• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
roffles

Arrg, about:blank

16 posts in this topic

Iv ran CWShredder and althought it says it removes CWS.Searchx after each reboot it loads up again. There for it must be in the startup somewhere. Unfortiantly I do not know how to remove it myself so I come to you in seek of help! Below is my HiJackThis log.

*Note, I've updated windows, downloaded and applied ie-spyad still nothing*

 

Logfile of HijackThis v1.97.7

Scan saved at 3:48:44 AM, on 5/21/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\AIM\aim.exe

C:\Lineage II\system\L2.exe

C:\Program Files\Avant Browser\iexplore.exe

C:\cWS\CWShredder.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8051.8777314815

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Download: "Find-All.zip" from Here

*UNzip the 'Find-All' folder, DoubleClick on the Find-All.bat file inside,

follow instructions and post the log!

Share this post


Link to post
Share on other sites

Log for Find-All

 

--==***@@@ 'FIND-ALL' VERSION 6 -5/21 @@@***==-- 


Fri May 21 05:24:36 2004 -- Results: 
*System Info: 

Microsoft Windows XP [Version 5.1.2600]
C: "" (A856:80F1) - FS:NTFS clusters:4k
Total: 60 011 610 112 [56G] - Free: 37 255 888 896 [35G]


*IE version and Service packs: 
            6.0.2800.1106  C:\Program Files\Internet Explorer\Iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
   MinorVersion	REG_SZ;SP1;Q832894;Q330994;Q837009;Q831167;

*Google Toolbar version and Attributes: 
Defaults: "A";"R" 
Path not found - C:\Program Files\google
Path not found - C:\Program Files\google

*UserAgent: 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


*Wmplayer version: 
               9.0.0.2980  C:\Program Files\Windows Media Player\wmplayer.exe
               6.4.9.1125  C:\Program Files\Windows Media Player\mplayer2.exe

*M$Java version: 


*PC uptime: 
 5:24am  up 0 days,  2:37

*Locked or 'Suspect' file(s) found... 
\\?\C:\WINDOWS\System32\D3DI.DLL +++ File read error
\\?\C:\WINDOWS\System32\D3DI.DLL +++ File read error


*Tasks (services): 
  0 System Process  
  4 System          
644 smss.exe        
692 csrss.exe       Title: 
728 winlogon.exe    Title: NetDDE Agent
800 services.exe    Svcs:  Eventlog,PlugPlay
812 lsass.exe       Svcs:  PolicyAgent,ProtectedStorage,SamSs
1048 svchost.exe     Svcs:  RpcSs
1168 svchost.exe     Svcs:  AudioSrv,Browser,CryptSvc,Dhcp,dmserver,ERSvc,EventSystem,FastUserSwitching
ompatibility,helpsvc,lanmanserver,lanmanworkstation,Netman,Nla,RasMan,Schedule,s
clogon,SENS,ShellHWDetection,TapiSrv,TermService,Themes,TrkWks,uploadmgr,W32Time
winmgmt,wuauserv
1340 svchost.exe     Svcs:  Dnscache
1376 svchost.exe     Svcs:  LmHosts,RemoteRegistry,SSDPSRV,WebClient
1620 spoolsv.exe     Svcs:  Spooler
1776 nvsvc32.exe     Svcs:  NVSvc
1824 SMAgent.exe     Svcs:  SoundMAX Agent Service (default)
524 explorer.exe    Title: Program Manager
860 SMax4PNP.exe    Title: SMax4PNP
776 SMax4.exe       Title: SoundMax4
1068 rundll32.exe    Title: MediaCenter
1224 jusched.exe     Title: OleMainThreadWndName
1812 iexplore.exe    Title: Avant Browser
1520 CWShredder.exe  Title: CSWhredder
1060 msmsgs.exe      Title: 
1516 HijackThis.exe  Title: HijackThis
500 notepad.exe     Title: hijackthis.log - Notepad
1404 cmd.exe         Title: C:\WINDOWS\System32\cmd.exe
208 ntvdm.exe       
1152 tlist.exe       
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4853E31D-4B02-4EA4-881F-83DF68943755}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{AEAF98EA-4ED8-4EB9-B818-F447679C1EEA}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{AEAF98EA-4ED8-4EB9-B818-F447679C1EEA}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key: 


! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
   AppInit_Dlls	REG_SZ	


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI)    ALLOW  Read       	 BUILTIN\Users
(IO)    ALLOW  Read       	 BUILTIN\Users
(NI)    ALLOW  Read       	 BUILTIN\Power Users
(IO)    ALLOW  Read       	 BUILTIN\Power Users
(NI)    ALLOW  Full access  BUILTIN\Administrators
(IO)    ALLOW  Full access  BUILTIN\Administrators
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(NI)    ALLOW  Full access  BUILTIN\Administrators
(IO)    ALLOW  Full access  CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read         	 BUILTIN\Users
Read         	 BUILTIN\Power Users
Full access    BUILTIN\Administrators
Full access    NT AUTHORITY\SYSTEM


*ACLs list for *.* in 'junk' folder: (if exist) 

Error: Cannot open file [C:\junk\*.*]

Fri May 21 05:24:40 2004 -- *Find-All 'Windows'.hiv list: 
A          C:\DOCUME~1\Gryphon\Desktop\Find-All\winBackup.hiv
A          C:\DOCUME~1\Gryphon\Desktop\Find-All\windows.txt
A          C:\FindallwinBackup.hiv

Share this post


Link to post
Share on other sites

Yes!

We have the information!

 

Next, on the same page (Find-All) Download

'Salamand.zip' as you will need it later.

 

Download and install:

Registrar Lite: http://www.resplendence.com/reglite

 

Run reglite, copy and paste this key to the

address bar, hit 'go' tab:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

-Rename the Folder Windows

to NotWindows highlighted as a purple folder

in the left hand pane of reglite.

 

-DoubleClick "AppInit_DLLs" value on the right pane,

and clear the data value:

C:\WINDOWS\System32\D3DI.DLL-< delete this line ,

'Apply' and 'ok' to set.

 

-Rename the NotWindows folder back to its

original name Windows

 

-Restart computer

 

-Search for this file:

C:\WINDOWS\System32\D3DI.DLL<

Try to delete it, expect to get access denied!

 

-Run 'Find-All.bat' again and post the log.

Share this post


Link to post
Share on other sites

Access denied to delete d3di.dll like you expected.

Find-All log below

 

--==***@@@ 'FIND-ALL' VERSION 6 -5/21 @@@***==-- 


Fri May 21 06:11:50 2004 -- Results: 
*System Info: 

Microsoft Windows XP [Version 5.1.2600]
C: "" (A856:80F1) - FS:NTFS clusters:4k
Total: 60 011 610 112 [56G] - Free: 37 244 923 904 [35G]


*IE version and Service packs: 
            6.0.2800.1106  C:\Program Files\Internet Explorer\Iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
   MinorVersion	REG_SZ;SP1;Q832894;Q330994;Q837009;Q831167;

*Google Toolbar version and Attributes: 
Defaults: "A";"R" 
Path not found - C:\Program Files\google
Path not found - C:\Program Files\google

*UserAgent: 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


*Wmplayer version: 
               9.0.0.2980  C:\Program Files\Windows Media Player\wmplayer.exe
               6.4.9.1125  C:\Program Files\Windows Media Player\mplayer2.exe

*M$Java version: 


*PC uptime: 
 6:11am  up 0 days,  0:02

*Locked or 'Suspect' file(s) found... 
\\?\C:\WINDOWS\System32\D3DI.DLL +++ File read error
\\?\C:\WINDOWS\System32\D3DI.DLL +++ File read error


*Tasks (services): 
  0 System Process  
  4 System          
628 smss.exe        
676 csrss.exe       Title: 
704 winlogon.exe    Title: NetDDE Agent
748 services.exe    Svcs:  Eventlog,PlugPlay
760 lsass.exe       Svcs:  PolicyAgent,ProtectedStorage,SamSs
944 svchost.exe     Svcs:  RpcSs
1044 svchost.exe     Svcs:  AudioSrv,Browser,CryptSvc,Dhcp,dmserver,ERSvc,EventSystem,FastUserSwitching
ompatibility,helpsvc,lanmanserver,lanmanworkstation,Netman,Nla,RasMan,Schedule,s
clogon,SENS,ShellHWDetection,TapiSrv,TermService,Themes,TrkWks,uploadmgr,W32Time
winmgmt,wuauserv
1196 svchost.exe     Svcs:  Dnscache
1228 svchost.exe     Svcs:  LmHosts,RemoteRegistry,SSDPSRV,WebClient
1448 spoolsv.exe     Svcs:  Spooler
1756 explorer.exe    Title: Program Manager
1968 nvsvc32.exe     Svcs:  NVSvc
2012 SMAgent.exe     Svcs:  SoundMAX Agent Service (default)
248 SMax4PNP.exe    Title: SMax4PNP
300 SMax4.exe       Title: SoundMax4
344 rundll32.exe    Title: MediaCenter
404 jusched.exe     Title: OleMainThreadWndName
2008 iexplore.exe    Title: Avant Browser
1360 cmd.exe         Title: C:\WINDOWS\System32\cmd.exe
888 ntvdm.exe       
1696 tlist.exe       
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4853E31D-4B02-4EA4-881F-83DF68943755}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
@="SpywareGuard Download Protection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{AEAF98EA-4ED8-4EB9-B818-F447679C1EEA}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{AEAF98EA-4ED8-4EB9-B818-F447679C1EEA}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key: 


! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
   AppInit_Dlls	REG_SZ	


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW  Read       	 BUILTIN\Users
(ID-IO) ALLOW  Read       	 BUILTIN\Users
(ID-NI) ALLOW  QWCEN-DS--    BUILTIN\Power Users
(ID-IO) ALLOW  QWCEN-DS--    BUILTIN\Power Users
(ID-NI) ALLOW  Full access  BUILTIN\Administrators
(ID-IO) ALLOW  Full access  BUILTIN\Administrators
(ID-NI) ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-NI) ALLOW  Full access  CAPSULE\Gryphon
(ID-IO) ALLOW  Full access  CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read         	 BUILTIN\Users
QWCEN-DS--      BUILTIN\Power Users
Full access    BUILTIN\Administrators
Full access    NT AUTHORITY\SYSTEM
Full access    CAPSULE\Gryphon


*ACLs list for *.* in 'junk' folder: (if exist) 

Error: Cannot open file [C:\junk\*.*]

Fri May 21 06:11:51 2004 -- *Find-All 'Windows'.hiv list: 
A          C:\DOCUME~1\Gryphon\Desktop\Find-All\winBackup.hiv
A          C:\DOCUME~1\Gryphon\Desktop\Find-All\windows.txt
A          C:\FindallwinBackup.hiv

Share this post


Link to post
Share on other sites

Good progress!

Next step, we are going to move the file to

another location and reset it's permissions!

 

-Unzip the salamand.zip folder, run salamand.exe

Follow these menu options exactly as described:

 

*Top menu "left">Change Drive>Click C:

*"Right">Change Drive>Click C

*"Commands">Create Directory...>Paste>junk>ok.

*"options">check "Command Line"

*"Commands">Change Directory>paste:

C:\WINDOWS\System32 . 'ok'

*"Commands">Find Files..>edit:

*In 'search for' paste: D3DI.DLL

uncheck 'include subdirectories'

hit 'ok' and 'start'

*On file found hit -> 'focus'

*Top menu "files"->move/rename, type:

C:\junk

hit 'ok' .

 

Inside the 'Find-All' folder should be 'Final.bat' file.

Double click on it once, as it should clean/restore the key

(though nothing would appear to happen)

 

Run the Find-All.bat again and post the scan results.

Share this post


Link to post
Share on other sites

I moved the file but, there is no final.bat in the Find-All folder. I tried redownloading it also, doesnt appear to be there. Am I missing something?

 

*edit* list of the files in Find-All folder:

 

FIND-ALL.BAT

getver.exe

msgbox.exe

now.exe

output.txt

reg.exe

RegDACL.exe

RegFix.reg

SHOWACLS.EXE

tlist.exe

UPTIME.EXE

winBackup.hiv

windows.txt

XFIND.exe

Xfix.bat

zdu.exe

Edited by roffles

Share this post


Link to post
Share on other sites

Thanks, I uploaded/changed since.

Just click on the "Xfix.bat". Thats it!

 

Post another Find-All.bat run!

Edited by freeatlast

Share this post


Link to post
Share on other sites

new log

 

--==***@@@ 'FIND-ALL' VERSION 6 -5/21 @@@***==-- 


Fri May 21 07:51:44 2004 -- Results: 
*System Info: 

Microsoft Windows XP [Version 5.1.2600]
C: "" (A856:80F1) - FS:NTFS clusters:4k
Total: 60 011 610 112 [56G] - Free: 36 860 223 488 [34G]


*IE version and Service packs: 
            6.0.2800.1106  C:\Program Files\Internet Explorer\Iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
   MinorVersion	REG_SZ;SP1;Q832894;Q330994;Q837009;Q831167;

*Google Toolbar version and Attributes: 
Defaults: "A";"R" 
Path not found - C:\Program Files\google
Path not found - C:\Program Files\google

*UserAgent: 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


*Wmplayer version: 
               9.0.0.2980  C:\Program Files\Windows Media Player\wmplayer.exe
               6.4.9.1125  C:\Program Files\Windows Media Player\mplayer2.exe

*M$Java version: 


*PC uptime: 
 7:51am  up 0 days,  1:41

*Locked or 'Suspect' file(s) found... 


*Tasks (services): 
  0 System Process  
  4 System          
628 smss.exe        
676 csrss.exe       Title: 
704 winlogon.exe    Title: NetDDE Agent
748 services.exe    Svcs:  Eventlog,PlugPlay
760 lsass.exe       Svcs:  PolicyAgent,ProtectedStorage,SamSs
944 svchost.exe     Svcs:  RpcSs
1044 svchost.exe     Svcs:  AudioSrv,Browser,CryptSvc,Dhcp,dmserver,ERSvc,EventSystem,FastUserSwitching
ompatibility,helpsvc,lanmanserver,lanmanworkstation,Netman,Nla,RasMan,Schedule,s
clogon,SENS,ShellHWDetection,TapiSrv,TermService,Themes,TrkWks,uploadmgr,W32Time
winmgmt,wuauserv
1196 svchost.exe     Svcs:  Dnscache
1228 svchost.exe     Svcs:  LmHosts,RemoteRegistry,SSDPSRV,WebClient
1448 spoolsv.exe     Svcs:  Spooler
1756 explorer.exe    Title: Program Manager
1968 nvsvc32.exe     Svcs:  NVSvc
2012 SMAgent.exe     Svcs:  SoundMAX Agent Service (default)
248 SMax4PNP.exe    Title: SMax4PNP
300 SMax4.exe       Title: SoundMax4
344 rundll32.exe    Title: MediaCenter
404 jusched.exe     Title: OleMainThreadWndName
1688 iexplore.exe    Title: Avant Browser
1484 SALAMAND.EXE    Title: Servant Salamander
1620 cmd.exe         Title: C:\WINDOWS\System32\cmd.exe
1256 ntvdm.exe       
896 tlist.exe       
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4853E31D-4B02-4EA4-881F-83DF68943755}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
@="SpywareGuard Download Protection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{AEAF98EA-4ED8-4EB9-B818-F447679C1EEA}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{AEAF98EA-4ED8-4EB9-B818-F447679C1EEA}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key: 


! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
   AppInit_Dlls	REG_SZ	


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI)    ALLOW  Read       	 BUILTIN\Users
(IO)    ALLOW  Read       	 BUILTIN\Users
(NI)    ALLOW  Read       	 BUILTIN\Power Users
(IO)    ALLOW  Read       	 BUILTIN\Power Users
(NI)    ALLOW  Full access  BUILTIN\Administrators
(IO)    ALLOW  Full access  BUILTIN\Administrators
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(NI)    ALLOW  Full access  BUILTIN\Administrators
(IO)    ALLOW  Full access  CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read         	 BUILTIN\Users
Read         	 BUILTIN\Power Users
Full access    BUILTIN\Administrators
Full access    NT AUTHORITY\SYSTEM


*ACLs list for *.* in 'junk' folder: (if exist) 


Fri May 21 07:51:45 2004 -- *Find-All 'Windows'.hiv list: 
A          C:\DOCUME~1\Gryphon\Desktop\Find-All\winBackup.hiv
A          C:\DOCUME~1\Gryphon\Desktop\Find-All\windows.txt
A          C:\FindallwinBackup.hiv

Share this post


Link to post
Share on other sites

Looks good!

 

Final steps, run salamand again, click once

on "left" menu to be in C:\

 

--------------------------------------------------------

Into the visual bottom narrow box, with:

--------------------------------------------------------

C:\>

--------------------------------------------------------

Copy &paste the following 2 commands, one at a time,

hit enter.

You should get (processed..) confirmation on first,

and nothing on the second.

Close the prompt box after each

command return.

(Command #1) (copy entire hilited command)

 

cacls %SYSTEMDRIVE%\junk\*.dll /t /e /g Administrators:f & cacls %SYSTEMDRIVE%\junk /t /e /g Administrators:f

 

(Command #2)

 

 

attrib -r \\?\%SYSTEMDRIVE%\junk\*.dll & ren \\?\%SYSTEMDRIVE%\junk\*.dll *.111

 

Close the program, go to The C:\junk<- folder, and Zip it up!!

Submit the zipped junk on the same page (My Find-All link) by

clicking on the 'files for submissions' link.

It will open your email client, navigate and add

it as attachment! Thanks ;)

 

Lastly, delete 'junk' folder(s) from C:

 

Run again, (as they should work well now)

Shredder

Ad-Aware

Spybot!

 

Feel free to post follow up log(s) when done!

(Find-All and hijakthis)

Share this post


Link to post
Share on other sites

HJT Log

Logfile of HijackThis v1.97.7
Scan saved at 8:12:23 AM, on 5/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avant Browser\iexplore.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38051.8777314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Share this post


Link to post
Share on other sites

Find All log

 

--==***@@@ 'FIND-ALL' VERSION 6 -5/21 @@@***==-- 


Fri May 21 08:13:18 2004 -- Results: 
*System Info: 

Microsoft Windows XP [Version 5.1.2600]
C: "" (A856:80F1) - FS:NTFS clusters:4k
Total: 60 011 610 112 [56G] - Free: 36 859 457 536 [34G]


*IE version and Service packs: 
            6.0.2800.1106  C:\Program Files\Internet Explorer\Iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
   MinorVersion	REG_SZ;SP1;Q832894;Q330994;Q837009;Q831167;

*Google Toolbar version and Attributes: 
Defaults: "A";"R" 
Path not found - C:\Program Files\google
Path not found - C:\Program Files\google

*UserAgent: 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


*Wmplayer version: 
               9.0.0.2980  C:\Program Files\Windows Media Player\wmplayer.exe
               6.4.9.1125  C:\Program Files\Windows Media Player\mplayer2.exe

*M$Java version: 


*PC uptime: 
 8:13am  up 0 days,  2:03

*Locked or 'Suspect' file(s) found... 


*Tasks (services): 
  0 System Process  
  4 System          
628 smss.exe        
676 csrss.exe       Title: 
704 winlogon.exe    Title: NetDDE Agent
748 services.exe    Svcs:  Eventlog,PlugPlay
760 lsass.exe       Svcs:  PolicyAgent,ProtectedStorage,SamSs
944 svchost.exe     Svcs:  RpcSs
1044 svchost.exe     Svcs:  AudioSrv,Browser,CryptSvc,Dhcp,dmserver,ERSvc,EventSystem,FastUserSwitching
ompatibility,helpsvc,lanmanserver,lanmanworkstation,Netman,Nla,RasMan,Schedule,s
clogon,SENS,ShellHWDetection,TapiSrv,TermService,Themes,TrkWks,uploadmgr,W32Time
winmgmt,wuauserv
1196 svchost.exe     Svcs:  Dnscache
1228 svchost.exe     Svcs:  LmHosts,RemoteRegistry,SSDPSRV,WebClient
1448 spoolsv.exe     Svcs:  Spooler
1756 explorer.exe    Title: Program Manager
1968 nvsvc32.exe     Svcs:  NVSvc
2012 SMAgent.exe     Svcs:  SoundMAX Agent Service (default)
248 SMax4PNP.exe    Title: SMax4PNP
300 SMax4.exe       Title: SoundMax4
344 rundll32.exe    Title: MediaCenter
404 jusched.exe     Title: OleMainThreadWndName
1148 msmsgs.exe      Title: 
2008 iexplore.exe    Title: Avant Browser
1368 Ad-aware.exe    Title: Ad-aware 6
392 HijackThis.exe  Title: HijackThis
816 notepad.exe     Title: hijackthis.log - Notepad
1360 cmd.exe         Title: C:\WINDOWS\System32\cmd.exe
1836 ntvdm.exe       
364 tlist.exe       
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
@="SpywareGuard Download Protection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key: 


! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
   AppInit_Dlls	REG_SZ	


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI)    ALLOW  Read       	 BUILTIN\Users
(IO)    ALLOW  Read       	 BUILTIN\Users
(NI)    ALLOW  Read       	 BUILTIN\Power Users
(IO)    ALLOW  Read       	 BUILTIN\Power Users
(NI)    ALLOW  Full access  BUILTIN\Administrators
(IO)    ALLOW  Full access  BUILTIN\Administrators
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(NI)    ALLOW  Full access  BUILTIN\Administrators
(IO)    ALLOW  Full access  CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read         	 BUILTIN\Users
Read         	 BUILTIN\Power Users
Full access    BUILTIN\Administrators
Full access    NT AUTHORITY\SYSTEM


*ACLs list for *.* in 'junk' folder: (if exist) 

Error: Cannot open file [C:\junk\*.*]

Fri May 21 08:13:18 2004 -- *Find-All 'Windows'.hiv list: 
A          C:\DOCUME~1\Gryphon\Desktop\Find-All\winBackup.hiv
A          C:\DOCUME~1\Gryphon\Desktop\Find-All\windows.txt
A          C:\FindallwinBackup.hiv

Share this post


Link to post
Share on other sites

Clean bill on both counts! :)

 

Just fix checked those in hijackthis,

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

 

And you're all set!

Reset your home page, restore defaults in IE options; Stay out of trouble! B)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0