Start Key Short Cuts Not Working

Vincent Willcox · Jan 20, 2005

Hi,
I have beta1, and windows XP with SP2.

I used the anti-spyware to clear all history avalible, including the stuff
that shows on the start bar when you run it.

Now, keys like
WINKEY+R
WINKEY+D
WINKEY+F

Are not working, but pressing the winkey brings up the start bar,

Please help!

Thanks

Steve Dodson [MSFT] · Jan 20, 2005

Vincent,

I cannot repro this on my machines. Was there spyware removed? If there
was, can you tell us what was removed?

-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
--------------------

Vincent Willcox · Jan 21, 2005

Hi,

There where a few items removed,

Here is the log file todate

07/01/2005
08:50:19::------------------------------------------------------------------
07/01/2005 08:50:19::Initializing Clean - (ScanID:
17159D84-085D-4482-AF58-E5AB8B)
07/01/2005 08:50:19::Remove Threat (ID:15076)
07/01/2005 08:50:19::Clean Threat Windows AdTools (ID:15076)
07/01/2005 08:50:20::Terminating IE
07/01/2005 08:50:21::Removing file c:\program files\windows
adcontrol\winadctl.exe
07/01/2005 08:50:22:

isable file c:\program files\windows
adcontrol\winadctl.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\A6C6C952-5C99-44F3-B9D9-E1EB0D\69121B27-E5FE-466E-BE8A-6F454D
07/01/2005 08:50:22:

elete folder c:\program files\windows adcontrol\
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinAdCtlX.Installer\CLSID
[={15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinAdCtlX.Installer\CLSID
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinAdCtlX.Installer
[=WinAdCtlX.Installer
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinAdCtlX.Installer
07/01/2005 08:50:22::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinAdCtlX.Installer
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/WinAdCtlX.dll [.Owner={15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/WinAdCtlX.dll [{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}=
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/WinAdCtlX.dll
07/01/2005 08:50:22::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/WinAdCtlX.dll
07/01/2005 08:50:22:

elete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
[C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll=1]
07/01/2005 08:50:22::Clean Threat Windows AdTools (ID:15076) Complete
07/01/2005 08:50:22::Remove Threat (ID:15076) Complete
07/01/2005 08:50:22::Remove Threat (ID:14827)
07/01/2005 08:50:22::Clean Threat WindUpdates (ID:14827)
07/01/2005 08:50:22::Removing file c:\windows\system32\ide21201.vxd
07/01/2005 08:50:22:

isable file c:\windows\system32\ide21201.vxd and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\DB50B7C1-F4D2-4B9A-A6F5-38FF27\E8AC5CA8-72B8-4004-BFE9-AFBF12
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Contains\Files
[C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll=
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Contains\Files
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Contains
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\DownloadInformation
[CODEBASE=[URL]http://public.windupdates.com/get_file.php?bt=ie&p=742ae6aabe7d3a41bcf4a5afcbb90dcf34dad1f7e20e580a8628a9310ebdbc79ff97ebe1e10940b1a7ee84d6b88713ffc07adc36a6c198daa84af66cad27b7bddb:0bcd3b08a0018c359992be6d71d48cd1[/URL]
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\DownloadInformation
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion [=0,0,0,1
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion
[LastModified=Wed, 17 Nov 2004 22:47:59 GMT
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} [SystemComponent=0
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} [Installer=MSICD
07/01/2005 08:50:22::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
07/01/2005 08:50:22::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
07/01/2005 08:50:22::Clean Threat WindUpdates (ID:14827) Complete
07/01/2005 08:50:22::Remove Threat (ID:14827) Complete
07/01/2005 08:50:22::Remove Threat (ID:2861)
07/01/2005 08:50:22::Clean Threat eXact.BargainBuddy (ID:2861)
07/01/2005 08:50:23::Removing file C:\WINDOWS\bbchk.exe
07/01/2005 08:50:24:

