« previous next »
Pages: [1]

Author Topic: Task Manager and Registry editing disabled  (Read 449 times)

Offline fudgebandit

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Task Manager and Registry editing disabled
« on: October 11, 2008, 11:51:09 PM »
My Task Manager and Registry editing disabled by administrator

what should i do
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager and Registry editing disabled
« Reply #1 on: October 12, 2008, 03:35:55 PM »
Just on my way out
In the meantime, can you do the following please

Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline fudgebandit

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Task Manager and Registry editing disabled
« Reply #2 on: October 12, 2008, 04:02:15 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:39 AM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\imapi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0056571223702049) (0056571223702049mcinstcleanup) - Unknown owner - C:\DOCUME~1\Sergi\LOCALS~1\Temp\005657~1.EXE (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 6594 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager and Registry editing disabled
« Reply #3 on: October 12, 2008, 04:24:39 PM »
Can I see a couple other logs,
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.
  • Right Click on RSIT.exe and "Run as Administrator"
    Edit, just double click on RSIT.exe and run it, that was meant for a Vista system
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open:  log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
Can you post Both those logs please
« Last Edit: October 12, 2008, 04:47:23 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline fudgebandit

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Task Manager and Registry editing disabled
« Reply #4 on: October 12, 2008, 08:53:16 PM »
info.txt logfile of random's system information tool 1.04 2008-10-12 05:15:48

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem-->agrsmdel
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
MapleStory-->MsiExec.exe /I{706A6867-6CCB-4280-A1E3-BAFBA688D70E}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Logged

Offline fudgebandit

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Task Manager and Registry editing disabled
« Reply #5 on: October 12, 2008, 08:54:56 PM »
Logfile of random's system information tool 1.04 (written by random/random)
Run by Sergi at 2008-10-12 06:46:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 161 GB (95%) free of 170 GB
Total RAM: 511 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:51 AM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sergi\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sergi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0056571223702049) (0056571223702049mcinstcleanup) - Unknown owner - C:\DOCUME~1\Sergi\LOCALS~1\Temp\005657~1.EXE (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 6690 bytes
Logged

Offline fudgebandit

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Task Manager and Registry editing disabled
« Reply #6 on: October 12, 2008, 08:56:31 PM »
======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2008-07-09 246088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-12 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-12 86016]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-07-12 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\wrar371.exe"="D:\wrar371.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\gxqbkb.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\gxqbkb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\mpvb.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\mpvb.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winawxi.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winawxi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\fsan.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\fsan.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\njnxp.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\njnxp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winkqwvp.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winkqwvp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\ymlg.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\ymlg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\nnmm.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\nnmm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winskie.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winskie.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winguix.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winguix.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winytilxk.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winytilxk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winplwmkp.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winplwmkp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winsype.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winsype.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winfugrjd.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winfugrjd.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Logged

Offline fudgebandit

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Task Manager and Registry editing disabled
« Reply #7 on: October 12, 2008, 08:57:36 PM »
======List of files/folders created in the last 1 months======

2008-10-12 05:15:37 ----D---- C:\rsit
2008-10-12 02:07:15 ----D---- C:\Program Files\Trend Micro
2008-10-11 21:32:06 ----D---- C:\Documents and Settings\Sergi\Application Data\Nexon
2008-10-11 21:27:31 ----D---- C:\Nexon
2008-10-11 12:31:14 ----D---- C:\Program Files\Common Files\INCA Shared
2008-10-11 10:45:56 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-10-11 10:45:11 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-11 09:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-11 09:47:17 ----D---- C:\Program Files\SiteAdvisor
2008-10-11 09:43:46 ----D---- C:\Program Files\Common Files\McAfee
2008-10-11 09:43:44 ----D---- C:\Program Files\McAfee.com
2008-10-11 09:43:36 ----D---- C:\Program Files\McAfee
2008-10-11 09:34:33 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-11 09:33:56 ----D---- C:\Documents and Settings\Sergi\Application Data\WinRAR
2008-10-11 09:33:46 ----D---- C:\Program Files\WinRAR
2008-10-11 08:28:02 ----D---- C:\Program Files\DivX
2008-10-11 04:56:50 ----SHD---- C:\RECYCLER
2008-10-11 04:54:07 ----D---- C:\Documents and Settings\Sergi\Application Data\Mozilla
2008-10-11 04:54:02 ----D---- C:\Program Files\Mozilla Firefox
2008-10-11 04:52:39 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-11 04:52:39 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-10-11 04:52:20 ----D---- C:\WINDOWS\system32\Adobe
2008-10-11 04:50:48 ----D---- C:\WINDOWS\Sun
2008-10-11 04:50:48 ----D---- C:\Documents and Settings\Sergi\Application Data\Sun
2008-10-11 04:50:42 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-11 04:50:42 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-11 04:50:42 ----A---- C:\WINDOWS\system32\java.exe
2008-10-11 04:50:21 ----D---- C:\Program Files\Java
2008-10-11 04:50:07 ----D---- C:\Program Files\Common Files\Java
2008-10-11 04:47:49 ----D---- C:\Documents and Settings\Sergi\Application Data\Macromedia
2008-10-11 04:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-11 04:45:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-11 04:45:30 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-11 04:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-11 04:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-11 04:45:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-11 04:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-11 04:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-11 04:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-11 04:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-11 04:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-11 04:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-11 04:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-11 04:44:22 ----D---- C:\WINDOWS\ie7updates
2008-10-11 04:44:07 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-11 04:43:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-11 04:42:38 ----D---- C:\Documents and Settings\Sergi\Application Data\Adobe
2008-10-11 04:39:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-11 04:35:43 ----D---- C:\WINDOWS\nview
2008-10-11 04:35:43 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-11 04:34:57 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-11 04:34:45 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-11 04:28:57 ----D---- C:\Documents and Settings\Sergi\Application Data\Identities
2008-10-11 04:28:55 ----HD---- C:\Program Files\Uninstall Information
2008-10-11 04:28:52 ----SD---- C:\Documents and Settings\Sergi\Application Data\Microsoft
2008-10-11 04:28:52 ----ASH---- C:\Documents and Settings\Sergi\Application Data\desktop.ini
2008-10-11 04:28:01 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-11 04:27:59 ----D---- C:\WINDOWS\Prefetch
2008-10-11 04:27:58 ----SD---- C:\WINDOWS\system32\Microsoft
2008-10-11 04:27:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-11 04:23:55 ----D---- C:\WINDOWS\system32\xircom
2008-10-11 04:23:55 ----D---- C:\Program Files\xerox
2008-10-11 04:23:55 ----D---- C:\Program Files\microsoft frontpage
2008-10-11 04:23:27 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-11 04:23:26 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-11 04:23:18 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-11 04:23:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-11 04:23:07 ----A---- C:\WINDOWS\control.ini
2008-10-11 04:23:07 ----A---- C:\AUTOEXEC.BAT
2008-10-11 04:22:56 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-11 04:22:52 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-11 04:22:03 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-11 04:22:00 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-11 04:21:56 ----HD---- C:\Program Files\WindowsUpdate
2008-10-11 04:21:38 ----D---- C:\WINDOWS\system32\DirectX
2008-10-11 04:21:31 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-11 04:21:28 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-11 04:21:28 ----A---- C:\WINDOWS\desktop.ini
2008-10-11 04:21:22 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-11 04:21:21 ----D---- C:\Program Files\Common Files\Services
2008-10-11 04:21:21 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-11 04:21:19 ----SD---- C:\WINDOWS\Tasks
2008-10-11 04:21:19 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-11 04:21:18 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-11 04:21:13 ----D---- C:\WINDOWS\srchasst
2008-10-11 04:21:12 ----D---- C:\WINDOWS\system32\Macromed
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-11 04:21:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-11 04:21:09 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-11 04:21:09 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-11 04:21:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll
Logged

Offline fudgebandit

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Task Manager and Registry editing disabled
« Reply #8 on: October 12, 2008, 08:58:42 PM »
2008-10-11 04:21:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-11 04:21:06 ----D---- C:\Program Files\Movie Maker
2008-10-11 04:20:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-11 04:20:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-11 04:20:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-11 04:20:51 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-11 04:20:47 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-11 04:20:47 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-11 04:20:46 ----D---- C:\WINDOWS\system32\Restore
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-11 04:20:45 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-11 04:20:45 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-11 04:20:45 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-11 04:20:43 ----D---- C:\Program Files\NetMeeting
2008-10-11 04:20:42 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-11 04:20:42 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-11 04:20:41 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-11 04:20:41 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-11 04:20:39 ----D---- C:\Program Files\Outlook Express
2008-10-11 04:20:39 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-11 04:20:39 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-11 04:20:39 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-11 04:20:38 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-11 04:20:38 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-11 04:20:38 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-11 04:20:38 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-11 04:20:33 ----D---- C:\Program Files\Common Files\System
2008-10-11 04:20:32 ----D---- C:\Program Files\Internet Explorer
2008-10-11 04:20:00 ----D---- C:\Program Files\ComPlus Applications
2008-10-11 04:19:59 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-11 04:19:59 ----A---- C:\WINDOWS\vb.ini
2008-10-11 04:19:55 ----D---- C:\WINDOWS\Registration
2008-10-11 04:19:48 ----D---- C:\Program Files\Online Services
2008-10-11 04:19:37 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-11 04:19:36 ----D---- C:\Program Files\Windows Media Player
2008-10-11 04:19:35 ----D---- C:\Program Files\Messenger
2008-10-11 04:19:31 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-11 04:19:31 ----A---- C:\WINDOWS\system32\write.exe
2008-10-11 04:19:24 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-11 04:19:24 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-11 04:19:24 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-11 04:19:24 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-11 04:19:24 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-11 04:19:23 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-11 04:19:18 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-11 04:19:18 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-11 04:19:18 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-11 04:19:17 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-11 04:19:17 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-11 04:19:17 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-11 04:19:17 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-11 04:19:17 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-11 04:19:15 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-11 04:19:11 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-11 04:18:59 ----D---- C:\Program Files\MSN
2008-10-11 04:18:58 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-11 04:18:58 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-11 04:18:58 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-11 04:18:58 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-11 04:18:57 ----D---- C:\Program Files\Windows NT
2008-10-11 04:18:57 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-11 04:18:57 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-11 04:18:56 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-11 04:18:56 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-11 04:18:55 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-10-11 04:18:55 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-11 04:18:55 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-11 04:18:53 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\rdpwsx.dll
Logged

Offline fudgebandit

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Task Manager and Registry editing disabled
« Reply #9 on: October 12, 2008, 09:00:05 PM »
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-11 04:18:52 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-11 04:18:52 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-11 04:18:52 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-11 04:18:52 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-11 04:18:52 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-11 04:18:51 ----D---- C:\WINDOWS\system32\Com
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-11 04:18:50 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-11 04:18:50 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-11 04:18:50 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-11 04:18:50 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-11 04:18:50 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-11 04:18:49 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-11 04:18:49 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-11 04:18:49 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-11 04:18:49 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-11 04:18:43 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-11 04:18:43 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-11 04:18:43 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-11 04:18:43 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-10 21:11:02 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-10 20:36:18 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-10 20:35:13 ----A---- C:\WINDOWS\imsins.BAK
2008-10-10 20:35:11 ----SHD---- C:\WINDOWS\Installer
2008-10-10 20:35:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-10 20:35:10 ----D---- C:\Program Files\Common Files\ODBC
2008-10-10 20:35:10 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-10 20:35:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-10 20:35:06 ----RD---- C:\Program Files
2008-10-10 20:35:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-10 20:35:06 ----D---- C:\Program Files\Common Files
2008-10-10 20:34:59 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-10 20:34:59 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-10 20:34:59 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-10 20:34:56 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-10 20:34:56 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-10 20:34:56 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-10 20:34:56 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-10 20:34:56 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-10 20:34:51 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-10 20:34:51 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-10 20:34:51 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-10 20:34:51 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-10 20:34:50 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-10 20:34:49 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-10 20:34:49 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-10 20:34:49 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-10 20:34:48 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-10 20:34:48 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-10 20:34:41 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
Logged

Offline fudgebandit

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Task Manager and Registry editing disabled
« Reply #10 on: October 12, 2008, 10:58:12 PM »
i fixed the task manager and the registry editor

but i cant view hidden files or get into safe mode
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager and Registry editing disabled
« Reply #11 on: October 13, 2008, 02:10:14 AM »
Download this file - Combofix.exe and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

post the log from combofix please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »