Here is the FindNFix log file - is there a way I can insert the file, instead of pasting all of the text?
Sun 05 Sep 04 13:53:22
»»»»»»»»»»»»»»»»»»***LOG!***(*updated *9/1*)»»»»»»»»»»»»»»»»
*System:
Microsoft Windows XP Professional 5.1 Service Pack 1 (Build 2600)
*IE version:
6.0.2800.1106 SP1-Q330994-Q824145-Q837009-Q832894-Q831167-Q867801
The type of the file system is FAT32.
MS-DOS Version 5.00.500
*command.com test passed!
__________________________________
!!*Creating backups...!!
The operation completed successfully
13:53:21.96 Sun 09/05/2004
__________________________________
*Local time:
Sunday, September 05, 2004 (9/5/2004)
1:53 PM, Eastern Standard Time
*Uptime:
13:53:23 up 0 days, 5:42:11
*Path:
C:\FINDnFIX
----------------------------------------------------
»»Member of...: ("ADMIN" logon + group match required!)
User is a member of group D15VGC21\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group \LOCAL.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Group BUILTIN\Administrators matches list.
Group BUILTIN\Users matches list.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
User: [D15VGC21\Mel Thompson], is a member of:
BUILTIN\Administrators
\Everyone
Running in WORKSTATION MODE.
SystemDrive is C:
SystemRoot is C:\WINDOWS
Logon Domain is D15VGC21
Administrator's Name is Mel Thompson
Computer Name is D15VGC21
LOGON SERVER is \\D15VGC21
»»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»
The list will produce a small database of files that will match certain criteria.
Ex: read only files, s/h files, last modified date. size, etc.
The filters provided and registry scan should match the
corresponding file(s) listed.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Unless the file match the entire criteria, it should not be pointed to remove
without attempting to confirm it's nature!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
At times there could be several (legit) files flagged, and/or duplicate culprit file(s)!
If in doubt, always search the file(s) and properties according to criteria!
The file(s) found should be moved to \FINDnFIX\"junkxxx" Subfolder
______________________________________________________________________________
***YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***
______________________________________________________________________________
......Scanning for file(s)...
*Note! The list(s) may include legitimate files!
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»» (*1*) »»»»» .........
»»Read access error(s)...
»»»»» (*2*) »»»»»........
»»»»» (*3*) »»»»»........
C:\WINDOWS\SYSTEM32\
msxslab.dll Fri Jun 25 2004 8:14:38a ..SHR 0 0.00 K
bridge.dll Fri Jun 25 2004 8:14:38a ..SHR 0 0.00 K
jac.dll Fri Jun 25 2004 8:14:38a ..SHR 0 0.00 K
d2kpax.dll Fri Jun 25 2004 8:14:38a ..SHR 0 0.00 K
4 items found: 4 files (4 H/S), 0 directories.
Total of file sizes: 0 bytes 0.00 K
unknown/hidden files...
C:\WINDOWS\SYSTEM32\
msxslab.dll Fri Jun 25 2004 8:14:38a ..SHR 0 0.00 K
bridge.dll Fri Jun 25 2004 8:14:38a ..SHR 0 0.00 K
jac.dll Fri Jun 25 2004 8:14:38a ..SHR 0 0.00 K
d2kpax.dll Fri Jun 25 2004 8:14:38a ..SHR 0 0.00 K
4 items found: 4 files, 0 directories.
Total of file sizes: 0 bytes 0.00 K
»»»»» (*4*) »»»»».........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.
Sniffed -> C:\WINDOWS\SYSTEM32\MSXSLAB.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\BRIDGE.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\JAC.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\D2KPAX.DLL
SNiF 1.34 statistics
Matching files : 4 Amount in bytes : 0
Directories searched : 1 Commands executed : 0
Masks sniffed for: *.DLL
»»»»»(*5*)»»»»»
»»»»»(*6*)»»»»»
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»»Search by size...
*List of files and specs according to 'size' :
*Note: Not all files listed here are infected, but *may include* the
name and spces of the offending file...
