Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

log below for testaplus spyware problem ...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

...thanks for reopening ...

Unread postby ccinmfd » March 20th, 2006, 8:24 am

Results from the latest:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Users"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Warning (option /rgu) - There is no ACE to remove!


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Users"
Warning (option /rgu) - There is no ACE to remove!


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}/rgu:

2 - The system cannot find the file specified.

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Users"
Warning (option /rgu) - There is no ACE to remove!


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Setting F(CI) permissions for predefined group "System"
- removing existing entry
- adding new entry
Warning: There is an inherited ACE for this account which will not be changed!
Warning: There is an inherited ACE for this account which will not be changed!


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Setting F(CI) permissions for predefined group "System"
- adding new entry


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Setting F(CI) permissions for predefined group "System"
- adding new entry


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Setting F(CI) permissions for predefined group "System"
- adding new entry

* * * * * *


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects:
($07) DENY ----N----- Everyone
($07) ALLOW Q--E---S-- Everyone
(CI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access SYSTEMAX\carrollc
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects:
Q--E---S-- Everyone
QWCE-LDSAO NT AUTHORITY\SYSTEM
Q--E---S-- BUILTIN\Users
QWCE--DS-- BUILTIN\Power Users
QWCE-LDSAO BUILTIN\Administrators
QWCE-LDSAO SYSTEMAX\carrollc

* * * * * * *

Sun 03/19/2006 2:04:00.09
Backup Created Successfully
....
Creating HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty

The operation completed successfully
....
Saving HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty

The operation completed successfully
....
Deleting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty

The operation completed successfully
....
Replacing HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects with empty hive

Error: Access is denied.
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT
Advertisement
Register to Remove

Unread postby Linkmaster » March 20th, 2006, 8:31 am

Please post a fresh HijackThis log here

Thank you !
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

HiJackthis log

Unread postby ccinmfd » March 20th, 2006, 8:33 am

Logfile of HijackThis v1.99.1
Scan saved at 7:32:01 AM, on 3/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
C:\Program Files\Common Files\AOL\1101774857\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1101774857\ee\AOLServiceHost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1101774857\ee\AOLServiceHost.exe
c:\program files\common files\aol\1101774857\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\carrollc\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A} - (no file)
O2 - BHO: (no name) - {6537283D-964A-CBD4-C67B-7091E7AC8979} - (no file)
O2 - BHO: (no name) - {EBB4A740-CDEF-2FEA-7B76-BB8815E8A690} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101774857\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HPWG myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iPod\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\EA SPORTS\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_2 ... lashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFBC7FB-20CD-4ABB-A1A4-B64B40758E90}: Domain = boysvillage.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFBC7FB-20CD-4ABB-A1A4-B64B40758E90}: NameServer = 10.129.1.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = boysvillage.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = boysvillage.org
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT

Unread postby Linkmaster » March 20th, 2006, 8:46 am

Thanks, ccinmfd !

Those 3 entries seem to be a pain to remove.
I have notified the expert and we should have an answer soon !!

Thanks for your patience !!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby Linkmaster » March 20th, 2006, 8:48 am

Lets try to remove them anyway !!

Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

O2 - BHO: (no name) - {62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A} - (no file)
O2 - BHO: (no name) - {6537283D-964A-CBD4-C67B-7091E7AC8979} - (no file)
O2 - BHO: (no name) - {EBB4A740-CDEF-2FEA-7B76-BB8815E8A690} - (no file)


Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked

Reboot and post a fresh HijackThis log here
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Fresh HiJackThis log ...

Unread postby ccinmfd » March 20th, 2006, 8:56 am

...

Logfile of HijackThis v1.99.1
Scan saved at 7:53:36 AM, on 3/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
C:\Program Files\Common Files\AOL\1101774857\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1101774857\ee\AOLServiceHost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1101774857\ee\AOLServiceHost.exe
c:\program files\common files\aol\1101774857\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Documents and Settings\carrollc\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A} - (no file)
O2 - BHO: (no name) - {6537283D-964A-CBD4-C67B-7091E7AC8979} - (no file)
O2 - BHO: (no name) - {EBB4A740-CDEF-2FEA-7B76-BB8815E8A690} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101774857\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HPWG myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iPod\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\EA SPORTS\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_2 ... lashAX.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT

Unread postby Linkmaster » March 20th, 2006, 8:57 am

They just don't want to go away !!

