Cannot access Control Panel or Security Settings

Question

Hi, I'm currently trying to help fix my grandfather's Dell Dimension E510 desktop. It had quite a few infections which I have cleaned up with Ad-aware, PC-Cillin, AVG, and ATF Cleaner.  I still am having trouble though, as I cannot access the Control Panel.  It gives the error message: 'This operation has been cancelled due to restrictions in effect on this computer.  Please contact your system administrator.'  The thing is, he is the system administrator and should have access.  I don't understand what is going on here. Here is the HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:10:12 PM, on 2/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\Explorer.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {17832604-0B2E-40D7-8969-85CDBA619C0f} - C:\WINDOWS\system32\jnnerysq.dll (file missing) O2 - BHO: (no name) - {AF23A702-897D-45D8-8281-2B011A3303Cd} - C:\WINDOWS\system32\jnnerysq.dll (file missing) O2 - BHO: (no name) - {D0F31953-B3E5-49DE-8AB0-7AED5526E9Cd} - C:\WINDOWS\system32\jnnerysq.dll (file missing) O2 - BHO: (no name) - {EC8A11EF-D543-4631-BAB3-09CECF1F760B} - C:\WINDOWS\system32\ddcyw.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [UfSeAgnt.exe] 'C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe' O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative Detector] 'C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe' /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AVSystemCare] C:\Program Files\AVSystemCare\pgs.exe /min O4 - Startup: .protected O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.sxload.net (HKLM) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BD0167CD-7312-4DF8-A906-C607F78C1710}: NameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66 O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O20 - Winlogon Notify: qommkli - qommkli.dll (file missing) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Windows Recovery Monitor (wrepmon) - Unknown owner - C:\WINDOWS\system32\wrepmon.exe (file missing) -- End of file - 7152 bytes Thanks in advance to anyone who can help me with this.

pindleton · Answer

Well, nevermind. I was able to fix the problem myself. After running a program called SDFix.exe, which restored all the registry files (obviously a registry file was corrupted).

SDFix: Version 1.142

Run by Jim Shellhouse on Sat 02/16/2008 at 03:43 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Resetting SecurityProviders Value
Resetting AppInit_DLLs value

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Jim Shellhouse\Application Data\Ultimate Cleaner\settings.dat - Deleted
C:\Documents and Settings\Jim Shellhouse\Application Data\ultra\uninstall.bat - Deleted
C:\.protected - Deleted
C:\Documents and Settings\Jim Shellhouse\Start Menu\Programs\Startup\.protected - Deleted
C:\Documents and Settings\Linda Shellhouse\Start Menu\Programs\Startup\.protected - Deleted
C:\WINDOWS\.protected - Deleted
C:\WINDOWS\system32\drivers\etc\.protected - Deleted
C:\Documents and Settings\Jim Shellhouse\Application Data\Install.dat - Deleted
C:\WINDOWS\inf\ultra.inf - Deleted
C:\WINDOWS\system32\wowfx.dll - Deleted

Folder C:\Documents and Settings\Jim Shellhouse\Application Data\Ultimate Cleaner - Removed
Folder C:\Documents and Settings\Jim Shellhouse\Application Data\ultra - Removed
Folder C:\Program Files\Helper - Removed

Removing Temp Files...

ADS Check:

                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 15:50:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:b7a582bd
"s2"=dword:5fc717c8
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:f5,d9,32,e7,c2,81,ae,2f,8d,c2,5c,f3,bc,81,a8,fc,f2,64,ed,73,24,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,3c,fa,67,ff,51,09,8f,54,76,71,c7,4d,fb,f8,24,ad,97,4c,95,85,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,07,b4,c1,d3,8c,c5,e3,7b,cb,c7,be,7f,99,f0,f7,c0,d9,..
"khjeh"=hex:3f,0a,21,9e,33,2e,5c,59,5b,39,f1,c2,1e,c1,f4,5b,c1,fb,da,a4,18,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:aa,5c,09,16,40,7c,89,50,7f,b3,b8,b4,6e,47,1d,86,67,a3,a6,3b,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:f5,d9,32,e7,c2,81,ae,2f,8d,c2,5c,f3,bc,81,a8,fc,f2,64,ed,73,24,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,3c,fa,67,ff,51,09,8f,54,76,71,c7,4d,fb,f8,24,ad,97,4c,95,85,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,07,b4,c1,d3,8c,c5,e3,7b,cb,c7,be,7f,99,f0,f7,c0,d9,..
"khjeh"=hex:3f,0a,21,9e,33,2e,5c,59,5b,39,f1,c2,1e,c1,f4,5b,c1,fb,da,a4,18,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:aa,5c,09,16,40,7c,89,50,7f,b3,b8,b4,6e,47,1d,86,67,a3,a6,3b,88,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1147461705\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1147461705\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1147461705\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1147461705\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\1157666823\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1157666823\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1157666823\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1157666823\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Activision\\SHReK the THiRD Demo\\SHReK the THiRD.exe"="C:\\Program Files\\Activision\\SHReK the THiRD Demo\\SHReK the THiRD.exe:*:Enabled:SHReK the THiRD(TM) Demo"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe:*:Enabled:_aunchPad"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\printer.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\trant.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Dustin.JIM.000\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Dustin.JIM.000\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\trant.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\spyguard.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\spyguard.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\pcpriv.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\printer.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\trant.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Dustin.JIM.000\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Dustin.JIM.000\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\trant.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\spyguard.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\spyguard.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\pcpriv.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 4 Feb 2007           291 A.SH. --- "C:\vdx.sys"
Tue 11 Sep 2007             4 ..SHR --- "C:\WINOS.SYS"
Fri 12 May 2006            56 A.SHR --- "C:\i386\A1A32BE9C7.sys"
Fri 12 May 2006         2,516 A.SH. --- "C:\i386\KGyGaAvL.sys"
Fri 12 May 2006             8 ..SHR --- "C:\WINDOWS\system32\2BC0129815.sys"
Sun 16 Jul 2006            88 ..SHR --- "C:\WINDOWS\system32\664F8D64DA.sys"
Mon 15 May 2006            56 ..SHR --- "C:\WINDOWS\system32\A1A32BE9C7.sys"
Fri 15 Feb 2008            56 ..SHR --- "C:\WINDOWS\system32\DA648D4F66.sys"
Fri 15 Feb 2008         5,852 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 7 Oct 2005     1,847,296 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE"
Fri 7 Oct 2005        62,464 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL"
Fri 7 Oct 2005        95,232 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE"
Fri 7 Oct 2005        36,864 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL"
Fri 7 Oct 2005        20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE"
Mon 7 May 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 11 May 2007             8 A..H. --- "C:\Documents and Settings\Dustin.JIM.000\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Fri 11 May 2007             8 A..H. --- "C:\Documents and Settings\Dustin.JIM.000\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Fri 11 May 2007             8 A..H. --- "C:\Documents and Settings\Dustin.JIM.000\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Fri 11 May 2007             8 A..H. --- "C:\Documents and Settings\Dustin.JIM.000\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sat 21 Apr 2007             8 A..H. --- "C:\Documents and Settings\Linda Shellhouse\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 21 Apr 2007             8 A..H. --- "C:\Documents and Settings\Linda Shellhouse\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 24 Apr 2007             8 A..H. --- "C:\Documents and Settings\Linda Shellhouse\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 29 Apr 2007             8 A..H. --- "C:\Documents and Settings\Linda Shellhouse\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

mombodog · Answer

Next time please post your log on the appropriate board.     http://www.dellcommunity.com/supportforums/board?board.id=si_hijack

Bugbatter · Answer

It appears that you have more work to do. SDFix is to be run only under the supervision of someone trained in its use. Not only has it left components on your computer, but your system is not clean and is still vulnerable. Please follow mombodog's advice above to post your log. Because we find the nature of P2P programs counter productive to restoring your PC to a healthy state, we ask that you remove P2P file sharing programs prior to posting your log. Thanks. :)

Windows General

Was this post helpful?