Solved: Task Manager window won't open

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

gplracerx

Thread Starter
Joined
Nov 28, 2006
Messages
17
When I ctrl-alt-del, the task manager cpu usage icon appears in the system tray and a button appears on the task bar, but I can't see the task manager window. Panda active scan detects nothing and I am running McAfee 2006 antivirus and firewall as well as Windows Defender, AdAware and Spybot with no problems detected.

system
WinXP Pro SP2 fully updated
Athlon X2 4800+
Asus A8V Deluxe
2GB memory
 
Joined
Jan 3, 2007
Messages
72
Go to http://www.spywareinfo.com/~merijn/programs.php to download HJTsetup.exe
As you will be asked for this, then follow these instructions and wait for a gold shield member to check your log

* Save HJTsetup.exe to your desktop.
* Double click on the HJTsetup.exe icon on your desktop.
* By default it will install to C:\Program Files\Hijack This.
* Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
* Put a check by Create a desktop icon then click Next again.
* Continue to follow the rest of the prompts from there.
* At the final dialogue box click Finish and it will launch Hijack This.
* Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
* Paste the log in your next reply.
* DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

gplracerx

Thread Starter
Joined
Nov 28, 2006
Messages
17
Logfile of HijackThis v1.99.1
Scan saved at 7:26:27 PM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
H:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
H:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
H:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
H:\Program Files\Logitech\MouseWare\system\em_exec.exe
H:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
H:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DVICO\FusionHDTV\FusionHdtvTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\DVICO\FusionHDTV\Remote\FusionRc.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
H:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DeWitt\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techcentralstation.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AcctMgr] H:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [zBrowser Launcher] H:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [ASUS Probe] H:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] H:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [FusionTrayAgent] C:\Program Files\DVICO\FusionHDTV\FusionHdtvTray.exe
O4 - HKLM\..\Run: [FusionRemote] C:\Program Files\DVICO\FusionHDTV\Remote\FusionRc.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\microsoft office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120155158687
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1120155499968
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Speed Disk service - Unknown owner - H:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Joined
Jan 3, 2007
Messages
72
While you are waiting for a gold shield member to check your log I would advise you to do this:

Ugrading Java: http://java.sun.com/javase/downloads/index.jsp

* Download the latest version of Java Runtime Environment (JRE) 6.
* Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
* Click the "Download" button to the right.
* Check the box that says: "Accept License Agreement".
* The page will refresh.
* Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
* Close any programs you may have running - especially your web browser.
* Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
* Check any item with Java Runtime Environment (JRE or J2SE) in the name.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each Java version.
* Reboot your computer once all Java components are removed.
* Then from your desktop double-click on the download to install the newest version.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, gplracerx :)

Welcome to TSG.

Download the enclosed file. Save and extract its contents to the desktop. It is a folder containing a batch file, Policies.bat . Once extracted, double click on the Policies.bat file. A new document will be produced. Post its contents in a reply.
 

Attachments

Joined
Sep 8, 2005
Messages
9,113
Welcome to TSG :)

I have attached a filenamed regfind.zip, please download regfind.zip. Unzip/Extract regfind.bat to your Desktop, double-click on regfind.bat a DOS windows will appear and disappear (don't worry this is normal). A file named test.txt will appear on your Desktop, please copy and paste the contents of that file in your next reply. Thanks.
 

Attachments

gplracerx

Thread Starter
Joined
Nov 28, 2006
Messages
17
! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x91

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
ScanWithAntiVirus REG_DWORD 0x2

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} REG_SZ 1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} REG_DWORD 0x1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} REG_DWORD 0x40000021
{0DF44EAA-FF21-4412-828E-260A8728E7F1} REG_DWORD 0x20

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ DEWITT-TJG5VAMT
DefaultUserName REG_SZ DeWitt
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x1
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x1
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ DeWitt
AltDefaultDomainName REG_SZ DEWITT-TJG5VAMT

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
<NO NAME> REG_SZ Wireless
ProcessGroupPolicy REG_SZ ProcessWIRELESSPolicy
DllName REG_EXPAND_SZ gptext.dll
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}
<NO NAME> REG_SZ Folder Redirection
ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx
DllName REG_EXPAND_SZ fdeploy.dll
NoMachinePolicy REG_DWORD 0x1
NoSlowLink REG_DWORD 0x1
PerUserLocalSettings REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x0
NoBackgroundPolicy REG_DWORD 0x0
GenerateGroupPolicy REG_SZ GenerateGroupPolicy
EventSources REG_MULTI_SZ (Folder Redirection,Application)\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}
<NO NAME> REG_SZ Microsoft Disk Quota
NoMachinePolicy REG_DWORD 0x0
NoUserPolicy REG_DWORD 0x1
NoSlowLink REG_DWORD 0x1
NoBackgroundPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
PerUserLocalSettings REG_DWORD 0x0
RequiresSuccessfulRegistry REG_DWORD 0x1
EnableAsynchronousProcessing REG_DWORD 0x0
DllName REG_EXPAND_SZ dskquota.dll
ProcessGroupPolicy REG_SZ ProcessGroupPolicy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}
<NO NAME> REG_SZ QoS Packet Scheduler
ProcessGroupPolicy REG_SZ ProcessPSCHEDPolicy
DllName REG_EXPAND_SZ gptext.dll
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}
<NO NAME> REG_SZ Scripts
ProcessGroupPolicy REG_SZ ProcessScriptsGroupPolicy
ProcessGroupPolicyEx REG_SZ ProcessScriptsGroupPolicyEx
GenerateGroupPolicy REG_SZ GenerateScriptsGroupPolicy
DllName REG_EXPAND_SZ gptext.dll
NoSlowLink REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
NotifyLinkTransition REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
<NO NAME> REG_SZ Internet Explorer Zonemapping
DllName REG_EXPAND_SZ iedkcs32.dll
ProcessGroupPolicy REG_SZ ProcessGroupPolicyForZoneMap
NoGPOListChanges REG_DWORD 0x1
RequiresSucessfulRegistry REG_DWORD 0x1
DisplayName REG_EXPAND_SZ @iedkcs32.dll,-3051

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
ProcessGroupPolicy REG_SZ SceProcessSecurityPolicyGPO
GenerateGroupPolicy REG_SZ SceGenerateGroupPolicy
ExtensionRsopPlanningDebugLevel REG_DWORD 0x1
ProcessGroupPolicyEx REG_SZ SceProcessSecurityPolicyGPOEx
ExtensionDebugLevel REG_DWORD 0x1
DllName REG_EXPAND_SZ scecli.dll
<NO NAME> REG_SZ Security
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
EnableAsynchronousProcessing REG_DWORD 0x1
MaxNoGPOListChangesInterval REG_DWORD 0x3c0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx
GenerateGroupPolicy REG_SZ GenerateGroupPolicy
ProcessGroupPolicy REG_SZ ProcessGroupPolicy
DllName REG_SZ iedkcs32.dll
<NO NAME> REG_SZ Internet Explorer Branding
NoSlowLink REG_DWORD 0x1
NoBackgroundPolicy REG_DWORD 0x0
NoGPOListChanges REG_DWORD 0x1
NoMachinePolicy REG_DWORD 0x1
DisplayName REG_EXPAND_SZ @iedkcs32.dll,-3014

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
ProcessGroupPolicy REG_SZ SceProcessEFSRecoveryGPO
DllName REG_EXPAND_SZ scecli.dll
<NO NAME> REG_SZ EFS recovery
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
<NO NAME> REG_SZ Software Installation
DllName REG_EXPAND_SZ appmgmts.dll
ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyObjectsEx
GenerateGroupPolicy REG_SZ GenerateGroupPolicy
NoBackgroundPolicy REG_DWORD 0x0
RequiresSucessfulRegistry REG_DWORD 0x0
NoSlowLink REG_DWORD 0x1
PerUserLocalSettings REG_DWORD 0x1
EventSources REG_MULTI_SZ (Application Management,Application)\0(MsiInstaller,Application)\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}
<NO NAME> REG_SZ IP Security
ProcessGroupPolicy REG_SZ ProcessIPSECPolicy
DllName REG_EXPAND_SZ gptext.dll
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
Asynchronous REG_DWORD 0x0
Impersonate REG_DWORD 0x0
DllName REG_EXPAND_SZ crypt32.dll
Logoff REG_SZ ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
Asynchronous REG_DWORD 0x0
Impersonate REG_DWORD 0x0
DllName REG_EXPAND_SZ cryptnet.dll
Logoff REG_SZ CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
DLLName REG_SZ cscdll.dll
Logon REG_SZ WinlogonLogonEvent
Logoff REG_SZ WinlogonLogoffEvent
ScreenSaver REG_SZ WinlogonScreenSaverEvent
Startup REG_SZ WinlogonStartupEvent
Shutdown REG_SZ WinlogonShutdownEvent
StartShell REG_SZ WinlogonStartShellEvent
Impersonate REG_DWORD 0x0
Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
DLLName REG_SZ wlnotify.dll
Logon REG_SZ SCardStartCertProp
Logoff REG_SZ SCardStopCertProp
Lock REG_SZ SCardSuspendCertProp
Unlock REG_SZ SCardResumeCertProp
Enabled REG_DWORD 0x1
Impersonate REG_DWORD 0x1
Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
Asynchronous REG_DWORD 0x0
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0x0
StartShell REG_SZ SchedStartShell
Logoff REG_SZ SchedEventLogOff

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
Logoff REG_SZ WLEventLogoff
Impersonate REG_DWORD 0x0
Asynchronous REG_DWORD 0x1
DllName REG_EXPAND_SZ sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
DLLName REG_SZ WlNotify.dll
Lock REG_SZ SensLockEvent
Logon REG_SZ SensLogonEvent
Logoff REG_SZ SensLogoffEvent
Safe REG_DWORD 0x1
MaxWait REG_DWORD 0x258
StartScreenSaver REG_SZ SensStartScreenSaverEvent
StopScreenSaver REG_SZ SensStopScreenSaverEvent
Startup REG_SZ SensStartupEvent
Shutdown REG_SZ SensShutdownEvent
StartShell REG_SZ SensStartShellEvent
PostShell REG_SZ SensPostShellEvent
Disconnect REG_SZ SensDisconnectEvent
Reconnect REG_SZ SensReconnectEvent
Unlock REG_SZ SensUnlockEvent
Impersonate REG_DWORD 0x1
Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
Asynchronous REG_DWORD 0x0
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0x0
Logoff REG_SZ TSEventLogoff
Logon REG_SZ TSEventLogon
PostShell REG_SZ TSEventPostShell
Shutdown REG_SZ TSEventShutdown
StartShell REG_SZ TSEventStartShell
Startup REG_SZ TSEventStartup
MaxWait REG_DWORD 0x258
Reconnect REG_SZ TSEventReconnect
Disconnect REG_SZ TSEventDisconnect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
Logon REG_SZ WLEventLogon
Logoff REG_SZ WLEventLogoff
Startup REG_SZ WLEventStartup
Shutdown REG_SZ WLEventShutdown
StartScreenSaver REG_SZ WLEventStartScreenSaver
StopScreenSaver REG_SZ WLEventStopScreenSaver
Lock REG_SZ WLEventLock
Unlock REG_SZ WLEventUnlock
StartShell REG_SZ WLEventStartShell
PostShell REG_SZ WLEventPostShell
Disconnect REG_SZ WLEventDisconnect
Reconnect REG_SZ WLEventReconnect
Impersonate REG_DWORD 0x1
Asynchronous REG_DWORD 0x0
SafeMode REG_DWORD 0x1
MaxWait REG_DWORD 0xffffffff
DllName REG_EXPAND_SZ WgaLogon.dll
Event REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings
Data REG_BINARY 01000000D08C9DDF0115D1118C7A00C04FC297EB01000000163233FA26EC284CA18760A5CCD2348E04000000040000005300000003660000A800000010000000CB8823443F692E1F46FBA6DFB82455040000000004800000A0000000100000000F7A6706E77F07D664B1A6A616F84787080600004ACE06BE4C3816142F6E391879FFE6A4D943E5FE17C47DC797BA9DD806E4826D24F30DEC50257320FACA3B8DBB281843767E59C84E970E2A4F1F953A89034166E1A64DA48914C8C2647BF6253A9A707F66B2CA8C665E14A525D06E3F8AFDACAD28E0221710AB10CAA2C3C81E19E30B46DCE1B28B2BEC1751A129016635A796E57431BFA10FEA7D4DF0384C1B4F67ECC92F6F7A7AE160B585446778ABA72E8504EE38FCC52C4396F17809349651033F67C01DFD181EAFD97148EC50D1D7FDD79A0FF5595F50190C700472349188A9C74A9CED10807234BEF8A679365150B95879418E68DB1500A1046FF18DFBD8B48BC5F1F78C5D2777B1925F89335653995F9E0794AA5DA0B7F52B2652BC44980B770AAB1462ACC5F82D31D0737E295F676E4574934A0E7DD576F668E02EC9BAE9AE9ECAC9A5D27B776649E9D5653947E1CFC2053989D047479D172585539086B247F8F83E11D33559F130744285FE8492E74C39CD3FEA756F01D86860DCDCED6B607A6346CB944B3B81AC69B93E3FB3C32574CFE76A7B7C491ABA9CD8B86C1E0EEF86648F62428189254BF09A69EEF9BB6A0AF8E908964E3275034E8232D3555188082E82B1D4021654A744F35A882291C0845B323609EEF697617D83718A1D78477450F724351E3951DE2B10D64D1742DB340DA86C6C59FB20305DBC70CABAF6F4113D9EC4597AC8E59F0B85AFF1B0A028D85B8234ED29627440A6164BF6793B086756EE77854180F82D8DF0A89BD8EC3FBD2C366E9B212DD8F87D987F829053BE263F38296F92A13CD112E84DEFEF98E375500C6FF511C851BE419FB966E75C4252C2168BF42D79A91CC518BB549DB155D9663230D089881672A237DA8177C8A804D9730DDDA7C07EC0CBF57175D1B276D97B591EE89B420B62F5A4836BE69991EA4196A2D1CAB518E3F7F720DB0AE1EDBD25072C4CE26C4240B250E19CFFA52302DDB6F6C0B06E643ABBED7DB5D638BFE1E9896EAE03DC680AB10603E3AEB61053524BA96E775BCAE5A8D2310D62F416D55D5B02F1412B9F75E3921B2540FDD965C63032654E3CF0FDA60AF67FEEDA9C207D2576D081E8DCAAE9EB154504B8C69173F8D1403309B727EF3732C2133EB991F8A5200CA803B3D7AAD42D12FBD50E3AD62C4A2F9F9F2476C79C46EC9A3410F84E110A55BE33DCDFD257A6746BB34882C53BAAD901E5EC1F44CD8F1A190D742462E42CBDD147D4CB424E62E02D66FC0C4915EABD557FF6B25E26C57618AB513091328FCE5E36C4877F1145A717C19E3F0B01249AF2B61CB5D33A3FE3CB2B5216AE37324D884D99A4BE4FCB9B3B4903D7BBFDD5FAF852440635A956DB434E0D0E324179D9C3A3DE9D8DC8A29AEEA05110F8361A031E5795AC76726CDFF15C2CF5D9273322910AD89E5C52008832C79D420E2370CD697B5320ECFCFF1CE55E468ADBF2E42FEDCEEAEBFA0947008F48F901612817C94701EF41712AE26EFE4DED6C8EB4EBE95B97720E7B97666A7D1BCED9EC8179EB832665461706ABD1B8E5E77E5D7A4B687B91D5BEAD395C8862810B0B31DC16DB64BB17E6D1BCEA56F06D8E34C21CF6A6E863EB267113EA02746E0DAC09FE48AB1698B51074B74E588F882ADE823DFE5EB5B2DD37B8BD6E87F875FE94BB27DDE1E4E8C62564A265DBE1A1348DED0D58A57982226528CC6E2E29A53A9BC6F7ADE4C75112111F61BB6E24292D9D4709006FB657AB642C09B022FF1CB6C9BF4442A10D8C24B497DF918FE25979D1DD5E6F63409E84959450E370F840A023C9266B6B69F345A5FDCE0CCCC9F7326FD6C454A27087583D008558B863E27FB82C4B47C038969B01A8D9AD68DAFBB3B26246BEE82EAF1ADB22C67E5FC2BFB7BA490C5897D744A4426F5CED002C73639B5759317FFBD21A16146CB36C32CACD2A41E24550C8F7996283B5CACAA01AC80349518043077A07CF80D2DE900CD6C472D0090529F98A4E3111A313260C185968116C5762BF7D5C35F0D272A23A1D6471B7FD98F9EA5E4F07416AD903D29F247A89EF48943B9F55DF573A30D3E21224086A9EC6F7BADACE4E802217DE9702B3085FCAF24D0A8AE145C72493136BA96EC838588E64C7229A9B82339937C0D5BA32C68E8A2EB7F9E9BB36109D2FE460A3D00F0622C336F8455AA71BFCAEA06E03285FEBDC9D4AD6319714000000072C542663C79351A93A6EA743CCE4124703F6C6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
DLLName REG_SZ wlnotify.dll
Logon REG_SZ RegisterTicketExpiredNotificationEvent
Logoff REG_SZ UnregisterTicketExpiredNotificationEvent
Impersonate REG_DWORD 0x1
Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
HelpAssistant REG_DWORD 0x0
TsInternetUser REG_DWORD 0x0
SQLAgentCmdExec REG_DWORD 0x0
NetShowServices REG_DWORD 0x0
IWAM_ REG_DWORD 0x10000
IUSR_ REG_DWORD 0x10000
VUSR_ REG_DWORD 0x10000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components
DeskHtmlVersion REG_DWORD 0x110
DeskHtmlMinorVersion REG_DWORD 0x5
Settings REG_DWORD 0x1
GeneralFlags REG_DWORD 0x5

HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0
Source REG_SZ About:Home
SubscribedURL REG_SZ About:Home
FriendlyName REG_SZ My Current Home Page
Flags REG_DWORD 0x2
Position REG_BINARY 2C0000005001000000000000400500001A040000000000000100000001000000010000000000000000000000
CurrentState REG_BINARY 04000040
OriginalStateInfo REG_BINARY 180000005001000000000000400500001A04000004000040
RestoredStateInfo REG_BINARY 180000005001000000000000400500001A04000001000000
 

gplracerx

Thread Starter
Joined
Nov 28, 2006
Messages
17
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, gplracerx :)

Download ComboFix from Here or Here. to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

gplracerx

Thread Starter
Joined
Nov 28, 2006
Messages
17
"DeWitt" - 07-01-19 20:54:04 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\DeWitt\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-19 to 2007-01-19 ))))))))))))))))))))))))))))))))))


2007-01-19 20:41 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-01-19 20:28 9,728 --a------ C:\WINDOWS\system32\drivers\ZuluXbar.sys
2007-01-19 20:28 9,216 --a------ C:\WINDOWS\system32\drivers\zl88aud.sys
2007-01-19 20:28 62,208 --a------ C:\WINDOWS\system32\drivers\ZuluVcap.sys
2007-01-19 20:28 26,112 --a------ C:\WINDOWS\system32\drivers\ZuluTcap.sys
2007-01-19 20:28 223,744 --a------ C:\WINDOWS\system32\drivers\zulubda.sys
2007-01-19 20:28 222,592 --a------ C:\WINDOWS\system32\drivers\ZuluTune.sys
2007-01-19 20:28 19,200 --a------ C:\WINDOWS\system32\drivers\zl88tcap.sys
2007-01-19 20:28 189,312 --a------ C:\WINDOWS\system32\drivers\zl88vcap.sys
2007-01-19 20:28 168,320 --a------ C:\WINDOWS\system32\drivers\zl88bda.sys
2007-01-19 20:28 167,424 --a------ C:\WINDOWS\system32\drivers\zl88tune.sys
2007-01-19 20:28 10,368 --a------ C:\WINDOWS\system32\drivers\zl88xbar.sys
2007-01-19 20:27 308,736 --a------ C:\WINDOWS\system32\drivers\bluebird2.sys
2007-01-19 20:15 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-19 20:07 <DIR> d-------- C:\WINDOWS\pss
2007-01-19 17:20 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-01-11 03:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-10 18:13 <DIR> d-------- C:\Program Files\DVICO
2007-01-07 23:03 <DIR> d-------- C:\Program Files\CyberLink
2007-01-07 18:31 69,632 --a------ C:\WINDOWS\system32\3DES.dll
2007-01-07 18:31 65,536 --a------ C:\WINDOWS\system32\dmcrypto.dll
2007-01-07 18:30 <DIR> d-------- C:\WINDOWS\system32\hauppauge
2007-01-07 18:30 <DIR> d-------- C:\MyVideos
2007-01-07 18:29 <DIR> d-------- C:\Program Files\WinTV
2007-01-07 18:23 40,960 -ra------ C:\WINDOWS\system32\bdadll.dll
2007-01-07 18:23 292,864 -ra------ C:\WINDOWS\system32\drivers\emBDA.sys
2007-01-07 18:23 27,904 -ra------ C:\WINDOWS\system32\drivers\emOEM.sys
2007-01-03 18:47 60,416 --------- C:\WINDOWS\system32\tzchange.exe
2007-01-03 14:53 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-01-03 14:53 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-12-29 15:32 <DIR> d-------- C:\NVIDIA
2006-12-27 22:56 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2006-12-27 22:56 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2006-12-27 22:56 368,640 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2006-12-27 22:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2006-12-27 22:56 28,205 --a------ C:\WINDOWS\system32\ANIO.sys
2006-12-27 22:56 221,184 --a------ C:\WINDOWS\system32\wlanapi.dll
2006-12-27 22:56 212,992 --a------ C:\WINDOWS\system32\aIPH.dll
2006-12-27 22:56 143,360 --a------ C:\WINDOWS\system32\WlanApp.dll
2006-12-27 22:56 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2006-12-27 22:56 1,323,095 --a------ C:\WINDOWS\system32\odSupp_M.dll
2006-12-27 22:56 <DIR> d-------- C:\Program Files\ANI
2006-12-27 22:56 <DIR> d-------- C:\Program Files\Alpha Networks
2006-12-27 18:47 57,344 --a------ C:\WINDOWS\system32\video_core.dll
2006-12-27 18:47 241,664 --a------ C:\WINDOWS\system32\ZuluAuthen.DLL
2006-12-25 02:44 13,396 --a------ C:\WINDOWS\system32\drivers\MTictwl.sys
2006-12-25 02:44 <DIR> d-------- C:\Program Files\SEC
2006-12-19 11:34 <DIR> d-------- C:\Program Files\GPL Replay Analyser


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-19 20:15 -------- d-------- C:\Program Files\java
2007-01-19 19:16 -------- d-------- C:\DOCUME~1\DeWitt\Application Data\adobe
2007-01-19 19:15 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-19 16:57 -------- d-------- C:\Program Files\Common Files\ahead
2007-01-19 16:32 -------- d-------- C:\Program Files\windows defender
2007-01-19 16:32 -------- d-------- C:\Program Files\siteadvisor
2007-01-19 16:31 -------- d-------- C:\Program Files\itunes
2007-01-19 15:09 -------- d-------- C:\DOCUME~1\DeWitt\Application Data\siteadvisor
2007-01-07 23:03 -------- d--h----- C:\Program Files\installshield installation information
2007-01-03 10:46 -------- d-------- C:\DOCUME~1\DeWitt\Application Data\ahead
2007-01-02 23:20 -------- d-------- C:\Program Files\creative
2006-12-30 03:57 86016 --a------ C:\WINDOWS\system32\openal32.dll
2006-12-30 03:57 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-12-27 22:37 -------- d-------- C:\Program Files\d-link
2006-12-08 22:59 -------- d-------- C:\Program Files\mcafee.com
2006-12-08 22:47 -------- d-------- C:\DOCUME~1\DeWitt\Application Data\mcafee
2006-12-05 22:54 -------- d-------- C:\Program Files\quicktime
2006-12-05 22:54 -------- d-------- C:\Program Files\ipod
2006-12-03 01:11 -------- d-------- C:\Program Files\windows media connect 2
2006-11-28 17:27 -------- d-------- C:\Program Files\nero
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ATI Scheduler"="C:\\Program Files\\ATI Multimedia\\main\\ATISched.EXE"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AcctMgr"="H:\\Program Files\\Norton SystemWorks\\Password Manager\\AcctMgr.exe /startup"
"zBrowser Launcher"="H:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"QD FastAndSafe"=""
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"ASUS Probe"="H:\\Program Files\\ASUS\\Asus Probe\\AsusProb.exe"
"CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\""
"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"amd_dc_opt"="\"C:\\Program Files\\AMD\\amd_dc_opt\\amd_dc_opt.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"D-Link AirPlus XtremeG"="H:\\Program Files\\D-Link\\AirPlus Xtreme G\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"LanguageShortcut"="\"H:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"FusionTrayAgent"="C:\\Program Files\\DVICO\\FusionHDTV\\FusionHdtvTray.exe"
"FusionRemote"="C:\\Program Files\\DVICO\\FusionHDTV\\Remote\\FusionRc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fbf5fae-5776-11d9-9e6d-000f3da9241a}]
Shell\AutoRun\command J:\JDSecure\Windows\JDSecure20.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DEWITT-TJG5VAMT-DeWitt).job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

Completion time: 07-01-19 20:55:11
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, gplracerx :)

I see no sign of malware in your computer. I would suggest that you reinstall the Microsoft Task Manager:

NOTE: You must be logged on as Administrator or as a member of the Administrators group in order to perform this procedure.

1. Click Start , click Run , and then type (Copy and Paste) the following command:
%systemroot%\inf

NOTE : There are no spaces at all in the preceding command line.

2. Click OK to open the INF folder.
3. Locate the file mstask.inf
4. Right-click the file, and then click Install .

You will be asked to place your windows XP cd rom in the drive.

Keep me posted.
 

gplracerx

Thread Starter
Joined
Nov 28, 2006
Messages
17
I tried what you suggested and it didn't help. Then I started looking and found the mstask help file. When I opened it, it was about task scheduler. There is a taskmgr.exe file which I assume is task manager. I'll try replacing the current version with the one from the Service Pack Files.
 

gplracerx

Thread Starter
Joined
Nov 28, 2006
Messages
17
I forgot I had my video card set to dual display mode. Somehow the Task Manager window got dragged off into the neverland between monitors (well actually between my monitor and TV). As soon as I reset to single display, everything was back to normal. Thanks for all your prompt replies anyway.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top