1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Task Manager window won't open

Discussion in 'Virus & Other Malware Removal' started by gplracerx, Jan 19, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. gplracerx

    gplracerx Thread Starter

    Joined:
    Nov 28, 2006
    Messages:
    17
    When I ctrl-alt-del, the task manager cpu usage icon appears in the system tray and a button appears on the task bar, but I can't see the task manager window. Panda active scan detects nothing and I am running McAfee 2006 antivirus and firewall as well as Windows Defender, AdAware and Spybot with no problems detected.

    system
    WinXP Pro SP2 fully updated
    Athlon X2 4800+
    Asus A8V Deluxe
    2GB memory
     
  2. JohnTheNutter

    JohnTheNutter

    Joined:
    Jan 3, 2007
    Messages:
    72
    Go to http://www.spywareinfo.com/~merijn/programs.php to download HJTsetup.exe
    As you will be asked for this, then follow these instructions and wait for a gold shield member to check your log

    * Save HJTsetup.exe to your desktop.
    * Double click on the HJTsetup.exe icon on your desktop.
    * By default it will install to C:\Program Files\Hijack This.
    * Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    * Put a check by Create a desktop icon then click Next again.
    * Continue to follow the rest of the prompts from there.
    * At the final dialogue box click Finish and it will launch Hijack This.
    * Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
    * Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    * Paste the log in your next reply.
    * DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. gplracerx

    gplracerx Thread Starter

    Joined:
    Nov 28, 2006
    Messages:
    17
    Logfile of HijackThis v1.99.1
    Scan saved at 7:26:27 PM, on 1/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    H:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    H:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    H:\Program Files\ASUS\Asus Probe\AsusProb.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    H:\Program Files\Logitech\MouseWare\system\em_exec.exe
    H:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    H:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\DVICO\FusionHDTV\FusionHdtvTray.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\DVICO\FusionHDTV\Remote\FusionRc.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
    H:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\DeWitt\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techcentralstation.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [AcctMgr] H:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [zBrowser Launcher] H:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [ASUS Probe] H:\Program Files\ASUS\Asus Probe\AsusProb.exe
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] H:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [FusionTrayAgent] C:\Program Files\DVICO\FusionHDTV\FusionHdtvTray.exe
    O4 - HKLM\..\Run: [FusionRemote] C:\Program Files\DVICO\FusionHDTV\Remote\FusionRc.exe
    O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\microsoft office\Office10\OSA.EXE
    O4 - Global Startup: NCProTray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120155158687
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1120155499968
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Speed Disk service - Unknown owner - H:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  4. JohnTheNutter

    JohnTheNutter

    Joined:
    Jan 3, 2007
    Messages:
    72
    While you are waiting for a gold shield member to check your log I would advise you to do this:

    Ugrading Java: http://java.sun.com/javase/downloads/index.jsp

    * Download the latest version of Java Runtime Environment (JRE) 6.
    * Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    * Click the "Download" button to the right.
    * Check the box that says: "Accept License Agreement".
    * The page will refresh.
    * Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    * Close any programs you may have running - especially your web browser.
    * Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    * Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    * Click the Remove or Change/Remove button.
    * Repeat as many times as necessary to remove each Java version.
    * Reboot your computer once all Java components are removed.
    * Then from your desktop double-click on the download to install the newest version.
     
  5. JohnTheNutter

    JohnTheNutter

    Joined:
    Jan 3, 2007
    Messages:
    72
    Sorry sjpritch25, did not see you there! Think we posted at the same time!
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, gplracerx :)

    Welcome to TSG.

    Download the enclosed file. Save and extract its contents to the desktop. It is a folder containing a batch file, Policies.bat . Once extracted, double click on the Policies.bat file. A new document will be produced. Post its contents in a reply.
     

    Attached Files:

  7. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    I have attached a filenamed regfind.zip, please download regfind.zip. Unzip/Extract regfind.bat to your Desktop, double-click on regfind.bat a DOS windows will appear and disappear (don't worry this is normal). A file named test.txt will appear on your Desktop, please copy and paste the contents of that file in your next reply. Thanks.
     

    Attached Files:

  8. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    JSntgRvr, you read my mind!!!!!:rolleyes: (y)
     
  9. gplracerx

    gplracerx Thread Starter

    Joined:
    Nov 28, 2006
    Messages:
    17
    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoDriveTypeAutoRun REG_DWORD 0x91

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    ScanWithAntiVirus REG_DWORD 0x2

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    {17492023-C23A-453E-A040-C7C580BBF700} REG_SZ 1

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} REG_DWORD 0x1
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} REG_DWORD 0x40000021
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} REG_DWORD 0x20

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system
    dontdisplaylastusername REG_DWORD 0x0
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 0x1
    undockwithoutlogon REG_DWORD 0x1

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    AutoRestartShell REG_DWORD 0x1
    DefaultDomainName REG_SZ DEWITT-TJG5VAMT
    DefaultUserName REG_SZ DeWitt
    LegalNoticeCaption REG_SZ
    LegalNoticeText REG_SZ
    PowerdownAfterShutdown REG_SZ 0
    ReportBootOk REG_SZ 1
    Shell REG_SZ Explorer.exe
    ShutdownWithoutLogon REG_SZ 0
    System REG_SZ
    Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
    VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
    SfcQuota REG_DWORD 0xffffffff
    allocatecdroms REG_SZ 0
    allocatedasd REG_SZ 0
    allocatefloppies REG_SZ 0
    cachedlogonscount REG_SZ 10
    forceunlocklogon REG_DWORD 0x0
    passwordexpirywarning REG_DWORD 0xe
    scremoveoption REG_SZ 0
    AllowMultipleTSSessions REG_DWORD 0x1
    UIHost REG_EXPAND_SZ logonui.exe
    LogonType REG_DWORD 0x1
    Background REG_SZ 0 0 0
    DebugServerCommand REG_SZ no
    SFCDisable REG_DWORD 0x0
    WinStationsDisabled REG_SZ 0
    HibernationPreviouslyEnabled REG_DWORD 0x1
    ShowLogonOptions REG_DWORD 0x0
    AltDefaultUserName REG_SZ DeWitt
    AltDefaultDomainName REG_SZ DEWITT-TJG5VAMT

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
    <NO NAME> REG_SZ Wireless
    ProcessGroupPolicy REG_SZ ProcessWIRELESSPolicy
    DllName REG_EXPAND_SZ gptext.dll
    NoUserPolicy REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}
    <NO NAME> REG_SZ Folder Redirection
    ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx
    DllName REG_EXPAND_SZ fdeploy.dll
    NoMachinePolicy REG_DWORD 0x1
    NoSlowLink REG_DWORD 0x1
    PerUserLocalSettings REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x0
    NoBackgroundPolicy REG_DWORD 0x0
    GenerateGroupPolicy REG_SZ GenerateGroupPolicy
    EventSources REG_MULTI_SZ (Folder Redirection,Application)\0\0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}
    <NO NAME> REG_SZ Microsoft Disk Quota
    NoMachinePolicy REG_DWORD 0x0
    NoUserPolicy REG_DWORD 0x1
    NoSlowLink REG_DWORD 0x1
    NoBackgroundPolicy REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1
    PerUserLocalSettings REG_DWORD 0x0
    RequiresSuccessfulRegistry REG_DWORD 0x1
    EnableAsynchronousProcessing REG_DWORD 0x0
    DllName REG_EXPAND_SZ dskquota.dll
    ProcessGroupPolicy REG_SZ ProcessGroupPolicy

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}
    <NO NAME> REG_SZ QoS Packet Scheduler
    ProcessGroupPolicy REG_SZ ProcessPSCHEDPolicy
    DllName REG_EXPAND_SZ gptext.dll
    NoUserPolicy REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}
    <NO NAME> REG_SZ Scripts
    ProcessGroupPolicy REG_SZ ProcessScriptsGroupPolicy
    ProcessGroupPolicyEx REG_SZ ProcessScriptsGroupPolicyEx
    GenerateGroupPolicy REG_SZ GenerateScriptsGroupPolicy
    DllName REG_EXPAND_SZ gptext.dll
    NoSlowLink REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1
    NotifyLinkTransition REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
    <NO NAME> REG_SZ Internet Explorer Zonemapping
    DllName REG_EXPAND_SZ iedkcs32.dll
    ProcessGroupPolicy REG_SZ ProcessGroupPolicyForZoneMap
    NoGPOListChanges REG_DWORD 0x1
    RequiresSucessfulRegistry REG_DWORD 0x1
    DisplayName REG_EXPAND_SZ @iedkcs32.dll,-3051

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
    ProcessGroupPolicy REG_SZ SceProcessSecurityPolicyGPO
    GenerateGroupPolicy REG_SZ SceGenerateGroupPolicy
    ExtensionRsopPlanningDebugLevel REG_DWORD 0x1
    ProcessGroupPolicyEx REG_SZ SceProcessSecurityPolicyGPOEx
    ExtensionDebugLevel REG_DWORD 0x1
    DllName REG_EXPAND_SZ scecli.dll
    <NO NAME> REG_SZ Security
    NoUserPolicy REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1
    EnableAsynchronousProcessing REG_DWORD 0x1
    MaxNoGPOListChangesInterval REG_DWORD 0x3c0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
    ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx
    GenerateGroupPolicy REG_SZ GenerateGroupPolicy
    ProcessGroupPolicy REG_SZ ProcessGroupPolicy
    DllName REG_SZ iedkcs32.dll
    <NO NAME> REG_SZ Internet Explorer Branding
    NoSlowLink REG_DWORD 0x1
    NoBackgroundPolicy REG_DWORD 0x0
    NoGPOListChanges REG_DWORD 0x1
    NoMachinePolicy REG_DWORD 0x1
    DisplayName REG_EXPAND_SZ @iedkcs32.dll,-3014

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
    ProcessGroupPolicy REG_SZ SceProcessEFSRecoveryGPO
    DllName REG_EXPAND_SZ scecli.dll
    <NO NAME> REG_SZ EFS recovery
    NoUserPolicy REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1
    RequiresSuccessfulRegistry REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
    <NO NAME> REG_SZ Software Installation
    DllName REG_EXPAND_SZ appmgmts.dll
    ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyObjectsEx
    GenerateGroupPolicy REG_SZ GenerateGroupPolicy
    NoBackgroundPolicy REG_DWORD 0x0
    RequiresSucessfulRegistry REG_DWORD 0x0
    NoSlowLink REG_DWORD 0x1
    PerUserLocalSettings REG_DWORD 0x1
    EventSources REG_MULTI_SZ (Application Management,Application)\0(MsiInstaller,Application)\0\0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}
    <NO NAME> REG_SZ IP Security
    ProcessGroupPolicy REG_SZ ProcessIPSECPolicy
    DllName REG_EXPAND_SZ gptext.dll
    NoUserPolicy REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    Asynchronous REG_DWORD 0x0
    Impersonate REG_DWORD 0x0
    DllName REG_EXPAND_SZ crypt32.dll
    Logoff REG_SZ ChainWlxLogoffEvent

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    Asynchronous REG_DWORD 0x0
    Impersonate REG_DWORD 0x0
    DllName REG_EXPAND_SZ cryptnet.dll
    Logoff REG_SZ CryptnetWlxLogoffEvent

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    DLLName REG_SZ cscdll.dll
    Logon REG_SZ WinlogonLogonEvent
    Logoff REG_SZ WinlogonLogoffEvent
    ScreenSaver REG_SZ WinlogonScreenSaverEvent
    Startup REG_SZ WinlogonStartupEvent
    Shutdown REG_SZ WinlogonShutdownEvent
    StartShell REG_SZ WinlogonStartShellEvent
    Impersonate REG_DWORD 0x0
    Asynchronous REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    DLLName REG_SZ wlnotify.dll
    Logon REG_SZ SCardStartCertProp
    Logoff REG_SZ SCardStopCertProp
    Lock REG_SZ SCardSuspendCertProp
    Unlock REG_SZ SCardResumeCertProp
    Enabled REG_DWORD 0x1
    Impersonate REG_DWORD 0x1
    Asynchronous REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    Asynchronous REG_DWORD 0x0
    DllName REG_EXPAND_SZ wlnotify.dll
    Impersonate REG_DWORD 0x0
    StartShell REG_SZ SchedStartShell
    Logoff REG_SZ SchedEventLogOff

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    Logoff REG_SZ WLEventLogoff
    Impersonate REG_DWORD 0x0
    Asynchronous REG_DWORD 0x1
    DllName REG_EXPAND_SZ sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    DLLName REG_SZ WlNotify.dll
    Lock REG_SZ SensLockEvent
    Logon REG_SZ SensLogonEvent
    Logoff REG_SZ SensLogoffEvent
    Safe REG_DWORD 0x1
    MaxWait REG_DWORD 0x258
    StartScreenSaver REG_SZ SensStartScreenSaverEvent
    StopScreenSaver REG_SZ SensStopScreenSaverEvent
    Startup REG_SZ SensStartupEvent
    Shutdown REG_SZ SensShutdownEvent
    StartShell REG_SZ SensStartShellEvent
    PostShell REG_SZ SensPostShellEvent
    Disconnect REG_SZ SensDisconnectEvent
    Reconnect REG_SZ SensReconnectEvent
    Unlock REG_SZ SensUnlockEvent
    Impersonate REG_DWORD 0x1
    Asynchronous REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    Asynchronous REG_DWORD 0x0
    DllName REG_EXPAND_SZ wlnotify.dll
    Impersonate REG_DWORD 0x0
    Logoff REG_SZ TSEventLogoff
    Logon REG_SZ TSEventLogon
    PostShell REG_SZ TSEventPostShell
    Shutdown REG_SZ TSEventShutdown
    StartShell REG_SZ TSEventStartShell
    Startup REG_SZ TSEventStartup
    MaxWait REG_DWORD 0x258
    Reconnect REG_SZ TSEventReconnect
    Disconnect REG_SZ TSEventDisconnect

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
    Logon REG_SZ WLEventLogon
    Logoff REG_SZ WLEventLogoff
    Startup REG_SZ WLEventStartup
    Shutdown REG_SZ WLEventShutdown
    StartScreenSaver REG_SZ WLEventStartScreenSaver
    StopScreenSaver REG_SZ WLEventStopScreenSaver
    Lock REG_SZ WLEventLock
    Unlock REG_SZ WLEventUnlock
    StartShell REG_SZ WLEventStartShell
    PostShell REG_SZ WLEventPostShell
    Disconnect REG_SZ WLEventDisconnect
    Reconnect REG_SZ WLEventReconnect
    Impersonate REG_DWORD 0x1
    Asynchronous REG_DWORD 0x0
    SafeMode REG_DWORD 0x1
    MaxWait REG_DWORD 0xffffffff
    DllName REG_EXPAND_SZ WgaLogon.dll
    Event REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings
    Data REG_BINARY 01000000D08C9DDF0115D1118C7A00C04FC297EB01000000163233FA26EC284CA18760A5CCD2348E04000000040000005300000003660000A800000010000000CB8823443F692E1F46FBA6DFB82455040000000004800000A0000000100000000F7A6706E77F07D664B1A6A616F84787080600004ACE06BE4C3816142F6E391879FFE6A4D943E5FE17C47DC797BA9DD806E4826D24F30DEC50257320FACA3B8DBB281843767E59C84E970E2A4F1F953A89034166E1A64DA48914C8C2647BF6253A9A707F66B2CA8C665E14A525D06E3F8AFDACAD28E0221710AB10CAA2C3C81E19E30B46DCE1B28B2BEC1751A129016635A796E57431BFA10FEA7D4DF0384C1B4F67ECC92F6F7A7AE160B585446778ABA72E8504EE38FCC52C4396F17809349651033F67C01DFD181EAFD97148EC50D1D7FDD79A0FF5595F50190C700472349188A9C74A9CED10807234BEF8A679365150B95879418E68DB1500A1046FF18DFBD8B48BC5F1F78C5D2777B1925F89335653995F9E0794AA5DA0B7F52B2652BC44980B770AAB1462ACC5F82D31D0737E295F676E4574934A0E7DD576F668E02EC9BAE9AE9ECAC9A5D27B776649E9D5653947E1CFC2053989D047479D172585539086B247F8F83E11D33559F130744285FE8492E74C39CD3FEA756F01D86860DCDCED6B607A6346CB944B3B81AC69B93E3FB3C32574CFE76A7B7C491ABA9CD8B86C1E0EEF86648F62428189254BF09A69EEF9BB6A0AF8E908964E3275034E8232D3555188082E82B1D4021654A744F35A882291C0845B323609EEF697617D83718A1D78477450F724351E3951DE2B10D64D1742DB340DA86C6C59FB20305DBC70CABAF6F4113D9EC4597AC8E59F0B85AFF1B0A028D85B8234ED29627440A6164BF6793B086756EE77854180F82D8DF0A89BD8EC3FBD2C366E9B212DD8F87D987F829053BE263F38296F92A13CD112E84DEFEF98E375500C6FF511C851BE419FB966E75C4252C2168BF42D79A91CC518BB549DB155D9663230D089881672A237DA8177C8A804D9730DDDA7C07EC0CBF57175D1B276D97B591EE89B420B62F5A4836BE69991EA4196A2D1CAB518E3F7F720DB0AE1EDBD25072C4CE26C4240B250E19CFFA52302DDB6F6C0B06E643ABBED7DB5D638BFE1E9896EAE03DC680AB10603E3AEB61053524BA96E775BCAE5A8D2310D62F416D55D5B02F1412B9F75E3921B2540FDD965C63032654E3CF0FDA60AF67FEEDA9C207D2576D081E8DCAAE9EB154504B8C69173F8D1403309B727EF3732C2133EB991F8A5200CA803B3D7AAD42D12FBD50E3AD62C4A2F9F9F2476C79C46EC9A3410F84E110A55BE33DCDFD257A6746BB34882C53BAAD901E5EC1F44CD8F1A190D742462E42CBDD147D4CB424E62E02D66FC0C4915EABD557FF6B25E26C57618AB513091328FCE5E36C4877F1145A717C19E3F0B01249AF2B61CB5D33A3FE3CB2B5216AE37324D884D99A4BE4FCB9B3B4903D7BBFDD5FAF852440635A956DB434E0D0E324179D9C3A3DE9D8DC8A29AEEA05110F8361A031E5795AC76726CDFF15C2CF5D9273322910AD89E5C52008832C79D420E2370CD697B5320ECFCFF1CE55E468ADBF2E42FEDCEEAEBFA0947008F48F901612817C94701EF41712AE26EFE4DED6C8EB4EBE95B97720E7B97666A7D1BCED9EC8179EB832665461706ABD1B8E5E77E5D7A4B687B91D5BEAD395C8862810B0B31DC16DB64BB17E6D1BCEA56F06D8E34C21CF6A6E863EB267113EA02746E0DAC09FE48AB1698B51074B74E588F882ADE823DFE5EB5B2DD37B8BD6E87F875FE94BB27DDE1E4E8C62564A265DBE1A1348DED0D58A57982226528CC6E2E29A53A9BC6F7ADE4C75112111F61BB6E24292D9D4709006FB657AB642C09B022FF1CB6C9BF4442A10D8C24B497DF918FE25979D1DD5E6F63409E84959450E370F840A023C9266B6B69F345A5FDCE0CCCC9F7326FD6C454A27087583D008558B863E27FB82C4B47C038969B01A8D9AD68DAFBB3B26246BEE82EAF1ADB22C67E5FC2BFB7BA490C5897D744A4426F5CED002C73639B5759317FFBD21A16146CB36C32CACD2A41E24550C8F7996283B5CACAA01AC80349518043077A07CF80D2DE900CD6C472D0090529F98A4E3111A313260C185968116C5762BF7D5C35F0D272A23A1D6471B7FD98F9EA5E4F07416AD903D29F247A89EF48943B9F55DF573A30D3E21224086A9EC6F7BADACE4E802217DE9702B3085FCAF24D0A8AE145C72493136BA96EC838588E64C7229A9B82339937C0D5BA32C68E8A2EB7F9E9BB36109D2FE460A3D00F0622C336F8455AA71BFCAEA06E03285FEBDC9D4AD6319714000000072C542663C79351A93A6EA743CCE4124703F6C6

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    DLLName REG_SZ wlnotify.dll
    Logon REG_SZ RegisterTicketExpiredNotificationEvent
    Logoff REG_SZ UnregisterTicketExpiredNotificationEvent
    Impersonate REG_DWORD 0x1
    Asynchronous REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
    HelpAssistant REG_DWORD 0x0
    TsInternetUser REG_DWORD 0x0
    SQLAgentCmdExec REG_DWORD 0x0
    NetShowServices REG_DWORD 0x0
    IWAM_ REG_DWORD 0x10000
    IUSR_ REG_DWORD 0x10000
    VUSR_ REG_DWORD 0x10000

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components
    DeskHtmlVersion REG_DWORD 0x110
    DeskHtmlMinorVersion REG_DWORD 0x5
    Settings REG_DWORD 0x1
    GeneralFlags REG_DWORD 0x5

    HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0
    Source REG_SZ About:Home
    SubscribedURL REG_SZ About:Home
    FriendlyName REG_SZ My Current Home Page
    Flags REG_DWORD 0x2
    Position REG_BINARY 2C0000005001000000000000400500001A040000000000000100000001000000010000000000000000000000
    CurrentState REG_BINARY 04000040
    OriginalStateInfo REG_BINARY 180000005001000000000000400500001A04000004000040
    RestoredStateInfo REG_BINARY 180000005001000000000000400500001A04000001000000
     
  10. gplracerx

    gplracerx Thread Starter

    Joined:
    Nov 28, 2006
    Messages:
    17
    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:00000091
     
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, gplracerx :)

    Download ComboFix from Here or Here. to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  12. gplracerx

    gplracerx Thread Starter

    Joined:
    Nov 28, 2006
    Messages:
    17
    "DeWitt" - 07-01-19 20:54:04 Service Pack 2
    ComboFix 07-01-18 - Running from: "C:\Documents and Settings\DeWitt\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-19 to 2007-01-19 ))))))))))))))))))))))))))))))))))


    2007-01-19 20:41 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
    2007-01-19 20:28 9,728 --a------ C:\WINDOWS\system32\drivers\ZuluXbar.sys
    2007-01-19 20:28 9,216 --a------ C:\WINDOWS\system32\drivers\zl88aud.sys
    2007-01-19 20:28 62,208 --a------ C:\WINDOWS\system32\drivers\ZuluVcap.sys
    2007-01-19 20:28 26,112 --a------ C:\WINDOWS\system32\drivers\ZuluTcap.sys
    2007-01-19 20:28 223,744 --a------ C:\WINDOWS\system32\drivers\zulubda.sys
    2007-01-19 20:28 222,592 --a------ C:\WINDOWS\system32\drivers\ZuluTune.sys
    2007-01-19 20:28 19,200 --a------ C:\WINDOWS\system32\drivers\zl88tcap.sys
    2007-01-19 20:28 189,312 --a------ C:\WINDOWS\system32\drivers\zl88vcap.sys
    2007-01-19 20:28 168,320 --a------ C:\WINDOWS\system32\drivers\zl88bda.sys
    2007-01-19 20:28 167,424 --a------ C:\WINDOWS\system32\drivers\zl88tune.sys
    2007-01-19 20:28 10,368 --a------ C:\WINDOWS\system32\drivers\zl88xbar.sys
    2007-01-19 20:27 308,736 --a------ C:\WINDOWS\system32\drivers\bluebird2.sys
    2007-01-19 20:15 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-01-19 20:07 <DIR> d-------- C:\WINDOWS\pss
    2007-01-19 17:20 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-01-11 03:00 <DIR> d-------- C:\WINDOWS\ie7updates
    2007-01-10 18:13 <DIR> d-------- C:\Program Files\DVICO
    2007-01-07 23:03 <DIR> d-------- C:\Program Files\CyberLink
    2007-01-07 18:31 69,632 --a------ C:\WINDOWS\system32\3DES.dll
    2007-01-07 18:31 65,536 --a------ C:\WINDOWS\system32\dmcrypto.dll
    2007-01-07 18:30 <DIR> d-------- C:\WINDOWS\system32\hauppauge
    2007-01-07 18:30 <DIR> d-------- C:\MyVideos
    2007-01-07 18:29 <DIR> d-------- C:\Program Files\WinTV
    2007-01-07 18:23 40,960 -ra------ C:\WINDOWS\system32\bdadll.dll
    2007-01-07 18:23 292,864 -ra------ C:\WINDOWS\system32\drivers\emBDA.sys
    2007-01-07 18:23 27,904 -ra------ C:\WINDOWS\system32\drivers\emOEM.sys
    2007-01-03 18:47 60,416 --------- C:\WINDOWS\system32\tzchange.exe
    2007-01-03 14:53 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2007-01-03 14:53 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
    2006-12-29 15:32 <DIR> d-------- C:\NVIDIA
    2006-12-27 22:56 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
    2006-12-27 22:56 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
    2006-12-27 22:56 368,640 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
    2006-12-27 22:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
    2006-12-27 22:56 28,205 --a------ C:\WINDOWS\system32\ANIO.sys
    2006-12-27 22:56 221,184 --a------ C:\WINDOWS\system32\wlanapi.dll
    2006-12-27 22:56 212,992 --a------ C:\WINDOWS\system32\aIPH.dll
    2006-12-27 22:56 143,360 --a------ C:\WINDOWS\system32\WlanApp.dll
    2006-12-27 22:56 11,904 --a------ C:\WINDOWS\system32\anio4.sys
    2006-12-27 22:56 1,323,095 --a------ C:\WINDOWS\system32\odSupp_M.dll
    2006-12-27 22:56 <DIR> d-------- C:\Program Files\ANI
    2006-12-27 22:56 <DIR> d-------- C:\Program Files\Alpha Networks
    2006-12-27 18:47 57,344 --a------ C:\WINDOWS\system32\video_core.dll
    2006-12-27 18:47 241,664 --a------ C:\WINDOWS\system32\ZuluAuthen.DLL
    2006-12-25 02:44 13,396 --a------ C:\WINDOWS\system32\drivers\MTictwl.sys
    2006-12-25 02:44 <DIR> d-------- C:\Program Files\SEC
    2006-12-19 11:34 <DIR> d-------- C:\Program Files\GPL Replay Analyser


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-19 20:15 -------- d-------- C:\Program Files\java
    2007-01-19 19:16 -------- d-------- C:\DOCUME~1\DeWitt\Application Data\adobe
    2007-01-19 19:15 -------- d-------- C:\Program Files\Common Files\adobe
    2007-01-19 16:57 -------- d-------- C:\Program Files\Common Files\ahead
    2007-01-19 16:32 -------- d-------- C:\Program Files\windows defender
    2007-01-19 16:32 -------- d-------- C:\Program Files\siteadvisor
    2007-01-19 16:31 -------- d-------- C:\Program Files\itunes
    2007-01-19 15:09 -------- d-------- C:\DOCUME~1\DeWitt\Application Data\siteadvisor
    2007-01-07 23:03 -------- d--h----- C:\Program Files\installshield installation information
    2007-01-03 10:46 -------- d-------- C:\DOCUME~1\DeWitt\Application Data\ahead
    2007-01-02 23:20 -------- d-------- C:\Program Files\creative
    2006-12-30 03:57 86016 --a------ C:\WINDOWS\system32\openal32.dll
    2006-12-30 03:57 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2006-12-27 22:37 -------- d-------- C:\Program Files\d-link
    2006-12-08 22:59 -------- d-------- C:\Program Files\mcafee.com
    2006-12-08 22:47 -------- d-------- C:\DOCUME~1\DeWitt\Application Data\mcafee
    2006-12-05 22:54 -------- d-------- C:\Program Files\quicktime
    2006-12-05 22:54 -------- d-------- C:\Program Files\ipod
    2006-12-03 01:11 -------- d-------- C:\Program Files\windows media connect 2
    2006-11-28 17:27 -------- d-------- C:\Program Files\nero
    2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ATI Scheduler"="C:\\Program Files\\ATI Multimedia\\main\\ATISched.EXE"
    "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
    "Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AcctMgr"="H:\\Program Files\\Norton SystemWorks\\Password Manager\\AcctMgr.exe /startup"
    "zBrowser Launcher"="H:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
    "Logitech Utility"="Logi_MwX.Exe"
    "QD FastAndSafe"=""
    "AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
    "ASUS Probe"="H:\\Program Files\\ASUS\\Asus Probe\\AsusProb.exe"
    "CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\""
    "RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
    "VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"
    "CTHelper"="CTHELPER.EXE"
    "CTxfiHlp"="CTXFIHLP.EXE"
    "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
    "amd_dc_opt"="\"C:\\Program Files\\AMD\\amd_dc_opt\\amd_dc_opt.exe\""
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
    "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
    "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
    "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
    "D-Link AirPlus XtremeG"="H:\\Program Files\\D-Link\\AirPlus Xtreme G\\AirPlusCFG.exe"
    "ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "LanguageShortcut"="\"H:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
    "FusionTrayAgent"="C:\\Program Files\\DVICO\\FusionHDTV\\FusionHdtvTray.exe"
    "FusionRemote"="C:\\Program Files\\DVICO\\FusionHDTV\\Remote\\FusionRc.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="\"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="\"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fbf5fae-5776-11d9-9e6d-000f3da9241a}]
    Shell\AutoRun\command J:\JDSecure\Windows\JDSecure20.exe


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DEWITT-TJG5VAMT-DeWitt).job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

    Completion time: 07-01-19 20:55:11
     
  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, gplracerx :)

    I see no sign of malware in your computer. I would suggest that you reinstall the Microsoft Task Manager:

    NOTE: You must be logged on as Administrator or as a member of the Administrators group in order to perform this procedure.

    1. Click Start , click Run , and then type (Copy and Paste) the following command:
    %systemroot%\inf

    NOTE : There are no spaces at all in the preceding command line.

    2. Click OK to open the INF folder.
    3. Locate the file mstask.inf
    4. Right-click the file, and then click Install .

    You will be asked to place your windows XP cd rom in the drive.

    Keep me posted.
     
  14. gplracerx

    gplracerx Thread Starter

    Joined:
    Nov 28, 2006
    Messages:
    17
    I tried what you suggested and it didn't help. Then I started looking and found the mstask help file. When I opened it, it was about task scheduler. There is a taskmgr.exe file which I assume is task manager. I'll try replacing the current version with the one from the Service Pack Files.
     
  15. gplracerx

    gplracerx Thread Starter

    Joined:
    Nov 28, 2006
    Messages:
    17
    I forgot I had my video card set to dual display mode. Somehow the Task Manager window got dragged off into the neverland between monitors (well actually between my monitor and TV). As soon as I reset to single display, everything was back to normal. Thanks for all your prompt replies anyway.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Task Manager
  1. Dano2
    Replies:
    0
    Views:
    429
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/536703

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice