Registry items changed every time I log in

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

midfinger

Thread Starter
Joined
Sep 19, 2008
Messages
1
Good day to all:D

Im having this problem with my PC where several entries in the registry was changed everytime I logged in.
Even after I changed the entries manually, somehow, after next login, they were changed back thus giving me problems accessing regedit, task manager, run , and many more.
This problem started last week.
I have run Windows Live One Care online scan and SuperAntiSpyware Free Edition, but nothing big was found. The SuperAntiSpyware log was attached below as well.

The entries that were normally affected are :-

HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun
HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFileMenu
HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFind
HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun
HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSaveSetting
HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoTrayContextMenu

Attached is the HijackThis logfile and the Startup list logfile

-----------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:29 AM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DT
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected]
O4 - HKLM\..\Run: [vr64] C:\WINDOWS\system32\prnjobt.vbe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141217426343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F6C9A49-1FC7-42A6-B25B-0744D5D49F75}: NameServer = 202.188.0.133,202.199.1.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8994 bytes
-----------------------------------------------------------------------

StartupList report, 9/20/2008, 11:07:01 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP3 (6.00.2900.5512)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Dell QuickSet = C:\Program Files\Dell\QuickSet\quickset.exe
IntelWireless = C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
DLCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected]
vr64 = C:\WINDOWS\system32\prnjobt.vbe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------

Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75}
(no name) - C:\WINDOWS\System32\DLA\DLASHX_W.DLL - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll - {6A373B7E-496E-424f-A9BE-486A5E9AB018}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
--------------------------------------------------
Enumerating Task Scheduler jobs:
At1.job
At10.job
At11.job
At12.job
At13.job
At14.job
At15.job
At16.job
At17.job
At18.job
At19.job
At2.job
At20.job
At21.job
At22.job
At23.job
At24.job
At25.job
At26.job
At27.job
At28.job
At29.job
At3.job
At30.job
At31.job
At32.job
At33.job
At34.job
At35.job
At36.job
At37.job
At38.job
At39.job
At4.job
At40.job
At41.job
At42.job
At43.job
At44.job
At45.job
At46.job
At47.job
At48.job
At49.job
At5.job
At50.job
At51.job
At52.job
At53.job
At54.job
At55.job
At56.job
At57.job
At58.job
At59.job
At6.job
At60.job
At61.job
At62.job
At63.job
At64.job
At65.job
At66.job
At67.job
At68.job
At69.job
At7.job
At70.job
At71.job
At72.job
At73.job
At74.job
At75.job
At76.job
At77.job
At78.job
At79.job
At8.job
At80.job
At81.job
At82.job
At83.job
At84.job
At85.job
At86.job
At87.job
At88.job
At89.job
At9.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll
[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141217426343
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[dcCertUtils.clsOperation]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\dcCertUtils.dll
CODEBASE = https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
--------------------------------------------------
End of report, 7,740 bytes
Report generated in 0.031 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/20/2008 at 09:00 AM
Application Version : 4.21.1004
Core Rules Database Version : 3574
Trace Rules Database Version: 1562
Scan type : Quick Scan
Total Scan Time : 00:14:48
Memory items scanned : 476
Memory threats detected : 0
Registry items scanned : 570
Registry threats detected : 21
File items scanned : 9466
File threats detected : 93
Adware.Tracking Cookie
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][2].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][2].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][2].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
C:\Documents and Settings\Ipan\Cookies\[email protected][2].txt
Keylogger.Actual Spy
HKU\S-1-5-21-658360299-2217891903-2818851260-1006\Software\ACSPMonitor
HKLM\Software\ACSPMonitor
HKLM\Software\ACSPMonitor#path_app2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: Setup Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: App Path
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: Icon Group
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: User
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: Selected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: Deselected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#QuietUninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#URLUpdateInfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#InstallDate
C:\Program Files\ACSPMonitor\ActualSpy.chm
C:\Program Files\ACSPMonitor\ASMonitor.exe
C:\Program Files\ACSPMonitor\asmonitor.exe.manifest
C:\Program Files\ACSPMonitor\f.bat
C:\Program Files\ACSPMonitor\FILE_ID.DIZ
C:\Program Files\ACSPMonitor\hk.dll
C:\Program Files\ACSPMonitor\hk2.dll
C:\Program Files\ACSPMonitor\hprog.dll
C:\Program Files\ACSPMonitor\libeay32.dll
C:\Program Files\ACSPMonitor\license.txt
C:\Program Files\ACSPMonitor\logs
C:\Program Files\ACSPMonitor\readme.txt
C:\Program Files\ACSPMonitor\rights.bat
C:\Program Files\ACSPMonitor\settings.exe
C:\Program Files\ACSPMonitor\ssleay32.dll
C:\Program Files\ACSPMonitor\unins000.dat
C:\Program Files\ACSPMonitor\unins000.exe
C:\Program Files\ACSPMonitor
C:\SIERRA\ACTUALSPY.EXE

-----------------------------------------------------------------------
I'm not sure whether all the informations provided are sufficient, but if it's not enough, do tell me what to do.
Your help is greatly appreciated
Thanks
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi Welcome to TSG!!


Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top