Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

pindleton

2 Posts

7615

February 16th, 2008 18:00

Cannot access Control Panel or Security Settings

Hi, I'm currently trying to help fix my grandfather's Dell Dimension E510 desktop. It had quite a few infections which I have cleaned up with Ad-aware, PC-Cillin, AVG, and ATF Cleaner.  I still am having trouble though, as I cannot access the Control Panel.  It gives the error message: "This operation has been cancelled due to restrictions in effect on this computer.  Please contact your system administrator."  The thing is, he is the system administrator and should have access.  I don't understand what is going on here.

Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:12 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17832604-0B2E-40D7-8969-85CDBA619C0f} - C:\WINDOWS\system32\jnnerysq.dll (file missing)
O2 - BHO: (no name) - {AF23A702-897D-45D8-8281-2B011A3303Cd} - C:\WINDOWS\system32\jnnerysq.dll (file missing)
O2 - BHO: (no name) - {D0F31953-B3E5-49DE-8AB0-7AED5526E9Cd} - C:\WINDOWS\system32\jnnerysq.dll (file missing)
O2 - BHO: (no name) - {EC8A11EF-D543-4631-BAB3-09CECF1F760B} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AVSystemCare] C:\Program Files\AVSystemCare\pgs.exe /min
O4 - Startup: .protected
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD0167CD-7312-4DF8-A906-C607F78C1710}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: qommkli - qommkli.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Recovery Monitor (wrepmon) - Unknown owner - C:\WINDOWS\system32\wrepmon.exe (file missing)

--
End of file - 7152 bytes

Thanks in advance to anyone who can help me with this.

pindleton

2 Posts

February 16th, 2008 19:00

Well, nevermind.  I was able to fix the problem myself.  After running a program called SDFix.exe, which restored all the registry files (obviously a registry file was corrupted). 


SDFix: Version 1.142

Run by Jim Shellhouse on Sat 02/16/2008 at 03:43 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Resetting SecurityProviders Value
Resetting AppInit_DLLs value


Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Jim Shellhouse\Application Data\Ultimate Cleaner\settings.dat - Deleted
C:\Documents and Settings\Jim Shellhouse\Application Data\ultra\uninstall.bat - Deleted
C:\.protected - Deleted
C:\Documents and Settings\Jim Shellhouse\Start Menu\Programs\Startup\.protected - Deleted
C:\Documents and Settings\Linda Shellhouse\Start Menu\Programs\Startup\.protected - Deleted
C:\WINDOWS\.protected - Deleted
C:\WINDOWS\system32\drivers\etc\.protected - Deleted
C:\Documents and Settings\Jim Shellhouse\Application Data\Install.dat  - Deleted
C:\WINDOWS\inf\ultra.inf  - Deleted
C:\WINDOWS\system32\wowfx.dll  - Deleted



Folder C:\Documents and Settings\Jim Shellhouse\Application Data\Ultimate Cleaner - Removed
Folder C:\Documents and Settings\Jim Shellhouse\Application Data\ultra - Removed
Folder C:\Program Files\Helper - Removed


Removing Temp Files...

ADS Check:
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 15:50:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:b7a582bd
"s2"=dword:5fc717c8
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:f5,d9,32,e7,c2,81,ae,2f,8d,c2,5c,f3,bc,81,a8,fc,f2,64,ed,73,24,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,3c,fa,67,ff,51,09,8f,54,76,71,c7,4d,fb,f8,24,ad,97,4c,95,85,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,07,b4,c1,d3,8c,c5,e3,7b,cb,c7,be,7f,99,f0,f7,c0,d9,..
"khjeh"=hex:3f,0a,21,9e,33,2e,5c,59,5b,39,f1,c2,1e,c1,f4,5b,c1,fb,da,a4,18,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:aa,5c,09,16,40,7c,89,50,7f,b3,b8,b4,6e,47,1d,86,67,a3,a6,3b,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:f5,d9,32,e7,c2,81,ae,2f,8d,c2,5c,f3,bc,81,a8,fc,f2,64,ed,73,24,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,3c,fa,67,ff,51,09,8f,54,76,71,c7,4d,fb,f8,24,ad,97,4c,95,85,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,07,b4,c1,d3,8c,c5,e3,7b,cb,c7,be,7f,99,f0,f7,c0,d9,..
"khjeh"=hex:3f,0a,21,9e,33,2e,5c,59,5b,39,f1,c2,1e,c1,f4,5b,c1,fb,da,a4,18,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:aa,5c,09,16,40,7c,89,50,7f,b3,b8,b4,6e,47,1d,86,67,a3,a6,3b,88,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1147461705\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1147461705\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1147461705\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1147461705\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\1157666823\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1157666823\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1157666823\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1157666823\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Activision\\SHReK the THiRD Demo\\SHReK the THiRD.exe"="C:\\Program Files\\Activision\\SHReK the THiRD Demo\\SHReK the THiRD.exe:*:Enabled:SHReK the THiRD(TM) Demo"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe:*:Enabled:_aunchPad"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\printer.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\trant.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Dustin.JIM.000\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Dustin.JIM.000\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\trant.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\spyguard.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\spyguard.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\pcpriv.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\printer.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\trant.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Dustin.JIM.000\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Dustin.JIM.000\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\trant.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Linda Shellhouse\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\spyguard.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\spyguard.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\pcpriv.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Jim Shellhouse\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun  4 Feb 2007           291 A.SH. --- "C:\vdx.sys"
Tue 11 Sep 2007             4 ..SHR --- "C:\WINOS.SYS"
Fri 12 May 2006            56 A.SHR --- "C:\i386\A1A32BE9C7.sys"
Fri 12 May 2006         2,516 A.SH. --- "C:\i386\KGyGaAvL.sys"
Fri 12 May 2006             8 ..SHR --- "C:\WINDOWS\system32\2BC0129815.sys"
Sun 16 Jul 2006            88 ..SHR --- "C:\WINDOWS\system32\664F8D64DA.sys"
Mon 15 May 2006            56 ..SHR --- "C:\WINDOWS\system32\A1A32BE9C7.sys"
Fri 15 Feb 2008            56 ..SHR --- "C:\WINDOWS\system32\DA648D4F66.sys"
Fri 15 Feb 2008         5,852 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri  7 Oct 2005     1,847,296 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE"
Fri  7 Oct 2005        62,464 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL"
Fri  7 Oct 2005        95,232 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE"
Fri  7 Oct 2005        36,864 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL"
Fri  7 Oct 2005        20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE"
Mon  7 May 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 11 May 2007             8 A..H. --- "C:\Documents and Settings\Dustin.JIM.000\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Fri 11 May 2007             8 A..H. --- "C:\Documents and Settings\Dustin.JIM.000\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Fri 11 May 2007             8 A..H. --- "C:\Documents and Settings\Dustin.JIM.000\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Fri 11 May 2007             8 A..H. --- "C:\Documents and Settings\Dustin.JIM.000\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sat 21 Apr 2007             8 A..H. --- "C:\Documents and Settings\Linda Shellhouse\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 21 Apr 2007             8 A..H. --- "C:\Documents and Settings\Linda Shellhouse\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 24 Apr 2007             8 A..H. --- "C:\Documents and Settings\Linda Shellhouse\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 29 Apr 2007             8 A..H. --- "C:\Documents and Settings\Linda Shellhouse\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

mombodog

2 Intern

 • 

12.7K Posts

February 17th, 2008 02:00

Next time please post your log on the appropriate board.

 

Bugbatter

3 Apprentice

 • 

20.5K Posts

February 17th, 2008 13:00


It appears that you have more work to do. SDFix is to be run only under the supervision of someone trained in its use. Not only has it left components on your computer, but your system is not clean and is still vulnerable. Please follow mombodog's advice above to post your log. Because we find the nature of P2P programs counter productive to restoring your PC to a healthy state, we ask that you remove P2P file sharing programs prior to posting your log. Thanks. :)

Was this post helpful?

View All

Top