

the data you had to delete is back in the same key.

Post back which size and value

are listed in the data editor for 'AppInit_DLLs'.

 

Delete the 'Find-All' folder and

download the newer version from here:

http://freeatlast.100free.com/Find-All.zip

 

Unzip, DoubleClick on the 'Find-All.cmd' file and

post the ouput when done!

 

I,m not sure you actually performed the steps as decribed:

 

"AppInit_DLLs -Size -Value"="C:\\WINDOWS\\System32\\wdmb.dll"

"AppInit_DLLs"=""

 

Means you didn't rename the Windows, but the AppInit value, instead.

I suggest you scroll back , re-read the steps and repeat.

Post the find-all log when done.

Share this post


Link to post
Share on other sites

Do this:

-Run reglite

 

Paste the same key to the address bar,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

 

-Rename the Folder Windows

to NotWindows highlighted as a purple folder

in the left hand pane of reglite.

 

You RightClick in order to rename!

 

On the Right pane, find both of these:

*-"AppInit_DLLs -Size -Value"="

*-"AppInit_DLLs"=""

 

RightClick on each of the values above

and select "delete" from reglite's

context menu!

 

-Rename the NotWindows folder back to its

original name Windows

 

-Restart computer

 

-Check in reglite again, in the same key

that no 'AppInit_Dlls' entry is listed.

 

Run "Find-All.cmd" and post the log!

Share this post


Link to post
Share on other sites

I can delete AppInit_DLLs -Size -Value but i cant delete AppInit_DLLs. Man this is taking for ever. Thanks for still helping me freeatlast. Im hoping to be freeatlast of this problem. lol

Share this post


Link to post
Share on other sites

Since you're still around we'd have to start all over.

 

Download the latest 'Find-All' package again here:

 

http://freeatlast.100free.com/Find-All.zip

 

Unzip, DoubleClick on the "Find-All.CMD" file and post the log.

 

EDIT:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

  --==***@@@ 'FIND-ALL' VERSION 6 -5/21 @@@***==--

 

 

Mon **Dec 29 02:56:16 2003 -- Results:

*System Info:

 

Considering your PC clock is wrong, I'm not sure what can be done!

This was the date listed on your last log!

And the same date in hijackthis log!

 

If that's some special *patch, get rid of it and

restore normal windows routines, if you really

want to resolve other problems.

Edited by freeatlast

Share this post


Link to post
Share on other sites

Wow!!! Thats cool how you noticed the date and time. LOL Well regarding the time. I think my battery is dying. It keeps losing time even after I've set it several times. I think the reason my computer got infected was because I let other people get on. Im glad you're still helping me, too. thanks Thats scary stuff how the logs reveals everything. lol

 

--==***@@@ 'FIND-ALL' VERSION 7.5 -5/26 @@@***==--

 

 

Tue May 25 12:46:07 2004 -- ++Results:

»»System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (18A3:F328) - FS:NTFS clusters:4k

Total: 79 990 845 440 [74G] - Free: 3 816 722 432 [3.6G]

 

 

»»IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q837009;Q832894;Q831167;

 

»»Google Toolbar version and Attributes:

Defaults: "A" ;"R"

 

»»UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

»»Wmplayer version:

9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe

6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

 

»»M$Java version:

5.0.3810.0 C:\WINDOWS\System32\msjava.dll

 

 

»»PC uptime:

12:46am up 0 days, 6:50

 

»»Locked or 'Suspect' file(s) found...

\\?\C:\WINDOWS\System32\WDMB.DLL +++ File read error

\\?\C:\WINDOWS\System32\WDMB.DLL +++ File read error

 

 

»»Tasks (services):

0 System Process

4 System

508 smss.exe

564 CSRSS.EXE Title:

588 winlogon.exe Title: NetDDE Agent

652 SERVICES.EXE Svcs: Eventlog,PlugPlay

664 lsass.exe Svcs: PolicyAgent,ProtectedStorage,SamSs

860 SVCHOST.EXE Svcs: RpcSs

928 SVCHOST.EXE Svcs: AudioSrv,Browser,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,

elpsvc,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasMan,Schedule,seclo

on,SENS,SharedAccess,ShellHWDetection,srservice,TapiSrv,TermService,Themes,TrkWk

,uploadmgr,w

1060 SVCHOST.EXE Svcs: Dnscache

1128 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient

1320 SPOOLSV.EXE Svcs: Spooler

1660 alg.exe Svcs: ALG

1688 ccEvtMgr.exe Svcs: ccEvtMgr

1716 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access

1780 Navapsvc.exe Svcs: navapsvc

1876 NISUM.EXE Svcs: NISUM

1972 nvsvc32.exe Svcs: NVSvc

196 snmp.exe Svcs: SNMP

276 SVCHOST.EXE Svcs: stisvc

1072 CCPXYSVC.EXE Svcs: ccPxySvc

1476 devldr32.exe Title: DEVLDR

1496 explorer.exe Title: Program Manager

208 LVComS.exe Title: LVComSWnd

304 ccApp.exe Title:

876 BCMSMMSG.exe Title: BCM V.92 56K Modem Monitor

2188 mirc.exe Title: mIRC

908 mmjb.exe Title: MUSICMATCH Jukebox

3944 mmdiag.exe Title:

536 iexplore.exe Title: SWI Forums -> ABOUT:BLANK - Microsoft Internet Explorer

3480 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe

3860 ntvdm.exe

3488 msmsgs.exe Title:

2988 tlist.exe

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"AppInit_DLLs"=""

@="C:\\WINDOWS\\System32\\wdmb.dll"

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E1D1FB1-3A19-4993-85BB-FB98C0C26803}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]

"CLSID"="{D9691070-DE69-447F-931D-6F5951336021}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]

"CLSID"="{D9691070-DE69-447F-931D-6F5951336021}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-NI) ALLOW Full access JOHNMIKE\Mike

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

Full access JOHNMIKE\Mike

 

 

 

»»Group settings:

Microsoft ® Windows ® 2000 Operating System Group Policy Result tool

Copyright © Microsoft Corp. 1981-1999

 

 

Created on Tuesday, May 25, 2004 at 12:46:11 PM

 

 

Operating System Information:

 

Operating System Type: Professional

Operating System Version: 5.1.2600.Service Pack 1

Terminal Server Mode: Not supported

 

###############################################################

 

Computer Group Policy results for:

 

 

 

Domain Name:

Domain Type: Windows NT v4

 

 

The computer is a member of the following security groups:

 

 

###############################################################

 

Failed to open key with 2

 

 

User: [JOHNMIKE\Mike], is a member of:

 

BUILTIN\Administrators

\Everyone

 

»»ACLs list:

C:\junk BUILTIN\Administrators:F

BUILTIN\Administrators:(OI)(CI)(IO)F

NT AUTHORITY\SYSTEM:F

NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F

JOHNMIKE\Mike:F

CREATOR OWNER:(OI)(CI)(IO)F

BUILTIN\Users:R

BUILTIN\Users:(OI)(CI)(IO)(special access:)

 

GENERIC_READ

GENERIC_EXECUTE

 

BUILTIN\Users:(CI)(special access:)

 

FILE_APPEND_DATA

 

BUILTIN\Users:(CI)(special access:)

 

FILE_WRITE_DATA

 

 

ERROR: There are no more files.

 

 

»»Contents of file(s) in 'junk' folder:

 

»»Md5sums

 

MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+

Copyright © 2001-2002 Jem Berkes - http://www.pc-tools.net/

 

 

0 bytes, 0 ms = 0.00 MB/sec

------

»»Rehash:

 

Tue May 25 12:46:13 2004 -- ++Find-All 'Windows'.hiv .reg list:

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\winBackup.hiv

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\windows.txt

A C:\FindallwinBackup.hiv

A C:\findallappinit.reg

 

***Next Registry run should open this key directly:

 

! REG.EXE VERSION 2.0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit

LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

Share this post


Link to post
Share on other sites

Ok, arion, follow these steps now, and

don't use reglite on this one!

 

Your Windows registry is set to open this key directly:

*My Computer\HKEY_LOCAL_MACHINE\

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

Go to Start/run/type:

regedit

The registry should open with the Windows Subfolder

hilited.

(*compare and be sure the path on the status

bar is same as indicated above!)

 

-RightClick on the Windows Subfolder,

And rename Windows as Windows1

 

-Locate "AppInit_DLLs" value on the right

pane, RightClick it and select 'delete'

 

-Select the Windows1 on the left pane

again and rename it back to it's

original name, Windows

 

-Use top regedit's menu view->refresh once

and be sure the "AppInit_DLLs"

value is 'officially' gone from the right pane.

 

-Close regedit, *restart computer!

 

--Navigate to System32 folder, Search

for System32\ WDMB.DLL file, hilite

and use the folder's top menu

option : "Edit-> Move to folder..."

Browse to and select: C:\junk folder.

(It was created during first 'Find-All' run)

'ok' it.

 

--Re-run Find-All.cmd and post fresh output!

Share this post


Link to post
Share on other sites

--==***@@@ 'FIND-ALL' VERSION 7.5 -5/26 @@@***==--

 

 

Wed May 26 07:25:52 2004 -- ++Results:

»»System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (18A3:F328) - FS:NTFS clusters:4k

Total: 79 990 845 440 [74G] - Free: 3 632 181 248 [3.4G]

 

 

»»IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q837009;Q832894;Q831167;

 

»»Google Toolbar version and Attributes:

Defaults: "A" ;"R"

 

»»UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

»»Wmplayer version:

9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe

6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

 

»»M$Java version:

5.0.3810.0 C:\WINDOWS\System32\msjava.dll

 

 

»»PC uptime:

7:25am up 0 days, 0:11

 

»»Locked or 'Suspect' file(s) found...

* result\\?\C:\junk\WDMB.DLL

 

 

»»Tasks (services):

0 System Process

4 System

500 smss.exe

564 CSRSS.EXE Title:

588 winlogon.exe Title: NetDDE Agent

632 SERVICES.EXE Svcs: Eventlog,PlugPlay

644 lsass.exe Svcs: PolicyAgent,ProtectedStorage,SamSs

816 SVCHOST.EXE Svcs: RpcSs

872 SVCHOST.EXE Svcs: AudioSrv,Browser,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,

elpsvc,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasMan,Schedule,seclo

on,SENS,SharedAccess,ShellHWDetection,srservice,TapiSrv,TermService,Themes,TrkWk

,uploadmgr,w

1036 SVCHOST.EXE Svcs: Dnscache

1060 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient

1196 SPOOLSV.EXE Svcs: Spooler

1512 alg.exe Svcs: ALG

1524 ccEvtMgr.exe Svcs: ccEvtMgr

1544 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access

1580 Navapsvc.exe Svcs: navapsvc

1616 NISUM.EXE Svcs: NISUM

1720 nvsvc32.exe Svcs: NVSvc

1812 snmp.exe Svcs: SNMP

1852 SVCHOST.EXE Svcs: stisvc

408 CCPXYSVC.EXE Svcs: ccPxySvc

1148 explorer.exe Title: Program Manager

1452 devldr32.exe Title: DEVLDR

1492 LVComS.exe Title: LVComSWnd

1696 ccApp.exe Title: Norton AntiVirus

1792 BCMSMMSG.exe Title: BCM V.92 56K Modem Monitor

2344 iexplore.exe Title: SWI Forums -> ABOUT:BLANK - Microsoft Internet Explorer

1316 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe

272 ntvdm.exe

1140 msmsgs.exe Title:

2284 tlist.exe

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

@="C:\\WINDOWS\\System32\\wdmb.dll"

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E1D1FB1-3A19-4993-85BB-FB98C0C26803}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]

"CLSID"="{D9691070-DE69-447F-931D-6F5951336021}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]

"CLSID"="{D9691070-DE69-447F-931D-6F5951336021}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-NI) ALLOW Full access JOHNMIKE\Mike

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

Full access JOHNMIKE\Mike

 

 

 

»»Group settings:

Microsoft ® Windows ® 2000 Operating System Group Policy Result tool

Copyright © Microsoft Corp. 1981-1999

 

 

Created on Wednesday, May 26, 2004 at 7:25:54 AM

 

 

Operating System Information:

 

Operating System Type: Professional

Operating System Version: 5.1.2600.Service Pack 1

Terminal Server Mode: Not supported

 

###############################################################

 

Computer Group Policy results for:

 

 

 

Domain Name:

Domain Type: Windows NT v4

 

 

The computer is a member of the following security groups:

 

 

###############################################################

 

Failed to open key with 2

 

 

User: [JOHNMIKE\Mike], is a member of:

 

BUILTIN\Administrators

\Everyone

 

»»ACLs list:

C:\junk BUILTIN\Administrators:F

BUILTIN\Administrators:(OI)(CI)(IO)F

NT AUTHORITY\SYSTEM:F

NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F

JOHNMIKE\Mike:F

CREATOR OWNER:(OI)(CI)(IO)F

BUILTIN\Users:R

BUILTIN\Users:(OI)(CI)(IO)(special access:)

 

GENERIC_READ

GENERIC_EXECUTE

 

BUILTIN\Users:(CI)(special access:)

 

FILE_APPEND_DATA

 

BUILTIN\Users:(CI)(special access:)

 

FILE_WRITE_DATA

 

 

C:\junk\wdmb.dll BUILTIN\Administrators:F

NT AUTHORITY\SYSTEM:F

JOHNMIKE\Mike:F

BUILTIN\Users:R

 

 

»»Contents of file(s) in 'junk' folder:

wdmb.dll

 

»»Md5sums

 

MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+

Copyright © 2001-2002 Jem Berkes - http://www.pc-tools.net/

 

c185b36f9969d3a6d2122ba7cbc02249 wdmb.dll

 

57344 bytes, 0 ms = 0.00 MB/sec

------

»»Rehash:

File: <C:\junk\wdmb.dll>

 

Size-32 : 0000E000

 

CRC-32 : D5C9FB2E

 

GHash-32-5 : 26115E2D

 

GOST-Hash : 82A402D7 23ADEDC6 AB139C7E F70F4B77 1DB148B9 64596488

 

E89EDB26 3B623462

 

HAVAL-5-256 : D4B2FD10 ED750CA8 9094D67F C6885548 E5E25527 7E25E595

 

AAEF452A 3CD2FAB3

 

MD5 : C185B36F 9969D3A6 D2122BA7 CBC02249

 

SHA-512 : 54ACD2EE 31007EAB 3DCB7655 5B804798 B765D5F7 7C6B7436

 

199BF16C 2ADD7C05 1DF1F36A 7CF786F7 1716A7C3 91BB6135

 

C8BECB6F 2DB242DA 5945C134 A7E3D9B9

 

 

 

 

Wed May 26 07:25:54 2004 -- ++Find-All 'Windows'.hiv .reg list:

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\winBackup.hiv

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\windows.txt

A C:\FindallwinBackup.hiv

A C:\findallappinit.reg

 

***Next Registry run should open this key directly:

 

! REG.EXE VERSION 2.0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit

LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

Share this post


Link to post
Share on other sites

Finally, some progress! :ph34r:

 

Open the 'Find-All'\Tools Subfolder.

DoubleClick once on: "ZIPZAP.bat" file!

 

It will quickly/Silently do this:

*Restore your key &Security

back to defaults

*Reset permissions on the junk\*.dll moved file

*Create zipped copy in the same folder: "junk.zip"

*Open your email client with given address for submission!

 

--Drag the 'junk.zip' and submit the

attchachment to the specified address, ! , thanks ;)

 

When done, Delete the "junk.zip"

as well as the "junk" folder in

C:\

 

To fix all other related problems:

Scan and fix with *CWSHredder.

Same with fully updated Ad-Aware6! Select

your drive and fix all problems!

All links are in the FAQs.

 

When done,

--Re-run Find-All.cmd and post fresh output!

Share this post


Link to post
Share on other sites

Thank you for your help free. I think WE finally got rid of it. LOL I think it was much easier just going to the registry the old way. By the way, Adware6 finally got rid of those pop ups. Thanks for you help.

 

--==***@@@ 'FIND-ALL' VERSION 7.5 -5/26 @@@***==--

 

 

Thu May 27 12:35:04 2004 -- ++Results:

»»System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (18A3:F328) - FS:NTFS clusters:4k

Total: 79 990 845 440 [74G] - Free: 3 349 946 368 [3.1G]

 

 

»»IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q837009;Q832894;Q831167;

 

»»Google Toolbar version and Attributes:

Defaults: "A" ;"R"

 

»»UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

»»Wmplayer version:

9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe

6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

 

»»M$Java version:

5.0.3810.0 C:\WINDOWS\System32\msjava.dll

 

 

»»PC uptime:

12:35am up 1 day, 5:21

 

»»Locked or 'Suspect' file(s) found...

 

 

»»Tasks (services):

0 System Process

4 System

500 smss.exe

564 CSRSS.EXE Title:

588 winlogon.exe Title: NetDDE Agent

632 SERVICES.EXE Svcs: Eventlog,PlugPlay

644 lsass.exe Svcs: PolicyAgent,ProtectedStorage,SamSs

816 SVCHOST.EXE Svcs: RpcSs

872 SVCHOST.EXE Svcs: AudioSrv,BITS,Browser,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibi

ity,helpsvc,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasMan,Schedule,

eclogon,SENS,SharedAccess,ShellHWDetection,srservice,TapiSrv,TermService,Themes,

rkWks,upload

1036 SVCHOST.EXE Svcs: Dnscache

1060 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient

1196 SPOOLSV.EXE Svcs: Spooler

1512 alg.exe Svcs: ALG

1524 ccEvtMgr.exe Svcs: ccEvtMgr

1544 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access

1580 Navapsvc.exe Svcs: navapsvc

1616 NISUM.EXE Svcs: NISUM

1720 nvsvc32.exe Svcs: NVSvc

1812 snmp.exe Svcs: SNMP

1852 SVCHOST.EXE Svcs: stisvc

408 CCPXYSVC.EXE Svcs: ccPxySvc

1452 devldr32.exe Title: DEVLDR

1492 LVComS.exe Title: LVComSWnd

1696 ccApp.exe Title:

2836 msmsgs.exe Title: MSBLNetConn

3232 mirc.exe Title: mIRC

1848 explorer.exe Title: Program Manager

2176 iexplore.exe Title: Avant Browser

2300 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe

2756 ntvdm.exe

2472 tlist.exe

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"AppInit_DLLs -Size -Value"="C:\\WINDOWS\\System32\\wdmb.dll"

"AppInit_DLLs"=""

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

 

»»Group settings:

Microsoft ® Windows ® 2000 Operating System Group Policy Result tool

Copyright © Microsoft Corp. 1981-1999

 

 

Created on Thursday, May 27, 2004 at 12:35:06 PM

 

 

Operating System Information:

 

Operating System Type: Professional

Operating System Version: 5.1.2600.Service Pack 1

Terminal Server Mode: Not supported

 

###############################################################

 

Computer Group Policy results for:

 

 

 

Domain Name:

Domain Type: Windows NT v4

 

 

The computer is a member of the following security groups:

 

 

###############################################################

 

Failed to open key with 2

 

 

User: [JOHNMIKE\Mike], is a member of:

 

BUILTIN\Administrators

\Everyone

 

»»ACLs list:

C:\junk BUILTIN\Administrators:F

BUILTIN\Administrators:(OI)(CI)(IO)F

NT AUTHORITY\SYSTEM:F

NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F

JOHNMIKE\Mike:F

CREATOR OWNER:(OI)(CI)(IO)F

BUILTIN\Users:R

BUILTIN\Users:(OI)(CI)(IO)(special access:)

 

GENERIC_READ

GENERIC_EXECUTE

 

BUILTIN\Users:(CI)(special access:)

 

FILE_APPEND_DATA

 

BUILTIN\Users:(CI)(special access:)

 

FILE_WRITE_DATA

 

 

ERROR: There are no more files.

 

 

»»Contents of file(s) in 'junk' folder:

 

»»Md5sums

 

MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+

Copyright © 2001-2002 Jem Berkes - http://www.pc-tools.net/

 

 

0 bytes, 0 ms = 0.00 MB/sec

------

»»Rehash:

 

Thu May 27 12:35:07 2004 -- ++Find-All 'Windows'.hiv .reg list:

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\winBackup.hiv

A C:\DOCUME~1\MIKE~1.JOH\MYDOCU~1\clip\Find-All\Find-All\windows.txt

A C:\FindallwinBackup.hiv

A C:\findallappinit.reg

 

***Next Registry run should open this key directly:

 

! REG.EXE VERSION 2.0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit

LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

Share this post


Link to post
Share on other sites

Yup, all's well! ;)

 

Because of what you did before you have a trail left...

Open regedit to the same 'Windows' key and delete this:

"AppInit_DLLs -Size -Value"="C:\\WINDOWS\\System32\\wdmb.dll"

The other (empty) 'AppInit_DLLs' value can be left alone!

 

Well done!

Share this post


Link to post
Share on other sites

I have to say my internet explorer is running faster. I also noticed that im using less juice. lol Thanks for your help free.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0