isable file C:\WINDOWS\bbchk.exe and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\22760752-CA14-448F-B230-493D73\28F67D9F-E24A-4A30-B3DB-8E415C
07/01/2005 08:50:24::Clean Threat eXact.BargainBuddy (ID:2861) Complete
07/01/2005 08:50:24::Remove Threat (ID:2861) Complete
07/01/2005 08:50:24::Remove Threat (ID:6994)
07/01/2005 08:50:24::Clean Threat iMesh (ID:6994)
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\aix\bsscdht1.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\aix\bsscdht1.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\81A925F0-0FE8-4E9C-AD70-8AE327
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\dba\bsscdht1.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\dba\bsscdht1.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\8150BF7E-04F0-4BE1-89D9-1DBC9B
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\dec\bsscdht1.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\dec\bsscdht1.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\FF720D4D-22AF-4293-B0C8-06F176
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\hpux\bsscdht1.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\hpux\bsscdht1.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\6972226E-695F-4EDA-B984-E6302B
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\lnx\bsscdht1.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\lnx\bsscdht1.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\A7582A04-EF2A-4F11-82A9-79813A
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\nt_os\bsscdht1.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\nt_os\bsscdht1.js and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\EB461FDC-A674-4106-BD9C-39EFAE
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\oafnd\bsscdht1.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\oafnd\bsscdht1.js and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\D14E5EF0-6EB0-49AA-9CA0-1A8FF9
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\sap\bsscdht1.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\sap\bsscdht1.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\0140E39B-58BE-44CC-BCA1-0C525B
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\sol\bsscdht1.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\sol\bsscdht1.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\2990D7D3-44AD-44DD-BD51-F0AA49
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\aix\bsscdht2.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\aix\bsscdht2.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\935B6500-277A-4484-8194-34A769
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\dba\bsscdht2.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\dba\bsscdht2.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\DDAA7320-7F2C-4B01-8E18-D39FC8
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\dec\bsscdht2.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\dec\bsscdht2.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\5D5196BF-313D-44C9-8F2F-A166FC
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\hpux\bsscdht2.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\hpux\bsscdht2.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\EB1AF8C0-9E99-4283-97F1-4FF2C7
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\lnx\bsscdht2.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\lnx\bsscdht2.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\A55F6C53-46A1-430F-BEEA-C555E5
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\nt_os\bsscdht2.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\nt_os\bsscdht2.js and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\143F0FE7-B2DF-4B9F-949B-C01576
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\oafnd\bsscdht2.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\oafnd\bsscdht2.js and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\FBFFABAC-2C9B-41F4-915F-D636BD
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\sap\bsscdht2.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\sap\bsscdht2.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\EEADFD8E-8B3B-4AD0-83B3-9A44C6
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\sol\bsscdht2.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\sol\bsscdht2.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\224D188D-9164-4277-ABCB-2C8196
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\aix\bsscdhtm.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\aix\bsscdhtm.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\DE3F2AE9-F204-4A00-B598-0EFEC3
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\dba\bsscdhtm.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\dba\bsscdhtm.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\D16B028E-7A71-4D25-A4BB-4E6544
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\dec\bsscdhtm.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\dec\bsscdhtm.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\13F142CD-C8D4-4770-979D-4137B8
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\hpux\bsscdhtm.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\hpux\bsscdhtm.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\D7C317BF-C93A-4A4B-AF65-8EF350
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\lnx\bsscdhtm.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\lnx\bsscdhtm.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\5085ADA7-E644-4C6E-83BF-C1571C
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\nt_os\bsscdhtm.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\nt_os\bsscdhtm.js and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\70B39F95-F496-4528-874A-26C887
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\oafnd\bsscdhtm.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\oafnd\bsscdhtm.js and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\0C1F4C15-1CC5-4438-937B-D389EF
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\sap\bsscdhtm.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\sap\bsscdhtm.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\7D03C766-9536-4CB7-B5D2-2924A1
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\sol\bsscdhtm.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\sol\bsscdhtm.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\56CDA3D0-F0D9-4BC6-8FAB-556DA0
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\aix\webhelp3.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\aix\webhelp3.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\1DD9177D-0FC2-4C98-A789-4F0E77
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\dba\webhelp3.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\dba\webhelp3.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\2DE21065-7DC6-47E4-B913-9D6299
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\dec\webhelp3.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\dec\webhelp3.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\0ACA7A60-15C9-49A3-9366-7BD5F7
07/01/2005 08:50:24::Removing file
C:\oracle\ora92\doc\EM\Webhelp\hpux\webhelp3.js
07/01/2005 08:50:24:

isable file
C:\oracle\ora92\doc\EM\Webhelp\hpux\webhelp3.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\5EF3C132-EC6C-4482-8148-297679
07/01/2005 08:50:25::Removing file
C:\oracle\ora92\doc\EM\Webhelp\lnx\webhelp3.js
07/01/2005 08:50:25:

isable file
C:\oracle\ora92\doc\EM\Webhelp\lnx\webhelp3.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\08630D4B-00E7-43A4-8573-006843
07/01/2005 08:50:25::Removing file
C:\oracle\ora92\doc\EM\Webhelp\nt_os\webhelp3.js
07/01/2005 08:50:25:

isable file
C:\oracle\ora92\doc\EM\Webhelp\nt_os\webhelp3.js and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\7EF529CA-B733-4CA2-BE1D-76F567
07/01/2005 08:50:25::Removing file
C:\oracle\ora92\doc\EM\Webhelp\oafnd\webhelp3.js
07/01/2005 08:50:25:

isable file
C:\oracle\ora92\doc\EM\Webhelp\oafnd\webhelp3.js and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\DDF35B3A-51B7-478B-A94E-814584
07/01/2005 08:50:25::Removing file
C:\oracle\ora92\doc\EM\Webhelp\sap\webhelp3.js
07/01/2005 08:50:25:

isable file
C:\oracle\ora92\doc\EM\Webhelp\sap\webhelp3.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\81B550FC-DC85-4864-8E84-4048F7
07/01/2005 08:50:25::Removing file
C:\oracle\ora92\doc\EM\Webhelp\sol\webhelp3.js
07/01/2005 08:50:25:

isable file
C:\oracle\ora92\doc\EM\Webhelp\sol\webhelp3.js and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\5C7BA7D3-8C2F-4EAB-AB16-C7591E\A327EFC5-4461-408C-AED2-AB0A8F
07/01/2005 08:50:25::Clean Threat iMesh (ID:6994) Complete
07/01/2005 08:50:25::Remove Threat (ID:6994) Complete
07/01/2005 08:50:25::Remove Threat (ID:14768)
07/01/2005 08:50:25::Clean Threat TopRebates (ID:14768)
07/01/2005 08:50:25::Removing file C:\Documents and
Settings\vincent.willcox\Local Settings\Temp\djtopr1150.exe
07/01/2005 08:50:26:

isable file C:\Documents and
Settings\vincent.willcox\Local Settings\Temp\djtopr1150.exe and quarantine
to C:\Program Files\Microsoft
AntiSpyware\Quarantine\FE5D5C69-D98A-4CA9-8975-423BB3\A04CFDDC-FF20-4A16-972D-13A031
07/01/2005 08:50:26::Clean Threat TopRebates (ID:14768) Complete
07/01/2005 08:50:26::Remove Threat (ID:14768) Complete
07/01/2005 08:50:26::Remove Threat (ID:15100)
07/01/2005 08:50:26::Clean Threat Unclassified.Spyware.Loader (ID:15100)
07/01/2005 08:50:27::Removing file C:\WINDOWS\system32\grwinsthlp.exe
07/01/2005 08:50:27:

isable file C:\WINDOWS\system32\grwinsthlp.exe and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\654A856A-FBEC-41D6-823D-16052B\23417EF7-8084-4AD9-82C6-62A58F
07/01/2005 08:50:27::Clean Threat Unclassified.Spyware.Loader (ID:15100)
Complete
07/01/2005 08:50:27::Remove Threat (ID:15100) Complete
07/01/2005 08:50:27::Remove Threat (ID:14814)
07/01/2005 08:50:27::Clean Threat 180search Assistant (ID:14814)
07/01/2005 08:50:29::Removing file C:\Documents and
Settings\vincent.willcox\Local Settings\Temp\jkill.exe
07/01/2005 08:50:29:

isable file C:\Documents and
Settings\vincent.willcox\Local Settings\Temp\jkill.exe and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\7E5CBC73-706A-457C-A6DB-EF2731\467BB641-DE32-4861-B7A4-DC7BBF
07/01/2005 08:50:29::Clean Threat 180search Assistant (ID:14814) Complete
07/01/2005 08:50:30::Remove Threat (ID:14814) Complete
07/01/2005 08:50:30::Remove Threat (ID:3203)
07/01/2005 08:50:30::Clean Threat Blazefind (ID:3203)
07/01/2005 08:50:30::Removing registry value
HKEY_CLASSES_ROOT\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}\InprocServer32
[=C:\WINDOWS\2_0_1browserhelper2.dll
07/01/2005 08:50:30::Removing registry value
HKEY_CLASSES_ROOT\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}\InprocServer32
[ThreadingModel=Apartment
07/01/2005 08:50:30::Removing registry value
HKEY_CLASSES_ROOT\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}\InprocServer32
07/01/2005 08:50:30::Removing registry value
HKEY_CLASSES_ROOT\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2} [=
07/01/2005 08:50:30::Removing registry value
HKEY_CLASSES_ROOT\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}
07/01/2005 08:50:30::Removing registry key
HKEY_CLASSES_ROOT\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}
07/01/2005 08:50:30::Clean Threat Blazefind (ID:3203) Complete
07/01/2005 08:50:30::Remove Threat (ID:3203) Complete
07/01/2005 08:50:30::Remove Threat (ID:14901)
07/01/2005 08:50:30::Clean Threat eXact.CashBack (ID:14901)
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [BuildNumber=8029
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [FirstHit=0
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[FirstHitUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=first_hit[/URL]
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[UninstallUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%d&survey=%s&type=uninstall[/URL]
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[UniqueKeyUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&cond=%s&type=partner_query[/URL]
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [UtilFolder=C:\WINDOWS\system32
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [PartnerName=CDT3
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [PartnerID=425
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [UniqueKey=<CDT3>90152049:16928:8029
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [System=1
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [SYSTEM1=8032
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [PIDNoCB=381,419
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [PIDNoNLS=381,419
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [UninstalledSystem=1
07/01/2005 08:50:30::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
07/01/2005 08:50:30::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
07/01/2005 08:50:30::Clean Threat eXact.CashBack (ID:14901) Complete
07/01/2005 08:50:31::Remove Threat (ID:14901) Complete
07/01/2005 08:50:31::Remove Threat (ID:14903)
07/01/2005 08:50:31::Clean Threat eXact.BullseyeNetwork (ID:14903)
07/01/2005 08:50:31:

elete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BullsEye
Network=C:\Program Files\BullsEye Network\bin\bargains.exe]
07/01/2005 08:50:31::Clean Threat eXact.BullseyeNetwork (ID:14903) Complete
07/01/2005 08:50:31::Remove Threat (ID:14903) Complete
07/01/2005 08:50:31::Unititializing Clean
07/01/2005
08:50:31::------------------------------------------------------------------
10/01/2005 08:16:04::------------------------------------------------
10/01/2005 08:16:04::Starting GIANT AS Cleaner
10/01/2005 08:16:04::Running all Cleaner deletes
10/01/2005 08:16:04::---Starting Quick Cleaner DelFolders
10/01/2005 08:16:04::---Starting Quick Cleaner DelRegKeys
10/01/2005 08:16:04::---Starting Quick Cleaner DelRegValues
10/01/2005 08:16:04::Checking threats to clean
10/01/2005 08:16:04::Ending GIANT AS Cleaner
10/01/2005 08:16:04::------------------------------------------------
11/01/2005
02:24:45::------------------------------------------------------------------
11/01/2005 02:24:45::Initializing Clean - (ScanID:
3BF1901F-2583-4B18-B06B-D0D952)
11/01/2005 02:24:45::Unititializing Clean
11/01/2005
02:24:45::------------------------------------------------------------------
18/01/2005
02:24:23::------------------------------------------------------------------
18/01/2005 02:24:23::Initializing Clean - (ScanID:
ED710760-9114-46D6-AC8C-D679EA)
18/01/2005 02:24:23::Unititializing Clean
18/01/2005
02:24:23::------------------------------------------------------------------
18/01/2005
08:18:37::------------------------------------------------------------------
18/01/2005 08:18:37::Initializing Clean - (ScanID:
ED710760-9114-46D6-AC8C-D679EA)
18/01/2005 08:18:37::Remove Threat (ID:14831)
18/01/2005 08:18:37::Clean Threat Possible Browser Hijack (ID:14831)
18/01/2005 08:18:38::Run custom cleaner Internet Explorer Start Page:
http://intranet (148311)
18/01/2005 08:18:38::Restore IE URL settings
18/01/2005 08:18:38::Clean Threat Possible Browser Hijack (ID:14831)
Complete
18/01/2005 08:18:38::Remove Threat (ID:14831) Complete
18/01/2005 08:18:38::Unititializing Clean
18/01/2005
08:18:38::------------------------------------------------------------------
21/01/2005
02:24:50::------------------------------------------------------------------
21/01/2005 02:24:50::Initializing Clean - (ScanID:
46937041-B450-47B9-BAFC-F5DD4C)
21/01/2005 02:24:50::Unititializing Clean
21/01/2005
02:24:50::------------------------------------------------------------------

"Steve Dodson [MSFT]" said:
Vincent,

I cannot repro this on my machines. Was there spyware removed? If there
was, can you tell us what was removed?

-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no
rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
--------------------

From: "Vincent Willcox" <[email protected]>
Subject: Start Key Short Cuts Not Working
Date: Thu, 20 Jan 2005 10:20:05 -0000
Lines: 18
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-RFC2646: Format=Flowed; Original
Message-ID: <[email protected]>
Newsgroups: microsoft.private.security.spyware.general
NNTP-Posting-Host: 213.249.249.226
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA06.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngsa06
privatenews.microsoft.com!cpmsftngsa05.privatenews.microsoft.com
Xref: cpmsftngxa10.phx.gbl microsoft.private.security.spyware.general:3419
X-Tomcat-NG: microsoft.private.security.spyware.general

Hi,
I have beta1, and windows XP with SP2.

I used the anti-spyware to clear all history avalible, including the stuff
that shows on the start bar when you run it.

Now, keys like
WINKEY+R
WINKEY+D
WINKEY+F

Are not working, but pressing the winkey brings up the start bar,

Please help!

Thanks

Click to expand...

Vincent Willcox · Jan 21, 2005

Also, here is the tracks erasor logs

Cleaning Adobe Acrobat Reader 6.0::14/01/2005 16:07:56
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\Adobe\Acrobat
Reader\6.0\AVGeneral\cRecentFiles\c1
HKEY_CURRENT_USER\Software\Adobe\Acrobat
Reader\6.0\AVGeneral\cRecentFiles\c2
HKEY_CURRENT_USER\Software\Adobe\Acrobat
Reader\6.0\AVGeneral\cRecentFiles\c3
HKEY_CURRENT_USER\Software\Adobe\Acrobat
Reader\6.0\AVGeneral\cRecentFiles\c4
HKEY_CURRENT_USER\Software\Adobe\Acrobat
Reader\6.0\AVGeneral\cRecentFiles\c5
--------------------------------------------------------------::14/01/2005
16:07:56
Cleaning Common Dialog::14/01/2005 16:07:56
--------------------------------------------------------------
Deleteing Keys Under Key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
--------------------------------------------------------------::14/01/2005
16:07:56
Cleaning Internet Explorer History::14/01/2005 16:07:56
--------------------------------------------------------------
Cleaning Dirs
C:\Documents and Settings\vincent.willcox\Local Settings\History\History.IE5
C:\Documents and Settings\vincent.willcox\Local Settings\Temporary Internet
Files
C:\Documents and Settings\vincent.willcox\Recent
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Internet Explorer - URL History::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Microsoft Direct Draw::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Values
HKEY_CURRENT_USER\Software\Microsoft\DirectDraw\MostRecentApplicationName
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Microsoft Paint::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent
File List
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Office 97 Recent Files::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Access\Settings
HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Excel\Recent File List
HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Project\Recent File List
HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\PowerPoint\Recent File List
HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\PowerPoint\Recent Folder
List
HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Common\Internet\LocationOfComponents
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Start Menu Run::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Start Menu Search::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer
Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer
Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Temporary Internet Files::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Dirs
C:\Documents and Settings\vincent.willcox\Local Settings\Temporary Internet
Files
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Visual Basic 6.0 Recent Files::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\Microsoft\Visual Basic\6.0\RecentFiles
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Windows Explorer::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Cleaning Dirs
C:\Documents and Settings\Administrator\Recent
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Windows FTP Accounts::14/01/2005 16:09:04
--------------------------------------------------------------
Deleteing Keys Under Key
HKEY_CURRENT_USER\Software\Microsoft\Ftp\Accounts
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Windows Media Player::14/01/2005 16:09:04
--------------------------------------------------------------
Deleting Keys
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentFileList
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentURLList
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Radio\MRUList
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Windows Recent Documents::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Dirs
C:\Documents and Settings\vincent.willcox\Recent
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Windows Recycle Bin::14/01/2005 16:09:04
--------------------------------------------------------------
Cleaning Dirs

Failed to Delete:
--------------------------------------------------------------::14/01/2005
16:09:04
Cleaning Windows Temporary Files::14/01/2005 16:09:05
--------------------------------------------------------------
Cleaning Dirs

Failed to Delete:
--------------------------------------------------------------::14/01/2005
16:09:05
Cleaning WinRAR::14/01/2005 16:09:05
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Cleaning Values
HKEY_CURRENT_USER\Software\WinRAR\General\LastFolder
--------------------------------------------------------------::14/01/2005
16:09:05
Cleaning WinZip::14/01/2005 16:09:05
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\filemenu
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\extract
Cleaning Values
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\directories\DefDir
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\directories\gzAddDir
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\directories\zDefDir
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\directories\AddDir
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\directories\gzExtractTo
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\directories\ExtractTo
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\rrs\Opened
--------------------------------------------------------------::14/01/2005
16:09:05
Cleaning WordPad::14/01/2005 16:09:05
--------------------------------------------------------------
Cleaning Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent
File List
--------------------------------------------------------------::14/01/2005
16:09:05

"Steve Dodson [MSFT]" said:
Vincent,

I cannot repro this on my machines. Was there spyware removed? If there
was, can you tell us what was removed?

-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no
rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
--------------------

From: "Vincent Willcox" <[email protected]>
Subject: Start Key Short Cuts Not Working
Date: Thu, 20 Jan 2005 10:20:05 -0000
Lines: 18
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-RFC2646: Format=Flowed; Original
Message-ID: <[email protected]>
Newsgroups: microsoft.private.security.spyware.general
NNTP-Posting-Host: 213.249.249.226
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA06.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngsa06
privatenews.microsoft.com!cpmsftngsa05.privatenews.microsoft.com
Xref: cpmsftngxa10.phx.gbl microsoft.private.security.spyware.general:3419
X-Tomcat-NG: microsoft.private.security.spyware.general

Hi,
I have beta1, and windows XP with SP2.

I used the anti-spyware to clear all history avalible, including the stuff
that shows on the start bar when you run it.

Now, keys like
WINKEY+R
WINKEY+D
WINKEY+F

Are not working, but pressing the winkey brings up the start bar,

Please help!

Thanks

Click to expand...