I should have a response soon !!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

ok ...

Unread postby ccinmfd » March 20th, 2006, 8:58 am

... will wait to hear back from you ... thanks for your time ... ccinmfd
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT

Unread postby Linkmaster » March 20th, 2006, 1:49 pm

Copy/paste the following text into a new Notepad document. Make sure that wordwrap is turned off.

@echo off
if exist regperms.txt del regperms.txt
if exist newperms.txt del newperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /GGE:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}" /GGE:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}" /GGE:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}" /GGE:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /GGS:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}" /GGS:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}" /GGS:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}" /GGS:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /GGA:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}" /GGA:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}" /GGA:F >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}" /GGA:F >> regperms.txt


Save it in the new Import folder on your desktop as setperm.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: setperm.bat

Overwrite the existing setpermbat. Open the Import folder on your Desktop. Double click setperm.bat.
Reboot the PC
______________________________

Open the Import folder on your Desktop.
  • Watch the clock in your task bar.
  • When the minute turns over...
  • Double click Importbat.vbs
You will get a "Setup Done" prompt. The application will appear to do nothing ... wait a minute and Notepad will open with logit.txt.

If your antivirus alerts you about the script, allow it to run. It is not malicious.
______________________________

Copy/paste the following text into a new Notepad document. Make sure that wordwrap is turned off.

@echo off

type regperms.txt >> newperms.txt
echo. >> newperms.txt
echo New perms >> newperms.txt
echo. >> newperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /L /E >> newperms.txt

Notepad newperms.txt


Save it in the new Import folder on your desktop as readperm.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: readperm.bat

Overwrite the existing readperm.bat. Open the Import folder on your Desktop. Double click readperm.bat. Notepad will open with newperms.txt.

Please post content of logit.txt & newperms.txt. You might need several replies to post the logs.
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

latest posts ....

Unread postby ccinmfd » March 20th, 2006, 6:37 pm

Mon 03/20/2006 17:32:00.09
Backup Created Successfully
....
Creating HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty

The operation completed successfully
....
Saving HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty

The operation completed successfully
....
Deleting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty

The operation completed successfully
....
Replacing HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects with empty hive

Error: Access is denied.

* * * * * * *


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for really "Everyone"
- really "Everyone" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for really "Everyone"
- really "Everyone" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for really "Everyone"
- really "Everyone" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for really "Everyone"
- really "Everyone" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for predefined group "System"
- predefined group "System" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for predefined group "System"
- predefined group "System" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for predefined group "System"
- predefined group "System" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for predefined group "System"
- predefined group "System" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for predefined group "Administrators"
- predefined group "Administrators" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for predefined group "Administrators"
- predefined group "Administrators" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for predefined group "Administrators"
- predefined group "Administrators" has already all permissions you want to grant


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Granting "F" access for predefined group "Administrators"
- predefined group "Administrators" has already all permissions you want to grant


New perms


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects:
($07) DENY ----N----- Everyone
($07) ALLOW Q--E---S-- Everyone
(CI) ALLOW Full access NT AUTHORITY\SYSTEM
(CI) ALLOW Full access Everyone
(CI) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access SYSTEMAX\carrollc
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects:
QWCE-LDSAO Everyone
QWCE-LDSAO NT AUTHORITY\SYSTEM
QWCE-LDSAO BUILTIN\Administrators
QWCE-LDSAO BUILTIN\Users
QWCE-LDSAO BUILTIN\Power Users
QWCE-LDSAO SYSTEMAX\carrollc
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT

Unread postby Linkmaster » March 21st, 2006, 7:43 am

Consulting with expert. I will post soon !!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

... next post ...

Unread postby ccinmfd » March 22nd, 2006, 7:47 pm

OK ... in the meantime, I am getting rid of all my son's poker web sites ... for about the fifth time ... he's 17-years-old and about five months ago, I received a check for $100 in my name from PartyPoker.com ... it seems that my son was playing online for money in my name ... well, we ended that quickly ... but he's still playing and winning money ... a check for $300 came to him recently ... my question to you is: isn't it illegal for an underaged teen to play poker online for money? do you have any suggestions on who I can contact to complain to? regards, ccinmfd
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT

Unread postby Linkmaster » March 23rd, 2006, 8:07 am

One more time :

Copy/paste the following text into a new Notepad document. Make sure that wordwrap is turned off.

@echo off
if exist regperms.txt del regperms.txt
if exist perms.txt del perms.txt
if exist newperms.txt del newperms.txt

regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /P- >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}" /P- >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}" /P- >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}" /P- >> regperms.txt

echo. >> regperms.txt

For %%i in ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}", "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}") Do regdacl %%i /L /E >> regperms.txt

Notepad regperms.txt


Save it in the new Import folder on your desktop as setperm.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: setperm.bat

Overwrite the existing setperm.bat

Open the Import folder on your Desktop. Double click setperm.bat. Notepad will open with regperms.txt. Post the content please
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

new post ...

Unread postby ccinmfd » March 25th, 2006, 11:52 am

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Information: Protection from inheritable permissions is already deactivated


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Deactivating protection from inheritable permissions


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Deactivating protection from inheritable permissions


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Deactivating protection from inheritable permissions



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer:
Read BUILTIN\Users
QWCEN-DS-- BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects:
($07) DENY ----N----- Everyone
($07) ALLOW Q--E---S-- Everyone
(CI) ALLOW Full access NT AUTHORITY\SYSTEM
(CI) ALLOW Full access Everyone
(CI) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access SYSTEMAX\carrollc
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects:
QWCE-LDSAO Everyone
QWCE-LDSAO NT AUTHORITY\SYSTEM
QWCE-LDSAO BUILTIN\Administrators
QWCE-LDSAO BUILTIN\Users
QWCE-LDSAO BUILTIN\Power Users
QWCE-LDSAO SYSTEMAX\carrollc



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}:
(ID-NI) DENY ----N----- Everyone
(ID-NI) ALLOW Q--E---S-- Everyone
(ID-CI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-CI) ALLOW Full access Everyone
(ID-CI) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access SYSTEMAX\carrollc
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}:
QWCE-LDSAO Everyone
QWCE-LDSAO NT AUTHORITY\SYSTEM
QWCE-LDSAO BUILTIN\Administrators
QWCE-LDSAO BUILTIN\Users
QWCE-LDSAO BUILTIN\Power Users
QWCE-LDSAO SYSTEMAX\carrollc



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}:
(ID-NI) DENY ----N----- Everyone
(ID-NI) ALLOW Q--E---S-- Everyone
(ID-CI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-CI) ALLOW Full access Everyone
(ID-CI) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access SYSTEMAX\carrollc
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}:
QWCE-LDSAO Everyone
QWCE-LDSAO NT AUTHORITY\SYSTEM
QWCE-LDSAO BUILTIN\Administrators
QWCE-LDSAO BUILTIN\Users
QWCE-LDSAO BUILTIN\Power Users
QWCE-LDSAO SYSTEMAX\carrollc



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}:
(ID-NI) DENY ----N----- Everyone
(ID-NI) ALLOW Q--E---S-- Everyone
(ID-CI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-CI) ALLOW Full access Everyone
(ID-CI) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access SYSTEMAX\carrollc
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}:
QWCE-LDSAO Everyone
QWCE-LDSAO NT AUTHORITY\SYSTEM
QWCE-LDSAO BUILTIN\Administrators
QWCE-LDSAO BUILTIN\Users
QWCE-LDSAO BUILTIN\Power Users
QWCE-LDSAO SYSTEMAX\carrollc
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT

message missing??

Unread postby ccinmfd » March 25th, 2006, 11:56 am

I was told of a private message per the following instructions but didn't receive one:

Hello ccinmfd,

You have received a new private message to your account on "MalWare Removal" and you have requested that you be notified on this event. You can view your new message by clicking on the following link:

http://www.malwareremoval.com/forum/privmsg ... lder=inbox

Remember that you can always choose not to be notified of new messages by changing the appropriate setting in your profile.

--
PLEASE DO NOT REPLY TO THIS EMAIL - this email address is only used to send out emails from the forum, all incoming emails are auto deleted and never seen by any human.



Thanks, The Management of MalwareRemoval.com
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware