1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

admin restricting virus

Discussion in 'Windows - Virus and spyware problems' started by FCB, Nov 13, 2006.

Page 2 of 2
  1. FCB

    FCB Member

    Joined:
    Jul 17, 2005
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    16
    F C B - 06-11-23 1:23:16.92 Service Pack 2
    ComboFix 06.11.22 - Running from: "C:\Documents and Settings\F C B\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-23 to 2006-11-23 ))))))))))))))))))))))))))))))))))


    2006-11-22 22:00 38,912 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys
    2006-11-21 23:04 <DIR> d-------- C:\WINDOWS\LastGood
    2006-11-18 15:23 <DIR> d-------- C:\!KillBox
    2006-11-13 12:01 <DIR> d-------- C:\Program Files\Motorola Inc
    2006-11-12 13:22 163,328 --a------ C:\WINDOWS\SYSTEM32\wsock32.sys
    2006-11-05 20:30 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
    2006-10-23 11:54 <DIR> d-------- C:\Program Files\_uninstallation_info


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-23 01:22 -------- d-------- C:\Program Files\Maxthon
    2006-11-22 23:56 -------- d-------- C:\Program Files\HLSW
    2006-11-22 22:19 -------- d-------- C:\Program Files\Steam
    2006-11-22 21:30 -------- d-------- C:\Documents and Settings\F C B\Application Data\Azureus
    2006-11-19 10:44 -------- d-------- C:\Program Files\Common Files
    2006-11-18 23:23 -------- d-------- C:\Program Files\Viewpoint
    2006-11-15 17:58 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-11-15 16:50 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-13 12:44 -------- d-------- C:\Program Files\Spy Sweeper
    2006-11-11 09:41 -------- d-------- C:\Program Files\ewido anti-malware
    2006-11-09 14:53 -------- d-------- C:\Documents and Settings\F C B\Application Data\Adobe
    2006-11-05 23:27 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-05 23:05 -------- d-------- C:\Program Files\Ventrilo
    2006-11-05 23:05 -------- d-------- C:\Program Files\DAEMON Tools
    2006-11-05 23:05 -------- d-------- C:\Program Files\Common Files\Stardock
    2006-11-05 23:05 -------- d-------- C:\Program Files\AIM
    2006-11-05 22:54 -------- d-------- C:\Program Files\Windows Media Player
    2006-11-05 22:53 -------- d-------- C:\Program Files\QuickTime
    2006-11-05 22:53 -------- d-------- C:\Program Files\Lexmark 2200 Series
    2006-11-05 22:01 -------- d-------- C:\Program Files\WinRAR
    2006-11-05 22:01 -------- d-------- C:\Program Files\PowerISO
    2006-11-05 22:01 -------- d-------- C:\Program Files\Movie Maker
    2006-11-05 22:00 -------- d-------- C:\Program Files\WinAmp
    2006-11-05 20:37 -------- d-------- C:\Program Files\Panda Software
    2006-11-01 05:13 -------- d-------- C:\Program Files\BSplayerPro
    2006-11-01 05:13 -------- d-------- C:\Documents and Settings\F C B\Application Data\BSplayer Pro
    2006-10-23 11:54 -------- d-------- C:\Program Files\_uninstallation_info
    2006-10-18 22:58 8704 --a------ C:\WINDOWS\SYSTEM32\wdfmgr.exe
    2006-10-18 22:58 8704 --a------ C:\WINDOWS\SYSTEM32\uwdf.exe
    2006-10-18 22:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
    2006-10-18 22:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
    2006-10-18 22:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
    2006-10-18 22:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
    2006-10-18 22:47 767488 --------- C:\WINDOWS\SYSTEM32\WMVSENCD.dll
    2006-10-18 22:47 757248 --a------ C:\WINDOWS\SYSTEM32\WMADMOD.dll
    2006-10-18 22:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
    2006-10-18 22:47 656896 --------- C:\WINDOWS\SYSTEM32\WMVXENCD.dll
    2006-10-18 22:47 63488 --a------ C:\WINDOWS\SYSTEM32\wpdmtpus.dll
    2006-10-18 22:47 629760 --a------ C:\WINDOWS\SYSTEM32\wpd_ci.dll
    2006-10-18 22:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
    2006-10-18 22:47 603648 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOD.dll
    2006-10-18 22:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
    2006-10-18 22:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
    2006-10-18 22:47 429056 --a------ C:\WINDOWS\SYSTEM32\wmdrmdev.dll
    2006-10-18 22:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVE.DLL
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVD.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\wdfapi.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\MPG4DMOD.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP4SDMOD.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP43DMOD.dll
    2006-10-18 22:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
    2006-10-18 22:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
    2006-10-18 22:47 35840 --a------ C:\WINDOWS\SYSTEM32\wpdconns.dll
    2006-10-18 22:47 356352 --a------ C:\WINDOWS\SYSTEM32\wpdsp.dll
    2006-10-18 22:47 348672 --a------ C:\WINDOWS\SYSTEM32\wmdrmnet.dll
    2006-10-18 22:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
    2006-10-18 22:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
    2006-10-18 22:47 317440 --------- C:\WINDOWS\SYSTEM32\MP4SDECD.dll
    2006-10-18 22:47 314880 --a------ C:\WINDOWS\SYSTEM32\wmpdxm.dll
    2006-10-18 22:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
    2006-10-18 22:47 284160 --------- C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
    2006-10-18 22:47 276992 --a------ C:\WINDOWS\SYSTEM32\audiodev.dll
    2006-10-18 22:47 27136 --a------ C:\WINDOWS\SYSTEM32\mspmsnsv.dll
    2006-10-18 22:47 2603008 --------- C:\WINDOWS\SYSTEM32\WpdShext.dll
    2006-10-18 22:47 259072 --------- C:\WINDOWS\SYSTEM32\MPG4DECD.dll
    2006-10-18 22:47 259072 --------- C:\WINDOWS\SYSTEM32\MP43DECD.dll
    2006-10-18 22:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
    2006-10-18 22:47 242688 --a------ C:\WINDOWS\SYSTEM32\wmpasf.dll
    2006-10-18 22:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
    2006-10-18 22:47 227328 --a------ C:\WINDOWS\SYSTEM32\wmerror.dll
    2006-10-18 22:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
    2006-10-18 22:47 212992 --a------ C:\WINDOWS\SYSTEM32\mfplat.dll
    2006-10-18 22:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
    2006-10-18 22:47 204288 --a------ C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
    2006-10-18 22:47 199168 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWMDRM.dll
    2006-10-18 22:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
    2006-10-18 22:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
    2006-10-18 22:47 166912 --------- C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
    2006-10-18 22:47 1661440 --a------ C:\WINDOWS\SYSTEM32\wmpencen.dll
    2006-10-18 22:47 1574912 --------- C:\WINDOWS\SYSTEM32\WMVENCOD.dll
    2006-10-18 22:47 157184 --a------ C:\WINDOWS\SYSTEM32\wmidx.dll
    2006-10-18 22:47 154624 --a------ C:\WINDOWS\SYSTEM32\wpdmtp.dll
    2006-10-18 22:47 1543680 --------- C:\WINDOWS\SYSTEM32\WMVDECOD.dll
    2006-10-18 22:47 1382912 --------- C:\WINDOWS\SYSTEM32\WMVSDECD.dll
    2006-10-18 22:47 133632 --------- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
    2006-10-18 22:47 1329152 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOE.dll
    2006-10-18 22:47 132096 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWiaCompat.dll
    2006-10-18 22:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
    2006-10-18 22:47 11264 --a------ C:\WINDOWS\SYSTEM32\LAPRXY.dll
    2006-10-18 22:47 1117696 --a------ C:\WINDOWS\SYSTEM32\WMADMOE.dll
    2006-10-18 22:47 101888 --------- C:\WINDOWS\SYSTEM32\PortableDeviceClassExtension.dll
    2006-10-18 21:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
    2006-10-18 21:00 38528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys
    2006-10-18 21:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
    2006-10-18 21:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
    2006-10-17 21:15 -------- d-------- C:\Documents and Settings\F C B\Application Data\_FCB_
    2006-10-16 13:07 -------- d-------- C:\Documents and Settings\F C B\Application Data\Skype
    2006-10-16 12:20 -------- d-------- C:\Program Files\Skype
    2006-10-16 10:24 -------- d-------- C:\Program Files\Thrustmaster
    2006-10-14 04:55 -------- d-------- C:\Program Files\MSXML 4.0
    2006-10-13 07:35 65536 --a------ C:\WINDOWS\SYSTEM32\nwwks.dll
    2006-10-13 07:35 64000 --a------ C:\WINDOWS\SYSTEM32\nwapi32.dll
    2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
    2006-10-13 05:23 163584 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nwrdr.sys
    2006-10-02 15:28 312128 --------- C:\WINDOWS\SYSTEM32\msdelta.dll
    2006-10-02 10:36 5896584 --a------ C:\Firefox Setup 2.0 RC 1.exe
    2006-10-01 23:37 -------- d-------- C:\Program Files\Tweak-XP Pro 4
    2006-09-29 04:03 -------- d-------- C:\Documents and Settings\F C B\Application Data\Mozilla
    2006-09-28 20:13 95344 --------- C:\WINDOWS\SYSTEM32\WUDFCoinstaller.dll
    2006-09-28 19:00 82944 --------- C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys
    2006-09-28 18:56 55808 --------- C:\WINDOWS\SYSTEM32\WudfSvc.dll
    2006-09-28 18:56 316416 --------- C:\WINDOWS\SYSTEM32\WUDFx.dll
    2006-09-28 18:56 165376 --------- C:\WINDOWS\SYSTEM32\WudfPlatform.dll
    2006-09-28 18:56 146432 --------- C:\WINDOWS\SYSTEM32\WudfHost.exe
    2006-09-28 18:55 77568 --------- C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys
    2006-09-26 12:01 -------- d-------- C:\Program Files\CyberLink
    2006-09-25 17:58 23856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
    2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
    2006-09-07 20:35 999 --a--c--- C:\WINDOWS\SYSTEM32\vfw_32.reg
    2006-09-07 01:23 737280 --a--c--- C:\WINDOWS\iun6002.exe
    2006-08-25 10:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
    "LDM"="\\Program\\BackWeb-8876480.exe"
    "Steam"=""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NWEReboot"=""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
    "Lexmark 2200 Series"="\"C:\\Program Files\\Lexmark 2200 Series\\lxbvbmgr.exe\""
    "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
    "RegistryOptimizer"="\"C:\\Registry Optimizer 2006\\RegistryOptimizer.exe\" ShowError"
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    @=""
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,e1,00,00,00,00,00,00,00,1f,04,00,00,e1,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
    00,00,01,00,00,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoSMMyPictures"=dword:00000001
    "NoStartMenuMyMusic"=dword:00000001
    "NoStartMenuNetworkPlaces"=dword:00000001
    "ForceClassicControlPanel"=dword:00000001
    "NoDriveAutoRun"=hex:ff,ff,ff,03
    "NoFind"=hex:00,00,00,00
    "NoRecentDocsMenu"=hex:00,00,00,00
    "NoCDBurning"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    "DisableTaskMgr"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "Generic Host Process"="C:\\WINDOWS\\system32\\scvhost.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "IconPackager Repair"="{1799460C-0BC8-4865-B9DF-4A36CD703FF0}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "PeerGuardian"="C:\\Program Files\\PeerGuardian2\\PeerGuardian2\\pg2.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SoundMan"="SOUNDMAN.EXE"
    "VirtualCloneDrive"="\"C:\\Program Files\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
    "C-Media Mixer"="Mixer.exe /startup"
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Pro\\DkIcon.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-11-23 1:24:19.78
    C:\ComboFix.txt ... 06-11-23 01:24
     
    FCB, Nov 22, 2006
    #21
  2. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Hello again FCB. I knew ComboFix would show us something. :) The main parts of the backdoor are still active. Now, I haven't finished looking over you ComboFix log yet, but I wanted to get this info to you quickly because you need this off your computer as soon as possible.

    First, I must warn you:
    The backdoor you have is known as Ciadoor. It allows others control of your computer. Meaning that anything could have been changed without your knowledge and therefore, that computer's security is compromised. It cannot be fully trusted again without a reformat of the HD. But it's your computer and your choice. If you have the resources, I recommend you do so.

    Anyway, on with the fix.
    Restart in safe mode and delete these files:
    C:\WINDOWS\System32\[bold]wsock32.sys[/bold]
    C:\WINDOWS\System32\[bold]ckl009.dat[/bold]

    Restart in normal mode.
    [bold]Edit[/bold]: found something relativity quick.

    Copy the following [bold]bold[/bold] text into Notepad([bold]Not[/bold] Wordpad).

    [bold]regedit /e C:\export-run.reg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"[/bold]

    Name the file [bold]Export.bat[/bold]
    Change the "Save as Type" to [bold]All Files[/bold] and save it on the desktop.
    Double-click Export.bat.
    This will create a backup of the registry located here: C:\export-run.reg


    Next, copy the following [bold]bold[/bold] text into Notepad.

    [bold]REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "Generic Host Process"=-[/bold]

    Make sure there are NO blank lines before REGEDIT4.
    Name the file [bold]Fix.reg[/bold]
    Change the "Save as Type" to [bold]All Files[/bold] and save it on the desktop.
    Open the Fix.reg file and click Yes when prompted to merge.

    Restart your computer and try running either Kaspersky or ActiveScan again. Please post the log if successful.
     
    Last edited: Nov 22, 2006
    Niobis, Nov 22, 2006
    #22
Page 2 of 2

Share This Page