Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

DOS windows flashed, and now I have frequent popups while on the inter

Started by nosrevia , Jun 09 2008 08:13 PM

  • This topic is locked This topic is locked

#16
nosrevia
Posted 17 June 2008 - 08:31 AM

nosrevia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I did ran the Flash Drive Disinfector, but the next time I plugged in my flash drive I got this prompt from AVG:

Posted Image
  • 0

Advertisements

#17
Mike
Posted 17 June 2008 - 01:02 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

I'm sorry, I didn't believe that the file was dangerous so I had left it. Let's try and make up for my mistake.

Check in add or remove programs if ERUNT is installed, if not please follow the first step, otherwise skip it.

Step 1. Backing Up Your Registry

  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Step 2. Making a registry script

Now please open Notepad by going to Start > Run and typing Notepad.exe in the window that pops up. Press enter and in the notepad window that appears Copy (Ctrl+C) and Paste (Ctrl+P) the following:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000095
Note: it is important to copy this with the spacing left as it is, also make sure "Windows Registry Editor Version 5.00" is the first thing in Notepad (No spaces ahead or anything).

In Notepad click on the "File" menu > Save As... Under "File name" type Fix.reg and Change "Save as type" to All Files
Posted Image
Now double click Fix.reg. A pop-up will appear asking you if you want to import this to your registry click yes.

Step 3. Running OTMoveIt2

Please plug in all your USB and Flash drives to where you normally plug them in!

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    L:\Start.exe
M:\Start.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step 3. Running MalwareByte's Anti-Malware

Re-run MBAM - but in the way I outline here.
  • Once the program has loaded, select "Perform Full Scan", Select all drives OTHER THAN C:\ then click Scan. (C:\ should not be checked.)
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 4. Deckards' System Scanner

Finnally let's see if my stupid mistake got you re-infected.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.

Edited by Mike, 19 June 2008 - 04:51 AM.

  • 0

#18
nosrevia
Posted 18 June 2008 - 06:43 PM

nosrevia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
File move failed. L:\Start.exe scheduled to be moved on reboot.
File move failed. M:\Start.exe scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06182008_192412

Files moved on Reboot...
File move failed. L:\Start.exe scheduled to be moved on reboot.
File move failed. M:\Start.exe scheduled to be moved on reboot.

Unforunately, it seems none of the files were moved. I actually have two flash drives and two hard drives (which both have two partitions on them (hence the L:/ and M:/ because I only use one USB port on mys computer), and I'm assuming they all are infected with the Start.exe file which would make a total of 6 of them). For my flash drives, I went to disk management and just formatted both of them, and it seems to have worked because I no longer get the Start.exe prompt for the flash drives. What else can I do for my hard drives? Should I just run a Killbox and delete the files?

Edited by nosrevia, 18 June 2008 - 06:43 PM.

  • 0

#19
nosrevia
Posted 18 June 2008 - 07:23 PM

nosrevia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-18 19:44:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-19 00:45:02 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-06-18 23:34:28 UTC - RP3 - System Checkpoint
2: 2008-06-17 19:55:21 UTC - RP2 - Software Distribution Service 3.0
1: 2008-06-16 18:11:37 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 0.91 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:42 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Documents and Settings\Owner\Desktop\New Folder (5)\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: bdsripcab - https://media.bdsrea...s/bdsripcab.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...ads/tgctlcm.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse...se/ghplayer.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/...vl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse...zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7834 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-16 16:52:18 0 drahs---- C:\autorun.inf
2008-06-16 12:17:35 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 12:16:11 0 d-------- C:\Program Files\SpywareBlaster
2008-06-16 12:12:13 0 d--h----- C:\$AVG8.VAULT$
2008-06-16 11:25:52 0 d-------- C:\WINDOWS\network diagnostic
2008-06-16 11:13:32 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-16 11:13:32 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-06-16 11:13:12 0 d-------- C:\Program Files\AVG
2008-06-16 11:13:10 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-16 11:08:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-15 14:55:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-15 14:55:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 14:55:30 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 13:55:11 6107168 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-14 13:53:39 0 d-------- C:\Program Files\ZoneAlarmSB
2008-06-14 13:51:48 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-14 13:51:40 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-06-14 13:50:58 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-14 13:43:48 0 d-------- C:\WINDOWS\Internet Logs
2008-06-14 12:16:18 0 d-------- C:\WINDOWS\ERUNT
2008-06-09 21:29:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\SendTo
2008-06-09 21:29:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\My Documents
2008-06-09 21:29:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\Local Settings
2008-06-09 21:29:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\Favorites
2008-06-09 21:29:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\Cookies
2008-06-09 21:29:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\Application Data
2008-06-09 21:29:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\Application Data\Sonic
2008-06-09 21:29:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\Application Data\Real
2008-06-09 21:29:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\Application Data\Microsoft
2008-06-09 21:29:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\Application Data\interMute
2008-06-09 21:29:36 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\Templates
2008-06-09 21:29:36 524288 --ah----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.005\NTUSER.DAT
2008-06-06 12:16:49 0 d-------- C:\Program Files\Trend Micro
2008-06-06 11:42:33 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\WINDOWS
2008-06-06 11:42:33 0 dr------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Start Menu
2008-06-06 11:42:33 0 d--h----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Recent
2008-06-06 11:42:33 0 d--h----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\PrintHood
2008-06-06 11:42:33 0 d--h----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\NetHood
2008-06-06 11:42:33 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Desktop
2008-06-06 11:42:33 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Application Data\Symantec
2008-06-06 11:42:33 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Application Data\Sun
2008-06-06 11:42:33 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Application Data\SampleView
2008-06-06 11:42:33 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Application Data\Identities
2008-06-06 11:42:08 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-06 11:19:52 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Application Data\interMute
2008-06-06 11:19:51 0 d--h----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Templates
2008-06-06 11:19:51 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\SendTo
2008-06-06 11:19:51 524288 --ah----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\NTUSER.DAT
2008-06-06 11:19:51 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\My Documents
2008-06-06 11:19:51 0 d--h----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Local Settings
2008-06-06 11:19:51 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Favorites
2008-06-06 11:19:51 0 d---s---- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Cookies
2008-06-06 11:19:51 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Application Data
2008-06-06 11:19:51 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Application Data\Sonic
2008-06-06 11:19:51 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Application Data\Real
2008-06-06 11:19:51 0 d---s---- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.004\Application Data\Microsoft
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\Templates
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\SendTo
2008-06-04 21:40:18 524288 --ah----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\NTUSER.DAT
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\My Documents
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\Local Settings
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\Favorites
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\Cookies
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\Application Data
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\Application Data\Sonic
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\Application Data\Real
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\Application Data\Microsoft
2008-06-04 21:40:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.003\Application Data\interMute
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\Templates
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\SendTo
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\My Documents
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\Local Settings
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\Favorites
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\Cookies
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\Application Data
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\Application Data\Sonic
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\Application Data\Real
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\Application Data\Microsoft
2008-06-04 15:09:00 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\Application Data\interMute
2008-06-04 15:08:59 524288 --ah----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.002\NTUSER.DAT
2008-06-04 00:17:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\My Documents
2008-06-04 00:17:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\Local Settings
2008-06-04 00:17:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\Favorites
2008-06-04 00:17:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\Cookies
2008-06-04 00:17:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\Application Data
2008-06-04 00:17:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\Application Data\Sonic
2008-06-04 00:17:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\Application Data\Real
2008-06-04 00:17:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\Application Data\Microsoft
2008-06-04 00:17:18 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\Application Data\interMute
2008-06-04 00:17:17 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\Templates
2008-06-04 00:17:17 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\SendTo
2008-06-04 00:17:17 524288 --ah----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.001\NTUSER.DAT
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\Templates
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\SendTo
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\My Documents
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\Local Settings
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\Favorites
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\Cookies
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\Application Data
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\Application Data\Sonic
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\Application Data\Real
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\Application Data\Microsoft
2008-06-03 19:49:07 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\Application Data\interMute
2008-06-03 19:49:06 524288 --ah----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\NTUSER.DAT
2008-06-03 19:07:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Cookies
2008-06-03 19:07:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data
2008-06-03 19:07:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Sonic
2008-06-03 19:07:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Real
2008-06-03 19:07:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Microsoft
2008-06-03 19:07:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\interMute
2008-06-03 19:07:36 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Templates
2008-06-03 19:07:36 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\SendTo
2008-06-03 19:07:36 524288 --ah----- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\NTUSER.DAT
2008-06-03 19:07:36 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\My Documents
2008-06-03 19:07:36 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Local Settings
2008-06-03 19:07:36 0 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Favorites
2008-06-03 17:18:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset
2008-05-30 18:51:33 15204352 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-05-30 18:51:33 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-16 11:08:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-16 10:41:59 0 d-------- C:\Program Files\Common Files\Java
2008-06-15 17:23:20 0 d-------- C:\Program Files\Java
2008-06-15 15:02:37 0 d-------- C:\Program Files\Common Files
2008-06-11 15:31:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2008-06-05 03:40:21 1089 --a----c- C:\WINDOWS\checkip.dat
2008-06-05 03:38:21 1217 --a----c- C:\WINDOWS\ipconfig.dat
2008-05-26 14:12:58 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-17 22:57:36 10 --a------ C:\WINDOWS\popcinfo.dat
2008-05-08 01:38:03 0 d-------- C:\Program Files\CCleaner
2008-05-08 01:10:14 0 dr------- C:\Program Files\mIRC
2008-05-03 22:21:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-03 14:18:23 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-05-03 08:57:15 0 d-------- C:\Program Files\MSN Messenger


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/16/2008 11:13 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/16/2008 11:13 AM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 06:23 AM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 06:15 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 10:02 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 11:01 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [11/03/2003 07:50 PM]
"VTTimer"="VTTimer.exe" [10/22/2004 12:53 PM C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 06:57 PM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [10/29/2003 02:17 PM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/18/2003 02:31 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [02/07/2003 02:03 AM]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [01/17/2006 01:03 PM]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 08:07 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/16/2008 11:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [06/18/2003 10:00 PM]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de5e1c5c-f977-11dc-aba8-000ea69bf967}]
Auto\command- L:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net

18537 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-18 20:03:41 ------------
  • 0

#20
nosrevia
Posted 18 June 2008 - 07:24 PM

nosrevia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3200+
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 447.48 MiB / 83.3 MiB
Pagefile Memory (total/avail): 1055.46 MiB / 798.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.59 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 70.06 GiB total, 1.02 GiB free.
D: is Fixed (FAT32) - 4.45 GiB total, 0.63 GiB free.
E: is CDROM (Unformatted)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is CDROM (No Media)
L: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
M: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 4.46 GiB - D:
\PARTITION1 (bootable) - Installable File System - 70.06 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.473.000 (Check Point, LTD.)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-AT5QGAAC3Z
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-AT5QGAAC3Z
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Sonic\MyDVD;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=YOUR-AT5QGAAC3Z
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Blackhawk Striker from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
DesignPro 5.0 Media Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDF1085A-73FF-4B3B-8726-2A403D400E48}
Directory Lister Pro v1.0 --> "C:\Program Files\Directory Lister Pro\unins000.exe"
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
Excavation from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C56C66C3-3462-4A3F-8661-9E18362A5E7C\Uninstall.exe"
Five Card Frenzy from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
FL Studio 6 --> C:\Program Files\FL Studio 6\uninstall.exe
Fruity Loops Studio Producer Edition XXL v6.04 Patcher --> C:\PROGRA~1\FLSTUD~2\UNWISE.EXE C:\PROGRA~1\FLSTUD~2\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Invision 2.0 Build 3515 --> C:\PROGRA~1\mIRC\UNWISE.EXE C:\PROGRA~1\mIRC\INSTALL.LOG
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
MahJong Suite --> C:\PROGRA~1\MAHJON~1\UNWISE.EXE C:\PROGRA~1\MAHJON~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 5.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314B00544}
Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF9967D8-1999-4260-ACC2-86901AA36650}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\Setup.exe" -l0x9 -L0x9 /SMAINT
Nonprofit Forms --> C:\WINDOWS\unvise32.exe C:\Program Files\Nonprofit Forms\uninstal.log
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Orbital from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Otto from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
River Past Video Cleaner --> C:\WINDOWS\Video Cleaner Uninstaller.exe
RoadRunner --> MsiExec.exe /I{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Secure Game Player --> C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
ShowBiz --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07295ABF-1245-415A-BE06-863271753443}\setup.exe" -l0x9
Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
SmartMovie Converter (for Symbian phones) --> "C:\Program Files\Lonely Cat Games\SmartMovie Converter (for Symbian phones)\IIUninst.exe" C:\Program Files\Lonely Cat Games\SmartMovie Converter (for Symbian phones)\install.log
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow DX --> MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}
Sonic Simple Backup --> MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPER © Version 2007.bld.22 (Mar 14, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Toolkit View(HP) --> c:\Windows\HPTK\unhptkit.exe
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\System32\hg201hp.inf
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type8161 / Error
Event Submitted/Written: 06/18/2008 07:47:03 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type8160 / Error
Event Submitted/Written: 06/18/2008 07:47:03 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type8129 / Error
Event Submitted/Written: 06/15/2008 01:41:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x01fa1558.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type8128 / Error
Event Submitted/Written: 06/15/2008 00:26:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application xpupdate.exe, version 0.0.0.0, faulting module user32.dll, version 5.1.2600.3099, fault address 0x0000a629.
Processing media-specific event for [xpupdate.exe!ws!]

Event Record #/Type8126 / Error
Event Submitted/Written: 06/14/2008 07:15:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application xpupdate.exe, version 0.0.0.0, faulting module user32.dll, version 5.1.2600.3099, fault address 0x0000a629.
Processing media-specific event for [xpupdate.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type63657 / Error
Event Submitted/Written: 06/18/2008 08:01:55 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Event Record #/Type63656 / Error
Event Submitted/Written: 06/18/2008 08:01:25 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.

Event Record #/Type63655 / Error
Event Submitted/Written: 06/18/2008 08:00:55 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.

Event Record #/Type63654 / Error
Event Submitted/Written: 06/18/2008 08:00:26 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the winmgmt service.

Event Record #/Type63653 / Error
Event Submitted/Written: 06/18/2008 07:59:55 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.



-- End of Deckard's System Scanner: finished at 2008-06-18 20:03:41 ------------
  • 0

#21
Mike
Posted 19 June 2008 - 05:25 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

First off a question, did you run MBAM like I told you to? If not please re-visit my previous instructions and run it.

You have viewpoint installed. Viewpoint is considered foistware, however i recommend you uninstall it. Take a look here for some information http://www.clickz.co...ml?page=3561546

To remove it please go and to add or remove programs and uninstall:
Viewpoint Media Player

Then delete this folder: C:\Program Files\Viewpoint

Now, with your harddrives plugged in

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\checkip.dat
C:\WINDOWS\ipconfig.dat
C:\WINDOWS\popcinfo.dat
L:\Start.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de5e1c5c-f977-11dc-aba8-000ea69bf967}
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Finally,

Run a scan with AVG8, let it scan ALL your drives (i.e C:\, L:\, M:\, whatever is available.)

Post back if it found any thing.

post back with the OTMoveIt log and the MBAM log if you haven't run it.

Edited by Mike, 19 June 2008 - 05:26 AM.

  • 0

#22
nosrevia
Posted 24 June 2008 - 11:33 PM

nosrevia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I tried that way 5 times but that software would not move those files for anything! I went ahead and just formatted each drive and put my data back on them. My last question is that my folders once looked like this:
Posted Image

They now look like this:
Posted Image

How can I get my folder view back with the information bar to the left?
  • 0

#23
Mike
Posted 25 June 2008 - 07:48 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
If you reformatted your drives then you are clean.

For the issue you described above:

Go to Start > My Computer.
Click on the tools menu.
Click on Folder options.
Under the General tab, located tasks.
Click on the circle next to Show common tasks in folders.
Click on Apply at the bottom then OK.

Post back if it worked.
  • 0

#24
nosrevia
Posted 25 June 2008 - 02:36 PM

nosrevia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
It won't even let me select the other option.
Posted Image

This little malware really did a number on my computer didn't it? :)
  • 0

#25
Mike
Posted 27 June 2008 - 02:17 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
I thought you reformatted your drives?

The below will take care of the folder policy. Any other problems?

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"WebView"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000

Did AVG find anything new like I asked last post?
  • 0

Advertisements

#26
Mike
Posted 06 July 2008 - 08:28 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP