Jump to content


- - - - -

Computer infected


  • This topic is locked This topic is locked
66 replies to this topic

#21 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 09 April 2005 - 11:48 AM

You can go ahead and delete C:\!Submit <--this folder
It was just made by Killbox, nothing to worry about

Let's see what else we can clean out

Can you download and save to desktop
FixBinet.exe
By Symantec

Run it and let it clean what it finds, save a log if given a choice
Restart the computer afterwards

Also download
Fix180Sh.exe
Run it and restart

Post the log from it if you have one

Did you delete the files and folders recommended by Symantec in the other link I gave you???
The ones in the temp directory don't worry about

Do the following
Enter your add/Remove programs and remove Sidefind if found
If not try the following
Open up a notepad file and save the below in bold
C:\Program Files\\Sidefind\update\sidefind.exe /remove

Close down all browsers and copy and paste that entry into
START>>RUN
open field and hit Enter

Your looking to delete these folders
C:\Program Files\180Solutions
C:\Program Files\Internet Optimizer
C:\Program Files\Media Access
C:\Program Files\SideFind

and these files
C:\WINDOWS\system32\auto_update_uninstall.exe
C:\WINDOWS\lohmvql.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\qoqek.exe
C:\WINDOWS\zeta.exe
C:\Documents and Settings\Patrick Deighan\Favorites\Adult Sites
C:\Documents and Settings\Patrick Deighan\Favorites\Free Adult Content

After you delete the other files or folders run Windows CleanUp! and then log off and back on the computer

Could you also do the following
Open an empty Notepad file
Copy and paste the below in the CODE box to the notepad file
and save it to your desktop
Name it Export.bat <<--important

@echo off
regedit /e C:\temp.reg "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones"
more C:\temp.reg >> C:\Display.txt
notepad C:\Display.txt
del /q c:\temp.reg
del /q C:\Display.txt

Double click on Export.bat and post back the findings

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#22 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 10 April 2005 - 06:39 PM

Can you also try the following for me

Download and Unzip to desktop
Cleanbube.zip so you now have Cleanbube.reg on the desktop

Double click on Cleanbube.reg and allow to merge to the registry

Restart your computer and try accessing your options in the Security tab

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#23 Guest_Guest_irish-paddy_*_*

Guest_Guest_irish-paddy_*_*
  • Guests

Posted 11 April 2005 - 05:58 AM

FixBinet.exe
adaware.betterinternet NOT FOUND


Fix180Sh.exe FOUND NOTHING EITHER



Couldnt find ANY of the files or folders, didnt really know wat to do in the Symantec website


Sidefind NOT FOUND
C:\Program Files\\Sidefind\update\sidefind.exe /remove NOT FOUND


NONE of these were there either!!
C:\Program Files\180Solutions
C:\Program Files\Internet Optimizer
C:\Program Files\Media Access
C:\Program Files\SideFind

NONE of these were there either, checked my folder options just to make sure hidden files were being shown, they were but still i couldnt find ANY of the files or folders
C:\WINDOWS\system32\auto_update_uninstall.exe
C:\WINDOWS\lohmvql.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\qoqek.exe
C:\WINDOWS\zeta.exe
C:\Documents and Settings\Patrick Deighan\Favorites\Adult Sites
C:\Documents and Settings\Patrick Deighan\Favorites\Free Adult Content

done Windows CleanUp! heres the export.bat log,


Export.bat


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
@=""
"SelfHealCount"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
@=""
"DisplayName"="My Computer"
"Description"="Your computer"
"Icon"="explorer.exe#0100"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1001"=dword:00000003
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1400"=dword:00000003
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000000
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1A00"=dword:00000000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=hex:00,00,00,00
"1E05"=dword:00030000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
@=""
"DisplayName"="Local intranet"
"Description"="This zone contains all Web sites that are on your organization's intranet."
"Icon"="shell32.dll#0018"
"CurrentLevel"=dword:00000000
"MinLevel"=dword:00010000
"RecommendedLevel"=dword:00010500
"Flags"=dword:000000db
"1001"=dword:00000000
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000000
"1A00"=dword:00000000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=hex:00,00,03,00
"1E05"=dword:00020000
"{7839DA25-F5FE-11D0-883B-0080C726DCBB}"=hex:30,82,01,fc,03,02,00,00,30,82,01,\
f4,30,81,cc,06,0a,2b,06,01,04,01,82,37,0f,03,01,30,81,bd,06,09,2b,06,01,04,\
01,82,37,0f,01,31,81,af,30,81,ac,03,01,00,30,81,a6,a0,20,30,1e,06,09,2b,06,\
01,04,01,82,37,04,04,30,11,01,01,00,30,08,14,06,61,70,70,6c,65,74,30,00,30,\
00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,07,30,08,03,02,00,01,03,02,00,\
02,a0,11,30,0f,06,09,2b,06,01,04,01,82,37,04,0c,03,02,00,02,a0,21,30,1f,06,\
09,2b,06,01,04,01,82,37,04,01,30,12,01,01,ff,01,01,00,01,01,00,01,01,00,01,\
01,00,01,01,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,02,30,08,01,01,00,\
01,01,ff,30,00,a0,1a,30,18,06,09,2b,06,01,04,01,82,37,04,03,30,0b,01,01,00,\
01,01,00,02,01,00,14,00,30,81,fe,06,0a,2b,06,01,04,01,82,37,0f,03,02,30,81,\
ef,06,09,2b,06,01,04,01,82,37,0f,01,31,81,e1,30,81,de,03,01,00,30,81,d8,a0,\
20,30,1e,06,09,2b,06,01,04,01,82,37,04,04,30,11,01,01,00,30,08,14,06,61,70,\
70,6c,65,74,30,00,30,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,07,30,08,\
03,02,00,01,03,02,00,02,a0,11,30,0f,06,09,2b,06,01,04,01,82,37,04,0c,03,02,\
00,02,a0,21,30,1f,06,09,2b,06,01,04,01,82,37,04,01,30,12,01,01,ff,01,01,00,\
01,01,00,01,01,00,01,01,00,01,01,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,\
04,02,30,08,01,01,00,01,01,ff,30,00,a0,1a,30,18,06,09,2b,06,01,04,01,82,37,\
04,03,30,0b,01,01,00,01,01,00,02,01,00,14,00,a0,11,30,0f,06,09,2b,06,01,04,\
01,82,37,04,0e,03,02,00,03,a0,1d,30,1b,06,09,2b,06,01,04,01,82,37,04,0f,30,\
0e,30,08,02,01,00,02,03,10,00,00,03,02,00,00,30,22,06,0a,2b,06,01,04,01,82,\
37,0f,03,03,30,14,06,09,2b,06,01,04,01,82,37,0f,01,31,07,30,05,03,01,00,30,\
00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
@=""
"DisplayName"="Trusted sites"
"Description"="This zone contains Web sites that you trust not to damage your computer or data."
"Icon"="inetcpl.cpl#00004480"
"CurrentLevel"=dword:00000000
"MinLevel"=dword:00010000
"RecommendedLevel"=dword:00010000
"Flags"=dword:00000047
"1001"=dword:00000000
"1004"=dword:00000001
"1200"=dword:00000000
"1201"=dword:00000001
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000000
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000000
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1A00"=dword:00000000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=hex:00,00,02,00
"1E05"=dword:00030000
"{7839DA25-F5FE-11D0-883B-0080C726DCBB}"=hex:30,82,01,fc,03,02,00,00,30,82,01,\
f4,30,81,cc,06,0a,2b,06,01,04,01,82,37,0f,03,01,30,81,bd,06,09,2b,06,01,04,\
01,82,37,0f,01,31,81,af,30,81,ac,03,01,00,30,81,a6,a0,20,30,1e,06,09,2b,06,\
01,04,01,82,37,04,04,30,11,01,01,00,30,08,14,06,61,70,70,6c,65,74,30,00,30,\
00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,07,30,08,03,02,00,01,03,02,00,\
02,a0,11,30,0f,06,09,2b,06,01,04,01,82,37,04,0c,03,02,00,02,a0,21,30,1f,06,\
09,2b,06,01,04,01,82,37,04,01,30,12,01,01,ff,01,01,00,01,01,00,01,01,00,01,\
01,00,01,01,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,02,30,08,01,01,00,\
01,01,ff,30,00,a0,1a,30,18,06,09,2b,06,01,04,01,82,37,04,03,30,0b,01,01,00,\
01,01,00,02,01,00,14,00,30,81,fe,06,0a,2b,06,01,04,01,82,37,0f,03,02,30,81,\
ef,06,09,2b,06,01,04,01,82,37,0f,01,31,81,e1,30,81,de,03,01,00,30,81,d8,a0,\
20,30,1e,06,09,2b,06,01,04,01,82,37,04,04,30,11,01,01,00,30,08,14,06,61,70,\
70,6c,65,74,30,00,30,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,07,30,08,\
03,02,00,01,03,02,00,02,a0,11,30,0f,06,09,2b,06,01,04,01,82,37,04,0c,03,02,\
00,02,a0,21,30,1f,06,09,2b,06,01,04,01,82,37,04,01,30,12,01,01,ff,01,01,00,\
01,01,00,01,01,00,01,01,00,01,01,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,\
04,02,30,08,01,01,00,01,01,ff,30,00,a0,1a,30,18,06,09,2b,06,01,04,01,82,37,\
04,03,30,0b,01,01,00,01,01,00,02,01,00,14,00,a0,11,30,0f,06,09,2b,06,01,04,\
01,82,37,04,0e,03,02,00,03,a0,1d,30,1b,06,09,2b,06,01,04,01,82,37,04,0f,30,\
0e,30,08,02,01,00,02,03,10,00,00,03,02,00,00,30,22,06,0a,2b,06,01,04,01,82,\
37,0f,03,03,30,14,06,09,2b,06,01,04,01,82,37,0f,01,31,07,30,05,03,01,00,30,\
00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
@=""
"DisplayName"="Internet"
"Description"="This zone contains all Web sites you haven't placed in other zones"
"Icon"="inetcpl.cpl#001313"
"CurrentLevel"=dword:00011000
"MinLevel"=dword:00011000
"RecommendedLevel"=dword:00011000
"Flags"=dword:00000000
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000000
"1201"=dword:00000003
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000000
"1601"=dword:00000001
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000000
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000001
"1A06"=dword:00000000
"1A10"=dword:00000001
"1C00"=dword:00010000
"1E05"=dword:00020000
"{AEBA21FA-782A-4A90-978D-B72164C80120}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,1e,28,1a,04,1b,0c,3b,c2,21,27,53,0d,36,05,2c,05,\
04,3d,4f,3a,4a,44,33,3a,0a,06,12,68,53,7c,20,13,35,5d,4c,10,27,01,56,7a,2d,\
3f,38,4f,79,0f,16,26,75,53,1c,31,00,56,7a,3e,32,24,4f,79,1b,00,33,71,4d,23,\
32,29,7c,6a,35,31,34,40,72,3b,01,2e,5d,4c,2a,07,15,48,72,38,12,00,56,7a,3e,\
16,3c,71,4d,24,33,35,7c,72,35,0e,3c,1a,41,44,19,0f,31,3a,56,7a,2e,3e,31,0c,\
7c,6a,10,27,0c,05,5d,4c,39,19,12,15,61,54,2e,00,33,32,40,52,03,25,1f,05,5d,\
4c,2c,0c,0a,15,61,54,1a,26,1f,05,5d,4c,10,21,1d,1b,71,4d,3b,24,3a,21,6d,72,\
24,16,3c,32,40,72,21,0f,3a,1a,41,44,1b,1e,01,01,71,4d,32,23,30,27,6d,4d,1f,\
28,10,3c,56,7a,2f,2e,32,16,7c,6a,3a,12,3b,28,75,53,0b,3f,12,01,71,4d,23,32,\
29,27,75,53,12,30,32,1e,4f,79,12,38,17,01,71,4d,30,3e,37,27,6d,72,38,12,3f,\
04,41,44,0a,0e,32,28,49,5f,1c,24,0b,1b,36,21,41,7b,5b,24,39,31,7c,6a,2b,0e,\
25,75,53,1a,2e,26,41,72,34,16,26,71,4d,30,30,3a,7c,6a,07,33,1a,56,7a,3a,00,\
33,71,4d,23,32,29,7c,6a,1a,26,1a,40,52,24,3f,1a,6d,4d,1c,22,28,75,53,13,25,\
20,41,44,0a,0e,32,75,53,08,07,20,71,4d,10,27,0d,05,5d,4c,24,1a,1e,1b,71,4d,\
3f,20,3f,21,6d,4d,10,27,0c,05,5d,4c,39,19,12,3a,56,7a,3a,20,2c,0c,7c,6a,3e,\
0c,37,07,75,53,12,30,32,3a,56,7a,25,2d,23,0c,7c,6a,2b,08,21,3a,56,7a,22,3a,\
32,3a,56,72,24,1e,26,1a,41,44,07,1f,03,1b,75,53,1c,31,01,01,71,4d,32,23,30,\
27,6d,72,34,1e,30,04,41,44,1b,1e,3b,28,49,5f,07,33,12,1b,5d,4c,35,0b,0a,1f,\
75,53,0b,00,34,28,40,72,3b,01,2d,04,41,44,01,05,34,28,40,52,22,36,04,34,48,\
72,38,12,3f,04,41,44,0a,0e,1f,01,71,4d,24,33,35,27,06,1c,68,53,49,14,21,01,\
40,52,10,27,0d,40,52,2c,29,05,6d,4d,1f,28,05,56,7a,2f,2e,32,75,53,07,33,12,\
40,52,3f,3a,19,6d,72,20,00,34,71,4d,1a,26,1a,40,52,24,3f,1a,6d,72,35,08,38,\
5d,4c,2d,01,18,48,7a,27,23,1f,56,7a,3b,2f,3f,4f,79,08,39,01,1b,71,72,33,1f,\
39,3a,56,7a,2e,3e,31,0c,7c,72,35,0e,3f,1a,41,44,0a,0a,35,3a,56,7a,3a,20,2c,\
0c,7c,6a,03,25,1f,05,5d,4c,2c,0c,0a,15,61,54,27,05,34,32,40,52,10,21,09,05,\
5d,4c,2d,01,18,15,61,54,07,37,17,05,5d,4c,1c,24,03,1b,71,4d,30,30,3b,27,6d,\
72,33,17,3f,28,40,72,34,1e,30,04,41,44,1b,1e,00,01,71,4d,2f,2c,2c,27,6d,4d,\
0b,26,3f,3c,56,7a,3a,20,23,16,7c,6a,35,05,33,28,75,53,12,30,17,01,71,4d,30,\
3e,37,27,75,53,13,25,20,1e,4f,79,1f,29,1f,01,71,4d,24,33,35,27,06,21,41,7b,\
5b,3d,24,37,7c,6a,2b,0e,25,40,72,33,1f,39,5d,72,34,1e,30,5d,4c,2a,0d,18,48,\
7a,27,12,3b,71,4d,23,32,12,56,72,20,0c,2e,5d,4c,2c,0c,0a,75,53,1a,26,1f,40,\
72,35,08,38,5d,4c,2d,01,18,75,53,0f,21,27,41,44,07,1f,3e,61,54,3d,06,22,32,\
40,52,2c,29,05,32,48,72,34,1e,05,1b,71,4d,10,27,0c,05,5d,4c,39,19,1a,1b,71,\
4d,23,32,24,21,6d,4d,03,25,1f,05,5d,4c,2c,0c,0a,3a,56,7a,25,2d,23,0c,7c,6a,\
2b,08,21,07,75,53,13,25,20,3a,56,7a,3e,3e,3b,0c,7c,6a,3f,0f,23,3a,56,7a,2f,\
2e,3d,3c,56,72,33,1f,39,04,41,44,1a,0e,05,01,75,53,1c,31,00,01,71,4d,2f,2c,\
2c,27,6d,72,20,0c,2d,04,41,44,06,18,2a,28,49,5f,1a,26,1a,1b,5d,4c,2c,0c,0f,\
1f,75,53,1c,1c,3e,28,40,72,38,12,3f,04,41,44,0a,16,3c,28,40,52,3e,39,06,34,\
21,21,41,7b,5b,23,27,3c,7c,6a,17,37,17,40,52,32,24,05,6d,4d,0e,21,2c,75,53,\
0b,31,31,75,53,08,3e,21,41,44,07,1e,3c,61,54,17,37,17,05,5d,4c,00,33,1e,1b,\
71,4d,2e,39,3b,21,6d,72,20,06,32,32,40,72,21,0f,3c,1a,41,44,1a,0e,1f,01,71,\
4d,20,2c,30,27,6d,4d,0e,21,2c,3c,56,7a,3a,2e,2d,16,7c,6a,3f,07,22,28,6e,02,\
68,4a,7c,21,09,26,5d,4c,29,1d,1f,56,7a,3f,32,38,4f,79,1e,30,01,56,7a,3a,2e,\
2d,4f,79,14,07,22,71,4d,24,30,3b,7c,6a,2a,1e,2f,07,75,53,0c,2d,26,3a,56,7a,\
31,25,3d,0c,7c,6a,3e,0e,35,3a,56,7a,3b,2f,3d,3a,56,72,34,1e,26,04,41,44,0b,\
0a,1e,01,75,53,0e,38,01,01,71,4d,23,30,2b,27,6d,72,21,0f,3c,04,28,1b,67,6b,\
5f,00,22,10,75,53,1f,21,27,41,44,0b,0a,31,75,53,0e,1d,22,71,4d,03,27,1d,40,\
52,3e,39,08,75,53,08,31,21,41,44,1a,0e,32,3a,56,7a,3f,32,38,0c,7c,6a,06,3e,\
0d,05,5d,4c,35,0d,09,15,61,54,29,07,22,32,40,52,17,37,17,1b,5d,4c,3a,19,16,\
1f,61,54,06,3e,0d,1b,5d,4c,03,27,11,01,71,4d,24,33,3b,27,06,21,41,73,41,11,\
25,1d,56,7a,2e,3e,3b,4f,79,18,12,3f,71,4d,2e,39,3b,7c,6a,3e,0e,35,40,72,21,\
0f,3c,5d,4c,36,0d,19,48,72,34,1e,1f,1b,71,4d,00,33,16,05,5d,4c,38,04,01,1b,\
71,4d,23,30,2b,21,6d,4d,1c,24,0d,05,5d,4c,29,1d,17,3c,56,7a,3f,32,38,16,7c,\
6a,39,09,25,09,75,53,0b,31,31,3c,56,7a,3b,2f,3d,16,15,39,5f,7b,42,03,38,02,\
40,20,2c,1e,4f,21,41,7b,5b,23,27,3c,7c,14,07,22,6e,02,68,4a,7c,20,13,35,5d,\
30,37,08,06,21,41,7b,5b,23,27,3c,7c,1b,39,1d,30,0c,7c,50,68,3a,3b,34,4f,1b,\
1e,3b,6e,02,68,73,41,0b,22,0a,56,12,30,32,28,1b,67,73,41,0b,22,2a,41,2c,0c,\
0f,21,21,41,7b,5b,23,27,3c,7c,08,1c,3e,66,1c,44,4f,56,06,13,05,61,27,23,1f,\
4f,2d,5b,53,7c,20,13,35,5d,3e,39,06,06,1c,68,53,7c,21,09,26,5d,32,12,3f,6e,\
02,68,4a,44,3e,37,02,6d,1c,24,01,4f,2d,5b,73,41,08,38,27,41,38,04,19,6e,02,\
68,4a,44,3e,37,02,6d,3e,0e,35,3b,21,41,7b,5b,24,39,31,7c,08,39,00,4f,2d,7c,\
50,68,3b,1d,3c,71,25,2d,2c,20,28,7c,50,68,3b,25,3b,4f,01,1d,2a,6e,02,68,4a,\
44,3e,37,02,6d,10,21,09,29,01,5e,45,67,14,30,07,49,12,16,3c,66,1c,44,73,41,\
08,38,27,41,36,0a,1b,21,2d,42,73,41,10,3b,2d,41,00,33,1e,4f,2d,5b,53,5e,2e,\
07,1d,75,21,07,22,66,1c,7c,50,68,23,24,31,4f,0d,15,01,4f,2d,5b,53,5e,2e,07,\
1d,48,0b,18,3c,6e,02,68,4a,44,26,36,0c,6d,2b,06,25,66,21,41,7b,5b,14,21,01,\
40,3a,31,24,15,21,41,7b,5b,3c,3e,3f,7c,12,38,17,4f,2d,5b,53,5e,2e,07,1d,75,\
35,08,38,36,1d,56,76,74,37,08,19,40,07,37,17,29,01,7c,50,68,23,24,31,4f,07,\
1f,3e,16,05,7c,50,68,20,3a,39,75,25,12,3f,66,1c,44,4f,56,1c,12,1d,56,1c,24,\
0d,29,21,41,7b,5b,3d,24,37,7c,1e,1d,22,66,1c,44,4f,56,1c,12,30,61,23,13,11,\
4f,2d,5b,53,5e,2f,01,15,48,10,27,0c,6e,02,68,4a,7c,36,12,38,5d,24,3f,19,6e,\
02,68,4a,44,21,2c,04,6d,35,05,34,66,1c,44,4f,56,1c,12,1d,56,1c,3b,25,28,1b,\
67,6b,5f,01,2c,28,75,24,1e,26,36,21,41,7b,5b,3d,24,37,7c,14,3a,0b,30,21,41,\
7b,5b,36,0c,7c
"{A8A88C49-5EB2-4990-A1A2-0876022C854F}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,41,0f,3f,2f,28,1b,67,6b,10,28,03,09,3f,1b,3c,15,\
36,21,50,68,3a,3b,34,4f,79,08,39,0d,49,72,33,1f,39,5d,4c,17,37,05,56,7a,2f,\
2e,32,4f,79,1f,12,3b,75,53,0b,3f,12,56,7a,3a,20,23,4f,79,12,05,33,71,4d,3a,\
31,29,7c,6a,2b,08,21,40,72,38,12,3f,5d,4c,39,1d,17,48,72,21,0f,03,56,7a,2f,\
06,22,32,40,52,2c,29,05,3a,56,7a,2e,3e,31,0c,7c,6a,2b,06,25,32,40,52,33,24,\
01,32,75,53,0b,3f,32,04,4f,79,1b,3b,1f,0c,40,72,3b,01,2d,1a,75,53,12,30,3f,\
04,4f,79,08,3f,09,0c,75,53,13,25,20,04,75,53,07,37,17,05,5d,4c,36,0a,1b,3a,\
56,72,35,0e,3c,3c,56,7a,2d,3f,38,16,7c,6a,17,37,01,1b,5d,4c,2a,0d,18,1f,61,\
54,12,12,3b,28,40,52,3f,3a,19,34,48,72,20,0c,17,01,71,4d,1a,26,1a,1b,5d,4c,\
2c,0c,17,01,71,4d,30,3e,37,27,6d,4d,1b,3b,0c,1b,5d,4c,39,1d,17,3c,56,7a,3b,\
2f,3f,16,15,39,5f,7b,42,29,1d,3c,71,4d,30,06,22,71,4d,32,23,30,7c,6a,2a,1e,\
19,75,53,1c,31,20,41,72,24,12,3b,71,4d,23,32,24,7c,6a,03,25,17,56,7a,25,05,\
33,71,4d,3a,31,29,7c,6a,10,21,09,40,52,27,2c,0b,6d,4d,0f,28,2a,75,53,08,3e,\
23,41,44,1b,1e,3c,3a,56,7a,12,34,16,05,75,53,1f,21,2d,04,4f,79,10,27,0c,05,\
5d,4c,39,19,12,15,75,53,0b,3f,32,04,4f,79,1b,00,34,32,40,52,24,3f,19,32,48,\
7a,2c,10,17,1b,71,4d,30,1c,3e,32,40,52,27,2c,0b,32,48,7a,27,16,3c,32,40,52,\
3e,07,20,3a,56,7a,2f,2e,3d,16,7c,6a,12,34,1e,01,71,4d,17,37,01,1b,5d,4c,2a,\
0d,18,3c,56,7a,3e,32,24,16,7c,6a,3e,0c,34,09,75,53,0b,3f,3f,1e,4f,79,12,38,\
12,01,71,72,3b,01,2e,3c,56,7a,2f,24,39,16,7c,72,38,12,3f,04,41,44,0a,0e,32,\
3c,56,7a,3b,2f,3f,16,15,39,7c,50,68,23,24,31,4f,79,08,39,0d,49,5f,12,34,16,\
40,52,17,37,01,40,52,22,38,0b,6d,4d,0f,34,1a,56,7a,3a,20,2c,75,53,03,25,1f,\
40,52,24,3f,19,6d,72,3b,05,34,71,4d,10,21,09,40,52,27,2c,0b,6d,72,24,1e,26,\
5d,4c,36,0a,1b,48,7a,36,13,01,1b,71,4d,32,23,30,21,6d,4d,17,37,01,3a,56,7a,\
2f,06,25,32,40,52,33,24,01,3a,56,7a,3a,20,2c,0c,7c,6a,3e,00,34,32,40,52,24,\
3f,19,32,75,53,12,30,3f,04,4f,79,08,3f,09,0c,40,72,38,12,3f,1a,75,53,0f,21,\
27,04,4f,79,14,3a,0b,0c,75,53,1c,31,21,1e,75,53,12,34,16,1b,5d,4c,29,1d,1d,\
3c,56,72,35,0e,3f,3c,56,7a,3e,32,24,16,7c,6a,03,25,1a,1b,5d,4c,35,0b,0f,1f,\
61,54,27,05,33,28,40,52,24,3f,1a,34,48,72,35,08,1d,01,71,4d,1b,3b,0c,1b,5d,\
4c,39,1d,1f,01,71,4d,24,33,35,27,06,1c,7c,50,68,20,3a,39,4f,79,08,06,22,71,\
4d,32,23,30,7c,6a,2a,1e,19,40,72,35,0e,3f,5d,72,24,1a,25,5d,4c,35,0b,0a,48,\
7a,23,00,34,71,4d,3a,31,12,56,72,3b,01,2e,5d,4c,2a,07,15,75,53,1b,3b,0c,40,\
72,24,1e,26,5d,4c,36,0a,1b,75,53,1c,31,21,04,4f,79,0a,2a,06,0c,40,72,34,1e,\
30,1a,41,44,1b,1e,3b,3a,56,7a,07,33,12,05,75,53,0b,3f,32,04,4f,79,03,25,1f,\
05,5d,4c,2c,0c,0a,15,75,53,12,30,3f,04,4f,79,08,1c,3e,32,40,52,27,2c,0b,32,\
48,7a,27,23,1f,1b,71,4d,24,07,20,32,40,52,22,38,08,34,48,7a,34,17,3f,28,40,\
52,23,16,26,3c,56,7a,2f,2e,32,16,7c,6a,07,33,1a,01,71,4d,03,25,1a,1b,5d,4c,\
35,0b,0f,3c,56,7a,25,2d,2c,16,7c,6a,35,31,37,09,75,53,1c,3b,25,1e,4f,79,13,\
35,00,01,71,72,24,1e,26,3c,56,7a,3b,2f,3f,16,15,21,41,7b,5b,23,27,3c,7c,6a,\
2a,16,3c,71,4d,20,2c,30,7c,6a,06,3e,0d,40,52,3f,38,18,6d,4d,08,27,2c,75,53,\
08,31,21,75,53,1f,21,27,04,4f,79,18,2d,06,0c,75,53,0e,38,21,04,75,53,03,27,\
1d,05,5d,4c,36,0a,19,3a,56,72,34,1e,26,3c,56,7a,3f,32,38,16,7c,6a,06,3e,0d,\
1b,5d,4c,35,0d,09,1f,61,54,29,07,22,28,29,01,5e,45,67,14,30,1f,56,7a,17,37,\
17,40,72,25,1a,39,5d,4c,38,04,01,56,7a,3a,2e,2d,4f,79,14,3a,01,56,7a,3b,2e,\
3d,4f,79,0f,16,3c,32,40,52,32,24,05,32,48,7a,18,28,01,1b,71,4d,23,06,32,32,\
40,52,3e,39,08,32,48,7a,37,16,3c,28,40,52,32,12,3f,3c,56,7a,31,25,3d,16,7c,\
6a,03,27,11,01,71,4d,1c,24,0d,1b,36,1d,56,76,74,14,21,01,40,52,23,28,02,6d,\
4d,0c,34,2b,75,53,0e,38,21,41,44,06,1e,2c,75,53,08,07,22,71,4d,1c,27,0d,40,\
52,23,28,02,3a,56,7a,3f,32,38,0c,7c,6a,39,1d,22,32,40,52,3f,38,18,32,75,53,\
08,3e,21,04,4f,79,0f,29,07,02,40,72,25,1a,39,04,75,53,0e,38,21,1e,4f,79,1b,\
39,1d,02,75,53,08,3e,21,1e,6e,02,7c,50,68,20,3a,39,4f,79,0f,16,3c,75,53,0c,\
2d,1e,56,7a,31,25,3d,4f,79,1b,06,32,71,4d,24,33,3b,7c,6a,3f,0e,25,40,72,34,\
1e,26,1a,41,44,0b,0a,31,3a,56,7a,06,3e,0d,05,75,53,0b,31,31,04,4f,79,1c,24,\
0d,05,5d,4c,29,1d,17,1f,75,53,0c,2d,26,1e,4f,79,1e,1d,22,28,40,52,3f,38,18,\
34,48,7a,22,12,01,01,66,1c,44,73,41,0b,22,2a,41,3a,19,16,21,2d,42,73,41,0b,\
22,2a,41,1c,24,01,4f,2d,5b,53,5e,35,1e,22,75,27,1d,22,66,1c,7c,50,68,3a,3b,\
34,4f,06,1e,11,4f,2d,5b,53,5e,35,1e,22,48,1c,18,2d,6e,02,68,4a,44,3f,2d,31,\
6d,35,05,33,66,21,41,7b,5b,03,38,02,40,3a,31,29,15,21,41,7b,5b,23,27,3c,7c,\
08,3f,1d,4f,2d,5b,53,5e,35,1e,22,75,24,1e,26,36,1d,56,76,74,3e,03,1c,40,1c,\
24,0b,29,01,7c,50,68,3a,3b,34,4f,0b,0a,31,28,30,21,41,7b,5b,23,27,0a,56,1c,\
24,0d,1b,36,1d,56,76,74,03,38,0a,56,0e,38,01,01,66,1c,44,4f,56,06,13,0a,56,\
0b,31,31,1e,20,28,74,4e,68,23,26,0a,56,1c,31,20,1e,20,28,74,4e,7c,20,13,0a,\
56,12,30,12,01,66,1c,44,4f,56,06,1b,2b,71,25,2d,23,16,15,39,5f,73,41,0b,22,\
2a,41,2a,07,15,3c,4f,2d,5b,53,5e,35,1e,22,48,0f,28,2a,3c,4f,2d,5b,53,7c,20,\
13,35,5d,3e,39,06,34,21,2d,42,73,41,08,38,27,41,00,33,1e,4f,2d,5b,53,5e,36,\
04,17,75,21,07,22,66,1c,7c,50,68,3b,25,3b,4f,0d,15,01,4f,2d,5b,53,5e,36,04,\
17,48,0b,18,3c,6e,02,68,4a,44,3e,37,02,6d,2b,06,25,66,21,41,7b,5b,1c,3e,17,\
40,3a,31,24,15,21,41,7b,5b,24,39,31,7c,12,38,17,4f,2d,5b,53,5e,36,04,17,75,\
35,08,38,36,1d,56,76,74,3f,09,2f,40,07,37,17,29,01,7c,50,68,3b,25,3b,4f,07,\
1f,3e,16,05,7c,50,68,3b,25,3b,75,25,12,3f,28,29,01,5e,45,67,14,1d,3c,75,21,\
0f,3c,3c,4f,2d,5b,53,5e,36,04,17,75,27,09,3c,04,28,1b,67,6b,5f,08,21,2a,75,\
20,0e,2c,04,28,1b,67,6b,5f,1c,3e,17,75,35,0e,3f,3c,4f,2d,5b,53,5e,36,04,1f,\
56,12,30,32,1e,20,28,74,4e,7c,21,09,26,5d,24,3f,1a,34,6e,02,68,4a,44,3e,37,\
02,6d,2b,08,21,09,6e,02,68,4a,44,1c,3e,17,40,2f,20,31,27,06,1c,68,53,7c,21,\
09,26,5d,3e,07,20,3c,4f,2d,5b,53,5e,2e,07,1d,75,25,12,3f,66,1c,7c,50,68,23,\
24,31,4f,07,1f,01,4f,2d,5b,53,5e,2e,07,1d,48,0e,21,2c,6e,02,68,4a,44,26,36,\
0c,6d,3e,06,32,66,21,41,7b,5b,14,21,01,40,30,30,3a,15,21,41,7b,5b,3c,3e,3f,\
7c,12,38,12,4f,2d,5b,53,5e,2e,07,1d,75,3b,01,2e,36,1d,56,76,74,37,08,19,40,\
10,21,09,29,01,7c,50,68,23,24,31,4f,0a,0e,32,16,05,7c,50,68,23,24,31,75,21,\
07,20,66,1c,44,4f,56,1f,14,05,56,00,33,16,1b,6e,02,68,4a,44,26,36,0c,6d,1c,\
24,0d,1b,36,1d,56,76,74,37,08,19,40,06,3e,0d,1b,36,1d,56,76,74,37,1c,26,71,\
03,27,1d,1b,6e,02,68,4a,44,26,36,0c,75,35,0e,3f,04,28,1b,67,6b,5f,14,21,01,\
40,3a,31,24,27,06,21,41,7b,5b,3c,3e,3f,7c,12,38,1f,02,3b,21,41,7b,5b,3c,1c,\
26,71,2f,24,39,16,15,39,5f,7b,42,14,21,01,40,2f,20,1f,01,6e,02,68,4a,44,26,\
36,0c,6d,1c,24,03,01,66,1c,7c,50,68,20,3a,39,4f,0b,0a,1e,4f,2d,5b,53,5e,2f,\
01,15,48,08,27,2c,6e,02,68,4a,44,21,2c,04,6d,39,1d,22,66,21,41,7b,5b,15,3b,\
09,40,23,30,2b,15,21,41,7b,5b,3d,24,37,7c,08,39,00,4f,2d,5b,53,5e,2f,01,15,\
75,3b,01,2d,36,1d,56,76,74,28,02,21,40,1a,26,1f,29,01,7c,50,68,20,3a,39,4f,\
1b,14,30,16,05,7c,50,68,20,3a,39,75,24,16,3c,66,1c,44,4f,56,1c,12,1d,56,1c,\
24,0b,29,21,41,7b,5b,3d,24,37,7c,18,12,3f,28,29,01,5e,45,67,0d,35,09,49,29,\
07,22,28,29,01,5e,45,67,0d,35,1d,56,0e,1d,22,28,29,21,41,7b,5b,3d,24,37,7c,\
03,27,1d,1b,36,1d,56,76,74,28,1a,3e,71,2f,2e,32,16,15,39,7c,50,68,20,3a,39,\
4f,01,1d,2d,28,30,0c,7c,50,68,20,3a,1d,56,12,30,3f,1e,20,28,74,4e,68,29,1a,\
3e,71,2f,24,39,3c,4f,21,41,7b,5b,3d,24,37,7c,1f,16,3c,3c,4f,2d,5b,73,41,11,\
25,25,41,36,0a,1b,3c,4f,2d,5b,53,5e,20,39,74
"1206"=dword:00000000
"2001"=dword:00000000
"2004"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
@=""
"DisplayName"="Restricted sites"
"Description"="This zone contains Web sites that could potentially damage your computer or data."
"Icon"="inetcpl.cpl#00004481"
"CurrentLevel"=dword:00000000
"MinLevel"=dword:00012000
"RecommendedLevel"=dword:00012000
"Flags"=dword:00000003
"1001"=dword:00000003
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1400"=dword:00000003
"1402"=dword:00000003
"1405"=dword:00000003
"1406"=dword:00000003
"1407"=dword:00000003
"1601"=dword:00000000
"1604"=dword:00000001
"1605"=dword:00000000
"1606"=dword:00000003
"1607"=dword:00000003
"1608"=dword:00000003
"1609"=dword:00000001
"1800"=dword:00000003
"1802"=dword:00000003
"1803"=dword:00000003
"1804"=dword:00000003
"1805"=dword:00000001
"1A00"=dword:00010000
"1A02"=dword:00000003
"1A03"=dword:00000003
"1A04"=dword:00000003
"1A05"=dword:00000003
"1A06"=dword:00000003
"1A10"=dword:00000003
"1C00"=dword:00000000
"1E05"=dword:00010000
"{AEBA21FA-782A-4A90-978D-B72164C80120}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,13,37,13,12,14,1a,15,39
"{A8A88C49-5EB2-4990-A1A2-0876022C854F}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,13,37,13,12,14,1a,15,39

#24 Guest_Guest_irish-paddy_*_*

Guest_Guest_irish-paddy_*_*
  • Guests

Posted 11 April 2005 - 06:01 AM

Downloaded and Unziped Cleanbube.zip

allowed it to merge to the registry

:( but still cant get into custom in security options

#25 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 11 April 2005 - 01:09 PM

One more request, I want to see what else was changed in the registry

Since you've merged cleanbube.reg
Can you now Double click on Export.bat and post back the findings

Also
Can you also Download and unzip to desktop Find.zip
So you have Find.bat on your desktop
Double click on Find.bat and post back the findings
I would ask you too upload the findings but you can't login to the site
I'll edit out the list after so I can compare your settings to mine

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#26 irish-paddy

irish-paddy

    Member

  • Members
  • PipPipPip
  • 59 posts

Posted 11 April 2005 - 03:36 PM

:) finally got logged on!!!!

but the computer is getting far worse, programs are not responding all the time :unsure:

cant download that cuz it just keeps not responding.

my microsoft firewall has been turned off and it wont let me turn it back on again!!! exportbat slao keeps saying program not responding.

have done scans with everything in safe mode but computer keeps gettin worse

#27 irish-paddy

irish-paddy

    Member

  • Members
  • PipPipPip
  • 59 posts

Posted 11 April 2005 - 03:48 PM

got it workin, heres a hijackthis log if its any use?

Logfile of HijackThis v1.99.0
Scan saved at 22:42:42, on 11/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eicon\Diva\DiTask.exe
C:\Program Files\Eicon\Diva\Divamon.exe
C:\Program Files\Eicon\Diva\watch.exe
C:\Program Files\Eicon\Diva\cgserver.exe
C:\Program Files\Eicon\Diva\diinfo.exe
C:\Program Files\SoftPerfect Personal Firewall\fw.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Patrick Deighan\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKLM\..\Run: [SoftPerfect Personal Firewall] "C:\Program Files\SoftPerfect Personal Firewall\fw.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O23 - Service: Deepsight Extractor - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: DeepSight Extractor Service for NPF03 - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04 - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe





HERES EXPORTBAT

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
@=""
"SelfHealCount"=dword:00000001
"1001"=dword:00000001
"1004"=dword:00000001
"1200"=dword:00000000
"1809"=dword:00000003

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
@=""
"DisplayName"="My Computer"
"Description"="Your computer"
"Icon"="explorer.exe#0100"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1001"=dword:00000003
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1400"=dword:00000003
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000000
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1A00"=dword:00000000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=hex:00,00,00,00
"1E05"=dword:00030000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
@=""
"DisplayName"="Local intranet"
"Description"="This zone contains all Web sites that are on your organization's intranet."
"Icon"="shell32.dll#0018"
"CurrentLevel"=dword:00000000
"MinLevel"=dword:00010000
"RecommendedLevel"=dword:00010500
"Flags"=dword:000000db
"1001"=dword:00000000
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000000
"1A00"=dword:00000000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=hex:00,00,03,00
"1E05"=dword:00020000
"{7839DA25-F5FE-11D0-883B-0080C726DCBB}"=hex:30,82,01,fc,03,02,00,00,30,82,01,\
f4,30,81,cc,06,0a,2b,06,01,04,01,82,37,0f,03,01,30,81,bd,06,09,2b,06,01,04,\
01,82,37,0f,01,31,81,af,30,81,ac,03,01,00,30,81,a6,a0,20,30,1e,06,09,2b,06,\
01,04,01,82,37,04,04,30,11,01,01,00,30,08,14,06,61,70,70,6c,65,74,30,00,30,\
00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,07,30,08,03,02,00,01,03,02,00,\
02,a0,11,30,0f,06,09,2b,06,01,04,01,82,37,04,0c,03,02,00,02,a0,21,30,1f,06,\
09,2b,06,01,04,01,82,37,04,01,30,12,01,01,ff,01,01,00,01,01,00,01,01,00,01,\
01,00,01,01,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,02,30,08,01,01,00,\
01,01,ff,30,00,a0,1a,30,18,06,09,2b,06,01,04,01,82,37,04,03,30,0b,01,01,00,\
01,01,00,02,01,00,14,00,30,81,fe,06,0a,2b,06,01,04,01,82,37,0f,03,02,30,81,\
ef,06,09,2b,06,01,04,01,82,37,0f,01,31,81,e1,30,81,de,03,01,00,30,81,d8,a0,\
20,30,1e,06,09,2b,06,01,04,01,82,37,04,04,30,11,01,01,00,30,08,14,06,61,70,\
70,6c,65,74,30,00,30,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,07,30,08,\
03,02,00,01,03,02,00,02,a0,11,30,0f,06,09,2b,06,01,04,01,82,37,04,0c,03,02,\
00,02,a0,21,30,1f,06,09,2b,06,01,04,01,82,37,04,01,30,12,01,01,ff,01,01,00,\
01,01,00,01,01,00,01,01,00,01,01,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,\
04,02,30,08,01,01,00,01,01,ff,30,00,a0,1a,30,18,06,09,2b,06,01,04,01,82,37,\
04,03,30,0b,01,01,00,01,01,00,02,01,00,14,00,a0,11,30,0f,06,09,2b,06,01,04,\
01,82,37,04,0e,03,02,00,03,a0,1d,30,1b,06,09,2b,06,01,04,01,82,37,04,0f,30,\
0e,30,08,02,01,00,02,03,10,00,00,03,02,00,00,30,22,06,0a,2b,06,01,04,01,82,\
37,0f,03,03,30,14,06,09,2b,06,01,04,01,82,37,0f,01,31,07,30,05,03,01,00,30,\
00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
@=""
"DisplayName"="Trusted sites"
"Description"="This zone contains Web sites that you trust not to damage your computer or data."
"Icon"="inetcpl.cpl#00004480"
"CurrentLevel"=dword:00000000
"MinLevel"=dword:00010000
"RecommendedLevel"=dword:00010000
"Flags"=dword:00000047
"1001"=dword:00000000
"1004"=dword:00000001
"1200"=dword:00000000
"1201"=dword:00000001
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000000
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000000
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1A00"=dword:00000000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=hex:00,00,02,00
"1E05"=dword:00030000
"{7839DA25-F5FE-11D0-883B-0080C726DCBB}"=hex:30,82,01,fc,03,02,00,00,30,82,01,\
f4,30,81,cc,06,0a,2b,06,01,04,01,82,37,0f,03,01,30,81,bd,06,09,2b,06,01,04,\
01,82,37,0f,01,31,81,af,30,81,ac,03,01,00,30,81,a6,a0,20,30,1e,06,09,2b,06,\
01,04,01,82,37,04,04,30,11,01,01,00,30,08,14,06,61,70,70,6c,65,74,30,00,30,\
00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,07,30,08,03,02,00,01,03,02,00,\
02,a0,11,30,0f,06,09,2b,06,01,04,01,82,37,04,0c,03,02,00,02,a0,21,30,1f,06,\
09,2b,06,01,04,01,82,37,04,01,30,12,01,01,ff,01,01,00,01,01,00,01,01,00,01,\
01,00,01,01,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,02,30,08,01,01,00,\
01,01,ff,30,00,a0,1a,30,18,06,09,2b,06,01,04,01,82,37,04,03,30,0b,01,01,00,\
01,01,00,02,01,00,14,00,30,81,fe,06,0a,2b,06,01,04,01,82,37,0f,03,02,30,81,\
ef,06,09,2b,06,01,04,01,82,37,0f,01,31,81,e1,30,81,de,03,01,00,30,81,d8,a0,\
20,30,1e,06,09,2b,06,01,04,01,82,37,04,04,30,11,01,01,00,30,08,14,06,61,70,\
70,6c,65,74,30,00,30,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,04,07,30,08,\
03,02,00,01,03,02,00,02,a0,11,30,0f,06,09,2b,06,01,04,01,82,37,04,0c,03,02,\
00,02,a0,21,30,1f,06,09,2b,06,01,04,01,82,37,04,01,30,12,01,01,ff,01,01,00,\
01,01,00,01,01,00,01,01,00,01,01,00,a0,17,30,15,06,09,2b,06,01,04,01,82,37,\
04,02,30,08,01,01,00,01,01,ff,30,00,a0,1a,30,18,06,09,2b,06,01,04,01,82,37,\
04,03,30,0b,01,01,00,01,01,00,02,01,00,14,00,a0,11,30,0f,06,09,2b,06,01,04,\
01,82,37,04,0e,03,02,00,03,a0,1d,30,1b,06,09,2b,06,01,04,01,82,37,04,0f,30,\
0e,30,08,02,01,00,02,03,10,00,00,03,02,00,00,30,22,06,0a,2b,06,01,04,01,82,\
37,0f,03,03,30,14,06,09,2b,06,01,04,01,82,37,0f,01,31,07,30,05,03,01,00,30,\
00
"1005"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
@=""
"DisplayName"="Internet"
"Description"="This zone contains all Web sites you haven't placed in other zones"
"Icon"="inetcpl.cpl#001313"
"CurrentLevel"=dword:00011000
"MinLevel"=dword:00011000
"RecommendedLevel"=dword:00011000
"Flags"=dword:00000000
"1001"=dword:00000000
"1004"=dword:00000003
"1200"=dword:00000000
"1201"=dword:00000003
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000000
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000001
"1A06"=dword:00000000
"1A10"=dword:00000001
"1C00"=dword:00010000
"1E05"=dword:00020000
"{AEBA21FA-782A-4A90-978D-B72164C80120}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,1e,28,1a,04,1b,0c,3b,c2,21,27,53,0d,36,05,2c,05,\
04,3d,4f,3a,4a,44,33,3a,0a,06,12,68,53,7c,20,13,35,5d,4c,10,27,01,56,7a,2d,\
3f,38,4f,79,0f,16,26,75,53,1c,31,00,56,7a,3e,32,24,4f,79,1b,00,33,71,4d,23,\
32,29,7c,6a,35,31,34,40,72,3b,01,2e,5d,4c,2a,07,15,48,72,38,12,00,56,7a,3e,\
16,3c,71,4d,24,33,35,7c,72,35,0e,3c,1a,41,44,19,0f,31,3a,56,7a,2e,3e,31,0c,\
7c,6a,10,27,0c,05,5d,4c,39,19,12,15,61,54,2e,00,33,32,40,52,03,25,1f,05,5d,\
4c,2c,0c,0a,15,61,54,1a,26,1f,05,5d,4c,10,21,1d,1b,71,4d,3b,24,3a,21,6d,72,\
24,16,3c,32,40,72,21,0f,3a,1a,41,44,1b,1e,01,01,71,4d,32,23,30,27,6d,4d,1f,\
28,10,3c,56,7a,2f,2e,32,16,7c,6a,3a,12,3b,28,75,53,0b,3f,12,01,71,4d,23,32,\
29,27,75,53,12,30,32,1e,4f,79,12,38,17,01,71,4d,30,3e,37,27,6d,72,38,12,3f,\
04,41,44,0a,0e,32,28,49,5f,1c,24,0b,1b,36,21,41,7b,5b,24,39,31,7c,6a,2b,0e,\
25,75,53,1a,2e,26,41,72,34,16,26,71,4d,30,30,3a,7c,6a,07,33,1a,56,7a,3a,00,\
33,71,4d,23,32,29,7c,6a,1a,26,1a,40,52,24,3f,1a,6d,4d,1c,22,28,75,53,13,25,\
20,41,44,0a,0e,32,75,53,08,07,20,71,4d,10,27,0d,05,5d,4c,24,1a,1e,1b,71,4d,\
3f,20,3f,21,6d,4d,10,27,0c,05,5d,4c,39,19,12,3a,56,7a,3a,20,2c,0c,7c,6a,3e,\
0c,37,07,75,53,12,30,32,3a,56,7a,25,2d,23,0c,7c,6a,2b,08,21,3a,56,7a,22,3a,\
32,3a,56,72,24,1e,26,1a,41,44,07,1f,03,1b,75,53,1c,31,01,01,71,4d,32,23,30,\
27,6d,72,34,1e,30,04,41,44,1b,1e,3b,28,49,5f,07,33,12,1b,5d,4c,35,0b,0a,1f,\
75,53,0b,00,34,28,40,72,3b,01,2d,04,41,44,01,05,34,28,40,52,22,36,04,34,48,\
72,38,12,3f,04,41,44,0a,0e,1f,01,71,4d,24,33,35,27,06,1c,68,53,49,14,21,01,\
40,52,10,27,0d,40,52,2c,29,05,6d,4d,1f,28,05,56,7a,2f,2e,32,75,53,07,33,12,\
40,52,3f,3a,19,6d,72,20,00,34,71,4d,1a,26,1a,40,52,24,3f,1a,6d,72,35,08,38,\
5d,4c,2d,01,18,48,7a,27,23,1f,56,7a,3b,2f,3f,4f,79,08,39,01,1b,71,72,33,1f,\
39,3a,56,7a,2e,3e,31,0c,7c,72,35,0e,3f,1a,41,44,0a,0a,35,3a,56,7a,3a,20,2c,\
0c,7c,6a,03,25,1f,05,5d,4c,2c,0c,0a,15,61,54,27,05,34,32,40,52,10,21,09,05,\
5d,4c,2d,01,18,15,61,54,07,37,17,05,5d,4c,1c,24,03,1b,71,4d,30,30,3b,27,6d,\
72,33,17,3f,28,40,72,34,1e,30,04,41,44,1b,1e,00,01,71,4d,2f,2c,2c,27,6d,4d,\
0b,26,3f,3c,56,7a,3a,20,23,16,7c,6a,35,05,33,28,75,53,12,30,17,01,71,4d,30,\
3e,37,27,75,53,13,25,20,1e,4f,79,1f,29,1f,01,71,4d,24,33,35,27,06,21,41,7b,\
5b,3d,24,37,7c,6a,2b,0e,25,40,72,33,1f,39,5d,72,34,1e,30,5d,4c,2a,0d,18,48,\
7a,27,12,3b,71,4d,23,32,12,56,72,20,0c,2e,5d,4c,2c,0c,0a,75,53,1a,26,1f,40,\
72,35,08,38,5d,4c,2d,01,18,75,53,0f,21,27,41,44,07,1f,3e,61,54,3d,06,22,32,\
40,52,2c,29,05,32,48,72,34,1e,05,1b,71,4d,10,27,0c,05,5d,4c,39,19,1a,1b,71,\
4d,23,32,24,21,6d,4d,03,25,1f,05,5d,4c,2c,0c,0a,3a,56,7a,25,2d,23,0c,7c,6a,\
2b,08,21,07,75,53,13,25,20,3a,56,7a,3e,3e,3b,0c,7c,6a,3f,0f,23,3a,56,7a,2f,\
2e,3d,3c,56,72,33,1f,39,04,41,44,1a,0e,05,01,75,53,1c,31,00,01,71,4d,2f,2c,\
2c,27,6d,72,20,0c,2d,04,41,44,06,18,2a,28,49,5f,1a,26,1a,1b,5d,4c,2c,0c,0f,\
1f,75,53,1c,1c,3e,28,40,72,38,12,3f,04,41,44,0a,16,3c,28,40,52,3e,39,06,34,\
21,21,41,7b,5b,23,27,3c,7c,6a,17,37,17,40,52,32,24,05,6d,4d,0e,21,2c,75,53,\
0b,31,31,75,53,08,3e,21,41,44,07,1e,3c,61,54,17,37,17,05,5d,4c,00,33,1e,1b,\
71,4d,2e,39,3b,21,6d,72,20,06,32,32,40,72,21,0f,3c,1a,41,44,1a,0e,1f,01,71,\
4d,20,2c,30,27,6d,4d,0e,21,2c,3c,56,7a,3a,2e,2d,16,7c,6a,3f,07,22,28,6e,02,\
68,4a,7c,21,09,26,5d,4c,29,1d,1f,56,7a,3f,32,38,4f,79,1e,30,01,56,7a,3a,2e,\
2d,4f,79,14,07,22,71,4d,24,30,3b,7c,6a,2a,1e,2f,07,75,53,0c,2d,26,3a,56,7a,\
31,25,3d,0c,7c,6a,3e,0e,35,3a,56,7a,3b,2f,3d,3a,56,72,34,1e,26,04,41,44,0b,\
0a,1e,01,75,53,0e,38,01,01,71,4d,23,30,2b,27,6d,72,21,0f,3c,04,28,1b,67,6b,\
5f,00,22,10,75,53,1f,21,27,41,44,0b,0a,31,75,53,0e,1d,22,71,4d,03,27,1d,40,\
52,3e,39,08,75,53,08,31,21,41,44,1a,0e,32,3a,56,7a,3f,32,38,0c,7c,6a,06,3e,\
0d,05,5d,4c,35,0d,09,15,61,54,29,07,22,32,40,52,17,37,17,1b,5d,4c,3a,19,16,\
1f,61,54,06,3e,0d,1b,5d,4c,03,27,11,01,71,4d,24,33,3b,27,06,21,41,73,41,11,\
25,1d,56,7a,2e,3e,3b,4f,79,18,12,3f,71,4d,2e,39,3b,7c,6a,3e,0e,35,40,72,21,\
0f,3c,5d,4c,36,0d,19,48,72,34,1e,1f,1b,71,4d,00,33,16,05,5d,4c,38,04,01,1b,\
71,4d,23,30,2b,21,6d,4d,1c,24,0d,05,5d,4c,29,1d,17,3c,56,7a,3f,32,38,16,7c,\
6a,39,09,25,09,75,53,0b,31,31,3c,56,7a,3b,2f,3d,16,15,39,5f,7b,42,03,38,02,\
40,20,2c,1e,4f,21,41,7b,5b,23,27,3c,7c,14,07,22,6e,02,68,4a,7c,20,13,35,5d,\
30,37,08,06,21,41,7b,5b,23,27,3c,7c,1b,39,1d,30,0c,7c,50,68,3a,3b,34,4f,1b,\
1e,3b,6e,02,68,73,41,0b,22,0a,56,12,30,32,28,1b,67,73,41,0b,22,2a,41,2c,0c,\
0f,21,21,41,7b,5b,23,27,3c,7c,08,1c,3e,66,1c,44,4f,56,06,13,05,61,27,23,1f,\
4f,2d,5b,53,7c,20,13,35,5d,3e,39,06,06,1c,68,53,7c,21,09,26,5d,32,12,3f,6e,\
02,68,4a,44,3e,37,02,6d,1c,24,01,4f,2d,5b,73,41,08,38,27,41,38,04,19,6e,02,\
68,4a,44,3e,37,02,6d,3e,0e,35,3b,21,41,7b,5b,24,39,31,7c,08,39,00,4f,2d,7c,\
50,68,3b,1d,3c,71,25,2d,2c,20,28,7c,50,68,3b,25,3b,4f,01,1d,2a,6e,02,68,4a,\
44,3e,37,02,6d,10,21,09,29,01,5e,45,67,14,30,07,49,12,16,3c,66,1c,44,73,41,\
08,38,27,41,36,0a,1b,21,2d,42,73,41,10,3b,2d,41,00,33,1e,4f,2d,5b,53,5e,2e,\
07,1d,75,21,07,22,66,1c,7c,50,68,23,24,31,4f,0d,15,01,4f,2d,5b,53,5e,2e,07,\
1d,48,0b,18,3c,6e,02,68,4a,44,26,36,0c,6d,2b,06,25,66,21,41,7b,5b,14,21,01,\
40,3a,31,24,15,21,41,7b,5b,3c,3e,3f,7c,12,38,17,4f,2d,5b,53,5e,2e,07,1d,75,\
35,08,38,36,1d,56,76,74,37,08,19,40,07,37,17,29,01,7c,50,68,23,24,31,4f,07,\
1f,3e,16,05,7c,50,68,20,3a,39,75,25,12,3f,66,1c,44,4f,56,1c,12,1d,56,1c,24,\
0d,29,21,41,7b,5b,3d,24,37,7c,1e,1d,22,66,1c,44,4f,56,1c,12,30,61,23,13,11,\
4f,2d,5b,53,5e,2f,01,15,48,10,27,0c,6e,02,68,4a,7c,36,12,38,5d,24,3f,19,6e,\
02,68,4a,44,21,2c,04,6d,35,05,34,66,1c,44,4f,56,1c,12,1d,56,1c,3b,25,28,1b,\
67,6b,5f,01,2c,28,75,24,1e,26,36,21,41,7b,5b,3d,24,37,7c,14,3a,0b,30,21,41,\
7b,5b,36,0c,7c
"{A8A88C49-5EB2-4990-A1A2-0876022C854F}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,41,0f,3f,2f,28,1b,67,6b,10,28,03,09,3f,1b,3c,15,\
36,21,50,68,3a,3b,34,4f,79,08,39,0d,49,72,33,1f,39,5d,4c,17,37,05,56,7a,2f,\
2e,32,4f,79,1f,12,3b,75,53,0b,3f,12,56,7a,3a,20,23,4f,79,12,05,33,71,4d,3a,\
31,29,7c,6a,2b,08,21,40,72,38,12,3f,5d,4c,39,1d,17,48,72,21,0f,03,56,7a,2f,\
06,22,32,40,52,2c,29,05,3a,56,7a,2e,3e,31,0c,7c,6a,2b,06,25,32,40,52,33,24,\
01,32,75,53,0b,3f,32,04,4f,79,1b,3b,1f,0c,40,72,3b,01,2d,1a,75,53,12,30,3f,\
04,4f,79,08,3f,09,0c,75,53,13,25,20,04,75,53,07,37,17,05,5d,4c,36,0a,1b,3a,\
56,72,35,0e,3c,3c,56,7a,2d,3f,38,16,7c,6a,17,37,01,1b,5d,4c,2a,0d,18,1f,61,\
54,12,12,3b,28,40,52,3f,3a,19,34,48,72,20,0c,17,01,71,4d,1a,26,1a,1b,5d,4c,\
2c,0c,17,01,71,4d,30,3e,37,27,6d,4d,1b,3b,0c,1b,5d,4c,39,1d,17,3c,56,7a,3b,\
2f,3f,16,15,39,5f,7b,42,29,1d,3c,71,4d,30,06,22,71,4d,32,23,30,7c,6a,2a,1e,\
19,75,53,1c,31,20,41,72,24,12,3b,71,4d,23,32,24,7c,6a,03,25,17,56,7a,25,05,\
33,71,4d,3a,31,29,7c,6a,10,21,09,40,52,27,2c,0b,6d,4d,0f,28,2a,75,53,08,3e,\
23,41,44,1b,1e,3c,3a,56,7a,12,34,16,05,75,53,1f,21,2d,04,4f,79,10,27,0c,05,\
5d,4c,39,19,12,15,75,53,0b,3f,32,04,4f,79,1b,00,34,32,40,52,24,3f,19,32,48,\
7a,2c,10,17,1b,71,4d,30,1c,3e,32,40,52,27,2c,0b,32,48,7a,27,16,3c,32,40,52,\
3e,07,20,3a,56,7a,2f,2e,3d,16,7c,6a,12,34,1e,01,71,4d,17,37,01,1b,5d,4c,2a,\
0d,18,3c,56,7a,3e,32,24,16,7c,6a,3e,0c,34,09,75,53,0b,3f,3f,1e,4f,79,12,38,\
12,01,71,72,3b,01,2e,3c,56,7a,2f,24,39,16,7c,72,38,12,3f,04,41,44,0a,0e,32,\
3c,56,7a,3b,2f,3f,16,15,39,7c,50,68,23,24,31,4f,79,08,39,0d,49,5f,12,34,16,\
40,52,17,37,01,40,52,22,38,0b,6d,4d,0f,34,1a,56,7a,3a,20,2c,75,53,03,25,1f,\
40,52,24,3f,19,6d,72,3b,05,34,71,4d,10,21,09,40,52,27,2c,0b,6d,72,24,1e,26,\
5d,4c,36,0a,1b,48,7a,36,13,01,1b,71,4d,32,23,30,21,6d,4d,17,37,01,3a,56,7a,\
2f,06,25,32,40,52,33,24,01,3a,56,7a,3a,20,2c,0c,7c,6a,3e,00,34,32,40,52,24,\
3f,19,32,75,53,12,30,3f,04,4f,79,08,3f,09,0c,40,72,38,12,3f,1a,75,53,0f,21,\
27,04,4f,79,14,3a,0b,0c,75,53,1c,31,21,1e,75,53,12,34,16,1b,5d,4c,29,1d,1d,\
3c,56,72,35,0e,3f,3c,56,7a,3e,32,24,16,7c,6a,03,25,1a,1b,5d,4c,35,0b,0f,1f,\
61,54,27,05,33,28,40,52,24,3f,1a,34,48,72,35,08,1d,01,71,4d,1b,3b,0c,1b,5d,\
4c,39,1d,1f,01,71,4d,24,33,35,27,06,1c,7c,50,68,20,3a,39,4f,79,08,06,22,71,\
4d,32,23,30,7c,6a,2a,1e,19,40,72,35,0e,3f,5d,72,24,1a,25,5d,4c,35,0b,0a,48,\
7a,23,00,34,71,4d,3a,31,12,56,72,3b,01,2e,5d,4c,2a,07,15,75,53,1b,3b,0c,40,\
72,24,1e,26,5d,4c,36,0a,1b,75,53,1c,31,21,04,4f,79,0a,2a,06,0c,40,72,34,1e,\
30,1a,41,44,1b,1e,3b,3a,56,7a,07,33,12,05,75,53,0b,3f,32,04,4f,79,03,25,1f,\
05,5d,4c,2c,0c,0a,15,75,53,12,30,3f,04,4f,79,08,1c,3e,32,40,52,27,2c,0b,32,\
48,7a,27,23,1f,1b,71,4d,24,07,20,32,40,52,22,38,08,34,48,7a,34,17,3f,28,40,\
52,23,16,26,3c,56,7a,2f,2e,32,16,7c,6a,07,33,1a,01,71,4d,03,25,1a,1b,5d,4c,\
35,0b,0f,3c,56,7a,25,2d,2c,16,7c,6a,35,31,37,09,75,53,1c,3b,25,1e,4f,79,13,\
35,00,01,71,72,24,1e,26,3c,56,7a,3b,2f,3f,16,15,21,41,7b,5b,23,27,3c,7c,6a,\
2a,16,3c,71,4d,20,2c,30,7c,6a,06,3e,0d,40,52,3f,38,18,6d,4d,08,27,2c,75,53,\
08,31,21,75,53,1f,21,27,04,4f,79,18,2d,06,0c,75,53,0e,38,21,04,75,53,03,27,\
1d,05,5d,4c,36,0a,19,3a,56,72,34,1e,26,3c,56,7a,3f,32,38,16,7c,6a,06,3e,0d,\
1b,5d,4c,35,0d,09,1f,61,54,29,07,22,28,29,01,5e,45,67,14,30,1f,56,7a,17,37,\
17,40,72,25,1a,39,5d,4c,38,04,01,56,7a,3a,2e,2d,4f,79,14,3a,01,56,7a,3b,2e,\
3d,4f,79,0f,16,3c,32,40,52,32,24,05,32,48,7a,18,28,01,1b,71,4d,23,06,32,32,\
40,52,3e,39,08,32,48,7a,37,16,3c,28,40,52,32,12,3f,3c,56,7a,31,25,3d,16,7c,\
6a,03,27,11,01,71,4d,1c,24,0d,1b,36,1d,56,76,74,14,21,01,40,52,23,28,02,6d,\
4d,0c,34,2b,75,53,0e,38,21,41,44,06,1e,2c,75,53,08,07,22,71,4d,1c,27,0d,40,\
52,23,28,02,3a,56,7a,3f,32,38,0c,7c,6a,39,1d,22,32,40,52,3f,38,18,32,75,53,\
08,3e,21,04,4f,79,0f,29,07,02,40,72,25,1a,39,04,75,53,0e,38,21,1e,4f,79,1b,\
39,1d,02,75,53,08,3e,21,1e,6e,02,7c,50,68,20,3a,39,4f,79,0f,16,3c,75,53,0c,\
2d,1e,56,7a,31,25,3d,4f,79,1b,06,32,71,4d,24,33,3b,7c,6a,3f,0e,25,40,72,34,\
1e,26,1a,41,44,0b,0a,31,3a,56,7a,06,3e,0d,05,75,53,0b,31,31,04,4f,79,1c,24,\
0d,05,5d,4c,29,1d,17,1f,75,53,0c,2d,26,1e,4f,79,1e,1d,22,28,40,52,3f,38,18,\
34,48,7a,22,12,01,01,66,1c,44,73,41,0b,22,2a,41,3a,19,16,21,2d,42,73,41,0b,\
22,2a,41,1c,24,01,4f,2d,5b,53,5e,35,1e,22,75,27,1d,22,66,1c,7c,50,68,3a,3b,\
34,4f,06,1e,11,4f,2d,5b,53,5e,35,1e,22,48,1c,18,2d,6e,02,68,4a,44,3f,2d,31,\
6d,35,05,33,66,21,41,7b,5b,03,38,02,40,3a,31,29,15,21,41,7b,5b,23,27,3c,7c,\
08,3f,1d,4f,2d,5b,53,5e,35,1e,22,75,24,1e,26,36,1d,56,76,74,3e,03,1c,40,1c,\
24,0b,29,01,7c,50,68,3a,3b,34,4f,0b,0a,31,28,30,21,41,7b,5b,23,27,0a,56,1c,\
24,0d,1b,36,1d,56,76,74,03,38,0a,56,0e,38,01,01,66,1c,44,4f,56,06,13,0a,56,\
0b,31,31,1e,20,28,74,4e,68,23,26,0a,56,1c,31,20,1e,20,28,74,4e,7c,20,13,0a,\
56,12,30,12,01,66,1c,44,4f,56,06,1b,2b,71,25,2d,23,16,15,39,5f,73,41,0b,22,\
2a,41,2a,07,15,3c,4f,2d,5b,53,5e,35,1e,22,48,0f,28,2a,3c,4f,2d,5b,53,7c,20,\
13,35,5d,3e,39,06,34,21,2d,42,73,41,08,38,27,41,00,33,1e,4f,2d,5b,53,5e,36,\
04,17,75,21,07,22,66,1c,7c,50,68,3b,25,3b,4f,0d,15,01,4f,2d,5b,53,5e,36,04,\
17,48,0b,18,3c,6e,02,68,4a,44,3e,37,02,6d,2b,06,25,66,21,41,7b,5b,1c,3e,17,\
40,3a,31,24,15,21,41,7b,5b,24,39,31,7c,12,38,17,4f,2d,5b,53,5e,36,04,17,75,\
35,08,38,36,1d,56,76,74,3f,09,2f,40,07,37,17,29,01,7c,50,68,3b,25,3b,4f,07,\
1f,3e,16,05,7c,50,68,3b,25,3b,75,25,12,3f,28,29,01,5e,45,67,14,1d,3c,75,21,\
0f,3c,3c,4f,2d,5b,53,5e,36,04,17,75,27,09,3c,04,28,1b,67,6b,5f,08,21,2a,75,\
20,0e,2c,04,28,1b,67,6b,5f,1c,3e,17,75,35,0e,3f,3c,4f,2d,5b,53,5e,36,04,1f,\
56,12,30,32,1e,20,28,74,4e,7c,21,09,26,5d,24,3f,1a,34,6e,02,68,4a,44,3e,37,\
02,6d,2b,08,21,09,6e,02,68,4a,44,1c,3e,17,40,2f,20,31,27,06,1c,68,53,7c,21,\
09,26,5d,3e,07,20,3c,4f,2d,5b,53,5e,2e,07,1d,75,25,12,3f,66,1c,7c,50,68,23,\
24,31,4f,07,1f,01,4f,2d,5b,53,5e,2e,07,1d,48,0e,21,2c,6e,02,68,4a,44,26,36,\
0c,6d,3e,06,32,66,21,41,7b,5b,14,21,01,40,30,30,3a,15,21,41,7b,5b,3c,3e,3f,\
7c,12,38,12,4f,2d,5b,53,5e,2e,07,1d,75,3b,01,2e,36,1d,56,76,74,37,08,19,40,\
10,21,09,29,01,7c,50,68,23,24,31,4f,0a,0e,32,16,05,7c,50,68,23,24,31,75,21,\
07,20,66,1c,44,4f,56,1f,14,05,56,00,33,16,1b,6e,02,68,4a,44,26,36,0c,6d,1c,\
24,0d,1b,36,1d,56,76,74,37,08,19,40,06,3e,0d,1b,36,1d,56,76,74,37,1c,26,71,\
03,27,1d,1b,6e,02,68,4a,44,26,36,0c,75,35,0e,3f,04,28,1b,67,6b,5f,14,21,01,\
40,3a,31,24,27,06,21,41,7b,5b,3c,3e,3f,7c,12,38,1f,02,3b,21,41,7b,5b,3c,1c,\
26,71,2f,24,39,16,15,39,5f,7b,42,14,21,01,40,2f,20,1f,01,6e,02,68,4a,44,26,\
36,0c,6d,1c,24,03,01,66,1c,7c,50,68,20,3a,39,4f,0b,0a,1e,4f,2d,5b,53,5e,2f,\
01,15,48,08,27,2c,6e,02,68,4a,44,21,2c,04,6d,39,1d,22,66,21,41,7b,5b,15,3b,\
09,40,23,30,2b,15,21,41,7b,5b,3d,24,37,7c,08,39,00,4f,2d,5b,53,5e,2f,01,15,\
75,3b,01,2d,36,1d,56,76,74,28,02,21,40,1a,26,1f,29,01,7c,50,68,20,3a,39,4f,\
1b,14,30,16,05,7c,50,68,20,3a,39,75,24,16,3c,66,1c,44,4f,56,1c,12,1d,56,1c,\
24,0b,29,21,41,7b,5b,3d,24,37,7c,18,12,3f,28,29,01,5e,45,67,0d,35,09,49,29,\
07,22,28,29,01,5e,45,67,0d,35,1d,56,0e,1d,22,28,29,21,41,7b,5b,3d,24,37,7c,\
03,27,1d,1b,36,1d,56,76,74,28,1a,3e,71,2f,2e,32,16,15,39,7c,50,68,20,3a,39,\
4f,01,1d,2d,28,30,0c,7c,50,68,20,3a,1d,56,12,30,3f,1e,20,28,74,4e,68,29,1a,\
3e,71,2f,24,39,3c,4f,21,41,7b,5b,3d,24,37,7c,1f,16,3c,3c,4f,2d,5b,73,41,11,\
25,25,41,36,0a,1b,3c,4f,2d,5b,53,5e,20,39,74
"1206"=dword:00000000
"2001"=dword:00000000
"2004"=dword:00000000
"1005"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
@=""
"DisplayName"="Restricted sites"
"Description"="This zone contains Web sites that could potentially damage your computer or data."
"Icon"="inetcpl.cpl#00004481"
"CurrentLevel"=dword:00000000
"MinLevel"=dword:00012000
"RecommendedLevel"=dword:00012000
"Flags"=dword:00000003
"1001"=dword:00000003
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1400"=dword:00000003
"1402"=dword:00000003
"1405"=dword:00000003
"1406"=dword:00000003
"1407"=dword:00000003
"1601"=dword:00000000
"1604"=dword:00000001
"1605"=dword:00000000
"1606"=dword:00000003
"1607"=dword:00000003
"1608"=dword:00000003
"1609"=dword:00000001
"1800"=dword:00000003
"1802"=dword:00000003
"1803"=dword:00000003
"1804"=dword:00000003
"1805"=dword:00000001
"1A00"=dword:00010000
"1A02"=dword:00000003
"1A03"=dword:00000003
"1A04"=dword:00000003
"1A05"=dword:00000003
"1A06"=dword:00000003
"1A10"=dword:00000003
"1C00"=dword:00000000
"1E05"=dword:00010000
"{AEBA21FA-782A-4A90-978D-B72164C80120}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,13,37,13,12,14,1a,15,39
"{A8A88C49-5EB2-4990-A1A2-0876022C854F}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,13,37,13,12,14,1a,15,39

#28 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 11 April 2005 - 05:38 PM

Is this happening with All users on the computer?
I'm starting to think it may be best to create a new user account and copy whatever you need to that account and rid yourself of this one :o

If you would like to try the following however
I would like to take a look at this

Open Notepad (START>>>RUN>>>type in notepad) hit Enter
Copy the contents of the Quote box to notepad
In Notepad click FILE>>SAVE AS
Name the file as Find.bat

@echo off
regedit /e C:\temp.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones"
more C:\temp.reg >> C:\Display.txt
notepad C:\Display.txt
del /q c:\temp.reg
del /q C:\Display.txt

Double click on Find.bat and a log should open, copy and paste that back here
or use the Browse button at the bottom of the reply box and add it as an attachment
You must be logged into the forum

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#29 irish-paddy

irish-paddy

    Member

  • Members
  • PipPipPip
  • 59 posts

Posted 12 April 2005 - 07:51 AM

:unsure: yeah its happenin with all user.

cant get find.bat to work, its just saying ''cannot access file C;\temp.reg''

#30 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 12 April 2005 - 09:30 AM

Try this>>delete your copy of Find.bat
Open Notepad (START>>>RUN>>>type in notepad) hit Enter
Copy the contents of the CODE box to notepad
In Notepad click FILE>>SAVE AS
Name the file as Find.bat

regedit /e Find.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones"

Double click on Find.bat
Find.reg should be placed on the desktop
Right click on it and choose Edit
Copy and paste back the contents

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#31 Guest_Guest_irish-paddy_*_*

Guest_Guest_irish-paddy_*_*
  • Guests

Posted 15 April 2005 - 08:55 AM

having trouble doing that. havnt been able to get on to the internet for a couple of days cuz of all these viruses on my computer. :angry:

i delete them in safe mode or watever but they just keep cumming back, have tried turning offf system restore but it doesnt do anything.


still cant get my firewall on, softperfect is crap, everytime i go on internet that microsoft antispyware thing has to delete the viruses that keep trying to get onto my computer.

heres a hijack this log if it helps,

Logfile of HijackThis v1.99.0
Scan saved at 12:59:32, on 15/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PAT DESKTOP\HijackThis.exe

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKLM\..\Run: [SoftPerfect Personal Firewall] "C:\Program Files\SoftPerfect Personal Firewall\fw.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PPPOEOE] winlite.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [mzolqn] C:\WINDOWS\mzolqn.exe
O4 - HKLM\..\Run: [Veritas Patch] veritas.exe
O4 - HKLM\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\Run: [MotherBoard Sounds] sounds.exe
O4 - HKLM\..\Run: [lwfut] C:\WINDOWS\lwfut.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\gah32.exe
O4 - HKLM\..\RunServices: [PPPOEOE] winlite.exe
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\RunServices: [MotherBoard Sounds] sounds.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKCU\..\Run: [MSNPluginSrIvcs] n3vasap23.exe
O4 - HKCU\..\Run: [Microsoft USB2 Driver] crmss.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] navapqwa.exe
O4 - HKCU\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKCU\..\Run: [MotherBoard Sounds] sounds.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] navapqwa.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivrs] copq.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O23 - Service: Deepsight Extractor - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: DeepSight Extractor Service for NPF03 - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04 - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#32 irish-paddy

irish-paddy

    Member

  • Members
  • PipPipPip
  • 59 posts

Posted 18 April 2005 - 06:23 PM

i got find.bat working but when i open it, it just closes straight away so cant get the results unfortunately :(

whatever i delete through ad-aware or microsoft antispyware just comes back again. have tried everything but still find.bat wont open, not even in safe mode.

done a scan with mwav, it found all these. is there any way i can get my computer fixed?? please? :rolleyes:

File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ameopt Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\2366.reg infected by "Trojan.WinREG.LowZones.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Gavin Deighan\Local Settings\Temporary Internet Files\Content.IE5\UGT9DZCP\11[3].exe infected by "IM-Worm.Win32.Prex.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\16DC1B64-6F33-491A-A46C-022523\B0434FE3-A0BF-4380-9621-399A4A infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\7028A7A4-90A1-4479-8161-0A228D\28B1625D-AADD-431D-976A-0ACE50 infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\8602EE2B-06A6-4E2A-8DEE-440A55\CD4A3027-5320-46B1-AA3F-B31505 infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\AB68FF90-C1D4-4921-BACD-A43870\754745A2-37E2-4C50-AFAC-8D3E10 infected by "not-a-virus:AdWare.WebSearch.f" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\BF13A4D6-8F48-489C-A452-B65875\5EF2EA92-BD4B-425A-ABBE-EACD57 infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc198 infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc200 infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc211 infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc214 infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc220 infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc225 infected by "Trojan.Win32.TopAntiSpyware.j" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc226 infected by "Trojan.Win32.TopAntiSpyware.h" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc227 infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc228 infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc243 infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1555509878-2172021702-756012807-500\Dc245 infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\2366.reg infected by "Trojan.WinREG.LowZones.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\11[1].exe infected by "IM-Worm.Win32.Prex.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\dd[1].exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\2366.reg infected by "Trojan.WinREG.LowZones.a" Virus. Action Taken: No Action Taken.

#33 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 18 April 2005 - 09:45 PM

Access your Add/Remove Programs and remove
180 solutions or similiar

Allow internet connection, careful on the removal procedure, just keep clicking uninstall if prompted

Back in Windows

Save the rest of these instructions too a Notepad file and save it too desktop
Close down all other windows, disconnect from the Internet

Disable System Restore

Run Windows CleanUp!
After cleaning all files don't log off yet

Instead
Do another scan with Hijackthis and put a check next to these entries:

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [PPPOEOE] winlite.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [mzolqn] C:\WINDOWS\mzolqn.exe
O4 - HKLM\..\Run: [Veritas Patch] veritas.exe
O4 - HKLM\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\Run: [MotherBoard Sounds] sounds.exe
O4 - HKLM\..\Run: [lwfut] C:\WINDOWS\lwfut.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\gah32.exe
O4 - HKLM\..\RunServices: [PPPOEOE] winlite.exe
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\RunServices: [MotherBoard Sounds] sounds.exe

O4 - HKCU\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKCU\..\Run: [MSNPluginSrIvcs] n3vasap23.exe
O4 - HKCU\..\Run: [Microsoft USB2 Driver] crmss.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] navapqwa.exe
O4 - HKCU\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKCU\..\Run: [MotherBoard Sounds] sounds.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] navapqwa.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivrs] copq.exe


After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis


Run Pocket KillBox
In the Full Path of File to Delete box, copy and paste the entire line directly below in bold, do not type this in

C:\WINDOWS\2366.reg

Select the radio botton to
Delete on reboot afterwards
Then click the Delete button
The Red circle and a white X
When prompted to Delete on Reboot>>Click YES
If prompted to Reboot Now>>Click NO
Do the same for the below entries

C:\WINDOWS\lwfut.exe
C:\gah32.exe
C:\WINDOWS\System32\navapqwa.exe
C:\WINDOWS\System32\copq.exe
C:\WINDOWS\System32\winlite.exe
C:\WINDOWS\System32\veritas.exe
C:\WINDOWS\System32\sounds.exe
C:\WINDOWS\System32\wdrk32.exe
C:\WINDOWS\System32\swwhost.exe
C:\WINDOWS\System32\mssw32.exe
C:\WINDOWS\System32\navprotect.exe
C:\WINDOWS\System32\n3vasap23.exe
C:\WINDOWS\System32\crmss.exe
C:\WINDOWS\System32\SDK0mCORE.exe


After you have entered the last path to the file name
Allow the computer to Reboot

Back in Windows
Reenable system restore

Download and save too desktop
Zonefix.exe
double click to Run

Post a fresh Hijackthis log

Also, try and navigate too this entry in your registry
START>>RUN>>type regedit
Hit OK
Navigate to this key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

Right click on Lockdown Zones and choose Export
Name it and save it
Close the registry editor>>Navigate to the file you exported
Right click on it and choose EDIT
Copy and paste back the contents

We have to get some Critical updates installed on your computer from Windows Updates after your clean, your open for reinfection
For now, excluding Service pack 2, go to Windows updates and get all other Critical Updates installed

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#34 irish-paddy

irish-paddy

    Member

  • Members
  • PipPipPip
  • 59 posts

Posted 19 April 2005 - 04:06 PM

copuldnt find ANY 180 solutions or anything in the add/remove programs

Disabled System Restore

Ran Windows CleanUp!

Done another scan with Hijackthis and put a check next to all the entries:

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [PPPOEOE] winlite.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [mzolqn] C:\WINDOWS\mzolqn.exe
O4 - HKLM\..\Run: [Veritas Patch] veritas.exe
O4 - HKLM\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\Run: [MotherBoard Sounds] sounds.exe
O4 - HKLM\..\Run: [lwfut] C:\WINDOWS\lwfut.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\gah32.exe
O4 - HKLM\..\RunServices: [PPPOEOE] winlite.exe
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\RunServices: [MotherBoard Sounds] sounds.exe

O4 - HKCU\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKCU\..\Run: [MSNPluginSrIvcs] n3vasap23.exe
O4 - HKCU\..\Run: [Microsoft USB2 Driver] crmss.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] navapqwa.exe
O4 - HKCU\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKCU\..\Run: [MotherBoard Sounds] sounds.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] navapqwa.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivrs] copq.exe

soon as i done this the computer froze, had to restart, also wouldnt let me download Zonefix.exe, had to log on as another user and copy and paste it to my desktop.

deleted everything on reboot with pocket killbox
Reenabled system restore


went into regedit, for some reason this key wasnt there
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones


think this might be a virus is it???
hiberfil.sys
it is in my c:\

#35 irish-paddy

irish-paddy

    Member

  • Members
  • PipPipPip
  • 59 posts

Posted 19 April 2005 - 04:08 PM

heres the log, cheers for all ur help.

p.s. how do i get windows updates?


Logfile of HijackThis v1.99.0
Scan saved at 23:03:07, on 19/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\SCardClnt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eicon\Diva\DiTask.exe
C:\Program Files\Eicon\Diva\Divamon.exe
C:\Program Files\Eicon\Diva\watch.exe
C:\Program Files\Eicon\Diva\diinfo.exe
C:\Program Files\Eicon\Diva\cgserver.exe
C:\Program Files\SoftPerfect Personal Firewall\fw.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\PAT DESKTOP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKLM\..\Run: [SoftPerfect Personal Firewall] "C:\Program Files\SoftPerfect Personal Firewall\fw.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O23 - Service: Deepsight Extractor - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: DeepSight Extractor Service for NPF03 - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04 - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Smart Card Client - Unknown - C:\WINDOWS\SYSTEM32\SCardClnt.exe

#36 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 19 April 2005 - 08:17 PM

Do you have the full version of Trojan Hunter installed on your computer?

If you do please check for updates and run a full system scan

Do get to Windows Updates>>Open IE and click on TOOLS>>Windows updates

Are you sure you can't find this entry in the registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

Also, I see entries in your log related too Symantec, but I don't see the virus scanner running
Are you having problems with it???

Did you remove it?
If you have and need a free Anti-Virus, let me know

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#37 irish-paddy

irish-paddy

    Member

  • Members
  • PipPipPip
  • 59 posts

Posted 20 April 2005 - 03:39 AM

the norton anti-virus wasnt working, had to remove it. tried to download it but it didnt work. yeah need an anti-virus please :D
since my microsoft one seems to have been deleted.


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
this definately isnt there, dont know why, tried to look for it in another user account but its not there!!!


im in work now, but ill do the windows update and trojan hunter when i get home and then get back to u!!!

#38 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 20 April 2005 - 06:00 PM

At the top of this forum you will see a link to Preventive and Removal tools

Open the post and look for the free AV's listed near the top
I prefer AVG or AVAST
Choose only ONE, you don't need more than one running

When downloading ensure you are downloading the free version and not the trial version
After installation, make sure it is fully updated and run a full system scan
Let it fix whatever it finds

Restart your computer afterwards and post a fresh hijackthis log, let me know how everything's running

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#39 irish-paddy

irish-paddy

    Member

  • Members
  • PipPipPip
  • 59 posts

Posted 22 April 2005 - 06:19 AM

computer is running a bit better.
its still freezing all the time and i have no firewall. still cant get my built in microsft firewall to work.

downloaded sygate but it was really really slow and wouldnt let me onto the internet. My trojan hunter is out of date so thats not much use to me.


i downloaded and updated AVAST but it didnt find anything, so i downloaded AVG it found a couple of trojans but it couldnt fix them so i manually deleted them.

Computer still doesnt feel too safe cuz adaware only works in safe mode and still cant open find.bat, it opens for half a second and then closes again.

sorry to be sounding so glum, gona try to get a different firewall but heres my hijack this log :rolleyes:



Logfile of HijackThis v1.99.0
Scan saved at 13:08:23, on 22/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\SCardClnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eicon\Diva\DiTask.exe
C:\Program Files\Eicon\Diva\Divamon.exe
C:\Program Files\Eicon\Diva\diinfo.exe
C:\Program Files\Eicon\Diva\watch.exe
C:\Program Files\Eicon\Diva\cgserver.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PAT DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows TM] rundlI32.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Deepsight Extractor - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: DeepSight Extractor Service for NPF03 - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04 - Unknown - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Smart Card Client - Unknown - C:\WINDOWS\SYSTEM32\SCardClnt.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#40 irish-paddy

irish-paddy

    Member

  • Members
  • PipPipPip
  • 59 posts

Posted 22 April 2005 - 06:22 AM

p.s. i know u said to only download one but AVAST keeps blocking things when im on the computer,
but it didnt detect any viruses!!

and AVG found the viruses,

so i dont know which one to delete/use wat do u think?