• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
ECKPRJ

FINDnFIX Reply to 'freeatlast'-followup

2 posts in this topic

In reply to my original posting of DELETED REGISTRY KEY APPEAR ON REBOOT, I was advised to post my HIJACKTHIS log, which I did. I was then asked by FREEATLAST to run FINDnFIX. I ran it and posted a log a few says ago, but got no reply. Subsequently, problems still exist: I still get entries that AD AWARE identifies as potential browser hijackers, the IE Browser will not hold a home page entry - it reverts after reboot to either www.msn.com, or about:blank. My computer does not allow me to run the online virus checker HOUSECALL from trendmicro.com, and I find there are two programs that have become corrupted, and after I uninstalled them thoroughly, I cannot reinstall them uncorrupted.

 

I have posted the latest FINDnFIX log in the hope that it will help; I would really appreciate guidance.

 

Many thanks.

 

 

»»»»»»»»»»»»»»»»»»*** freeatlast.100free.com ***»»»»»»»»»»»»»»»»

 

Microsoft Windows XP [Version 5.1.2600]

The type of the file system is NTFS.

C: is not dirty.

 

Tue 06/29/2004

7:21pm up 0 days, 21:37

»»»»»»»»»»»»»»»»»»***Attention!***»»»»»»»»»»»»»»»»

Files listed in this section (in System32) are not always definitive!

Always Double Check and be sure the file pointed doesn't exist!

 

»»Locked or 'Suspect' file(s) found...

 

 

C:\WINDOWS\System32\KBDGAJO.DLL +++ File read error

\\?\C:\WINDOWS\System32\KBDGAJO.DLL +++ File read error

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»Special 'locked' files scan in 'System32'........

**File C:\FINDnFIX\LIST.TXT

KBDGAJO.DLL Can't Open!

 

****Filtering files in System32... (-h -s -r...) ***

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

C:\WINDOWS\SYSTEM32\

kbdgajo.dll Wed Jun 23 2004 6:04:34p A...R 57,344 56.00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57,344 bytes 56.00 K

 

No matches found.

 

Sniffing..........

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\KBDGAJO.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(NI) ALLOW Read BUILTIN\Users

(IO) ALLOW Read BUILTIN\Users

(NI) ALLOW Read BUILTIN\Power Users

(IO) ALLOW Read BUILTIN\Power Users

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access BUILTIN\Administrators

(NI) ALLOW Full access NT AUTHORITY\SYSTEM

(IO) ALLOW Full access NT AUTHORITY\SYSTEM

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Read BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

»»Member of...: (Admin logon required!)

User is a member of group SERVER\None.

User is a member of group \Everyone.

User is a member of group BUILTIN\Administrators.

User is a member of group BUILTIN\Users.

User is a member of group \LOCAL.

User is a member of group NT AUTHORITY\INTERACTIVE.

User is a member of group NT AUTHORITY\Authenticated Users.

 

»»Dir 'junkxxx' was created with the following permissions...

(FAT32=NA)

Directory "C:\junkxxx"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000013 tco- 001F01FF ---- DSPO rw+x BUILTIN\Administrators

Allow 00000010 t--- 001F01FF ---- DSPO rw+x SERVER\Peter

Allow 0000001B -co- 001F01FF ---- DSPO rw+x \CREATOR OWNER

Allow 00000013 tco- 001F01FF ---- DSPO rw+x \Everyone

Allow 00000013 tco- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 00000013 tco- 001F01FF ---- DSPO rw+x BUILTIN\Users

 

Owner: SERVER\Peter

 

Primary Group: SERVER\None

 

 

 

»»»»»»Backups created...»»»»»»

7:22pm up 0 days, 21:38

Tue 06/29/2004

 

A C:\FINDnFIX\winBack.hiv

--a-- - - - - - 8,192 06-26-2004 winback.hiv

A C:\FINDnFIX\keys1\winkey.reg

--a-- - - - - - 287 06-26-2004 winkey.reg

 

»»Performing 16bit string scan....

 

---------- WIN.TXT

fùAppInit_DLLsÖ?æG¸ÿÿÿC

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

Windows

AppInit

UDeviceNotSelectedTimeout

zGDIProcessHandleQuota"

Spooler2

5swapdisk

TransmissionRetryTimeout

USERProcessHandleQuota3

 

**File C:\FINDnFIX\WIN.TXT

Øÿÿÿvk @ Ø fùAppInit_DLLsÖ?æG¸ÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ k b d g a j o . d l l 975F ° Ðÿÿÿvk X ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 ( ðÿÿÿ9 0 ë=tÀÐÿÿÿvk €' zGDIProcessHandleQuota"þàÿÿÿvk È °ºSpooler2ðÿÿÿy e s

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0