___________________________________________________________________________
Path: C:\WINDOWS\SYSTEM32 Including: *.DLL
____________________________________________________________________________
*By size and date...
No matches found.
No matches found.
No matches found.
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.
SNiF 1.34 statistics
Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0
Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.
SNiF 1.34 statistics
Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0
Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.
SNiF 1.34 statistics
Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0
Masks sniffed for: *.DLL
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
BHO search and other files...
No matches found.
No matches found.
--*sp.html in temp folder was NOT FOUND!--
*Filter keys search...
REGDMP: Unable to open key 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html' (2)
--(*text/html Subkey was NOT FOUND!)--
REGDMP: Unable to open key 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain' (2)
--(*text/plain Subkey was NOT FOUND!)--
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)
Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 398
»»Checking for AppInit_DLLs (empty) value...
________________________________
!"AppInit_DLLs"=""!
Value does not exist
________________________________
»»Comparing *saved* key with *original*...
REGDIFF 2.1 - Freeware written by Gerson Kurz (
http://www.p-nand-q.com)
Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).
No differences found.
»»Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710
»»Security settings for 'Windows' key:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access D15VGC21\Mel 2
(ID-IO) ALLOW Full access CREATOR OWNER
Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
QWCEN-DS-- BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
Full access D15VGC21\Mel 2
»»Performing string scan....
00001150: $ ? K SXh0
00001190: K SXh0 K SXh0
000011D0: vk ~ DeviceNotSelectedTimeout 1 5
00001210: sHandl vk ' { GDIProcessHandleQuotaq~
00001250: 9 0 ce vk Spooler y e s vk
00001290: vk t_swapdisk ` vk
000012D0: P utTransmissionRetryTimeout vk '
00001310:USERProcessHandleQuota~ `
00001350:
00001390:
000013D0:
00001410:
00001450:
00001490:
000014D0: A J )
00001510: ( N ` ` ` ` \ D # ) J A
00001550: qJ' ^4 E,
00001590: C D X _* ]) ]) ]) ]) ]) ~P" [E, \4 pJ(
000015D0:
---------- WIN.TXT
--------------
--------------
$011F0: DeviceNotSelectedTimeout
$01238: GDIProcessHandleQuotaq
$012DE: utTransmissionRetryTimeout
$01310: USERProcessHandleQuota
--------------
--------------
No strings found.
--------------
--------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
.............
A handle was successfully obtained for the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
This key has 0 subkeys.
The AppInitDLLs value entry was NOT found!
-----------------------
»»»»»»Backups list...»»»»»»
13:55:55 up 0 days, 5:44:43
-----------------------
Sun 05 Sep 04 13:55:55
C:\FINDNFIX\
keyback.hiv Sun Sep 5 2004 1:53:22p A.... 8,192 8.00 K
1 item found: 1 file, 0 directories.
Total of file sizes: 8,192 bytes 8.00 K
C:\FINDNFIX\KEYS1\
winkey.reg Sun Sep 5 2004 1:53:24p A.... 268 0.26 K
1 item found: 1 file, 0 directories.
Total of file sizes: 268 bytes 0.26 K
*Temp backups...
"C:\Documents and Settings\Mel Thompson\Local Settings\Temp\Backs2\"
keyback2.hi_ Sep 5 2004 8192 "keyback2.hi_"
winkey2.re_ Sep 5 2004 268 "winkey2.re_"
2 items found: 2 files, 0 directories.
Total of file sizes: 8,460 bytes 8.26 K
-D---- JUNKXXX 00000000 13:53.24 05/09/2004
A----- STARTIT .BAT 00000060 13:53.24 05/09/2004
________________________________________________________________________________
***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'
AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!
MINIMAL REQUIREMENTS INCLUDE:
_________XP HOME/PRO; SP1; IE6/SP1
_________2K/SP4; IE6/SP1
________________________________________________________________________________
»»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»
-----END------
Sun 05 Sep 04 13:55:56