Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I'm hit [CLOSED]


  • This topic is locked This topic is locked

#1
Maswati

Maswati

    New Member

  • Member
  • Pip
  • 5 posts
Hi,

My system is getting slower. My personal documents are wiped off. My applications and my D drive are gone..system tray is showing 'VIRUS ALERT'. Please help. Attached is the hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00: VIRUS ALERT!, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: (no name) - {28030FA8-2428-4DE6-B0F3-CE9494E1A412} - C:\WINDOWS\system32\cbXNFxXR.dll (file missing)
O2 - BHO: QXK Olive - {2FAD2D0E-8EDC-42D5-99DD-CF65D2D89B22} - C:\WINDOWS\nfavxwdbbfk.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {a67cde47-7d65-3528-dab4-07fd9b0787f8} - {8f7870b9-df70-4bad-8253-56d774edc76a} - C:\WINDOWS\system32\ppgqri.dll
O2 - BHO: (no name) - {9BD0BCB4-885E-44C1-916E-8DD7BC36FEF9} - C:\WINDOWS\system32\rqRkihii.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: fdkowvbp - {E82E9D76-F0A8-4286-ADB5-52FFE3E79868} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [94a99cfa] rundll32.exe "C:\WINDOWS\system32\qwvryprl.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyGuarder] C:\Program Files\SpyGuarder\SpyGuarder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll qkocen.dll
O20 - Winlogon Notify: cbXNFxXR - cbXNFxXR.dll (file missing)
O22 - SharedTaskScheduler: bimaculate - {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - C:\WINDOWS\system32\kknwg.dll (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6553 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Maswati

Maswati

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
SDFix: Version 1.214
Run by Mas on Sun 08/10/2008 at 10:27 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\LOG12.TMP - Deleted
C:\LOG14.TMP - Deleted
C:\LOG2.TMP - Deleted
C:\LOG22.TMP - Deleted
C:\LOG3.TMP - Deleted
C:\LOG35.TMP - Deleted
C:\LOG4.TMP - Deleted
C:\LOG54.TMP - Deleted
C:\LOG5C.TMP - Deleted
C:\LOG6.TMP - Deleted
C:\LOG7.TMP - Deleted
C:\LOG70.TMP - Deleted
C:\LOG7D.TMP - Deleted
C:\LOG84.TMP - Deleted
C:\Documents and Settings\Mas\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted



Folder C:\Documents and Settings\Mas\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 22:37:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-02-18_11-15-00PM\\jre\\1.4.2\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-02-18_11-15-00PM\\jre\\1.4.2\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe"="C:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe:*:Enabled:java"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-03-02_06-14-56PM\\jre\\1.4.2\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-03-02_06-14-56PM\\jre\\1.4.2\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-04-07_01-08-52AM\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-04-07_01-08-52AM\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-04-07_02-11-42AM\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-04-07_02-11-42AM\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-05-04_11-06-57PM\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-05-04_11-06-57PM\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-05-27_09-06-20PM\\jre\\1.4.2\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-05-27_09-06-20PM\\jre\\1.4.2\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 14 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sun 10 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 14 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Mas\Application Data\U3\temp\Launchpad Removal.exe"

Finished!
  • 0

#4
Maswati

Maswati

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
haizDeckard's System Scanner v20071014.68
Run by Mas on 2008-08-10 23:04:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
42: 2008-08-10 15:04:56 UTC - RP191 - Deckard's System Scanner Restore Point
41: 2008-08-08 20:09:46 UTC - RP190 - System Checkpoint
40: 2008-08-03 07:51:52 UTC - RP189 - Installed MapleStory
39: 2008-08-03 07:34:47 UTC - RP188 - System Checkpoint
38: 2008-07-30 10:05:02 UTC - RP187 - Last known good configuration


-- First Restore Point --
1: 2008-07-30 10:02:19 UTC - RP150 - Installed Volcano


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mas.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:56 PM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Documents and Settings\Mas\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mas.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {9BD0BCB4-885E-44C1-916E-8DD7BC36FEF9} - C:\WINDOWS\system32\rqRkihii.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll qkocen.dll
O20 - Winlogon Notify: cbXNFxXR - cbXNFxXR.dll (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 4536 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 catchme - c:\docume~1\mas\locals~1\temp\catchme.sys (file missing)

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 USB-100 (Compex LinkPort/UE202-B USB To Fast Ethernet Adapter) - c:\windows\system32\drivers\ue202b.sys <Not Verified; Realtek; Realtek 8150-series USB NIC>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 22:23:40 0 d-------- C:\WINDOWS\ERUNT
2008-08-10 21:16:36 0 d-------- C:\Documents and Settings\Mas\Application Data\Malwarebytes
2008-08-10 21:16:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 21:16:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 21:16:06 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-10 21:09:08 0 d-------- C:\Program Files\Panda Security
2008-08-10 20:59:54 0 d-------- C:\Program Files\Trend Micro
2008-08-03 15:54:58 0 d-------- C:\WINDOWS\Application Data
2008-08-03 15:54:25 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-08-03 15:54:23 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-08-03 15:51:53 0 d-------- C:\Program Files\WIZET
2008-08-02 20:26:18 0 --a------ C:\Program Files\temp01
2008-08-02 20:26:14 0 d-------- C:\Program Files\bfgclient
2008-08-02 20:24:38 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-30 18:02:09 335402 --ahs---- C:\WINDOWS\system32\iihikRqr.ini2
2008-07-30 17:44:12 0 d-------- C:\Documents and Settings\Mas\Application Data\TmpRecentIcons
2008-07-19 22:10:24 0 d-------- C:\Documents and Settings\Mas\Application Data\U3
2008-07-11 23:59:48 0 dr-h----- C:\Documents and Settings\Mas\Recent
2008-07-11 23:44:00 0 d--h----- C:\$AVG8.VAULT$
2008-07-11 23:11:18 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-11 23:11:17 0 d-------- C:\Documents and Settings\Mas\Application Data\AVGTOOLBAR
2008-07-11 23:10:58 0 d-------- C:\Program Files\AVG
2008-07-11 23:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-11 23:10:26 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-07-11 22:45:31 0 d-------- C:\AVG


-- Find3M Report ---------------------------------------------------------------

2008-08-10 22:34:55 8405015 --a------ C:\WINDOWS\TempFile
2008-08-10 21:16:06 0 d-------- C:\Program Files\Common Files
2008-08-10 15:34:06 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-03 15:51:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-28 00:03:11 0 d-------- C:\Documents and Settings\Mas\Application Data\Winff
2008-07-09 00:42:44 20720 --a------ C:\Documents and Settings\Mas\Application Data\GDIPFONTCACHEV1.DAT
2008-07-01 22:19:31 0 d-------- C:\Program Files\WinFF
2008-06-21 16:33:05 0 d-------- C:\Program Files\Skype
2008-06-14 18:12:39 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-14 18:08:00 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-14 17:55:10 0 d-------- C:\Program Files\Sony


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BD0BCB4-885E-44C1-916E-8DD7BC36FEF9}]
C:\WINDOWS\system32\rqRkihii.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/11/2008 11:11 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/11/2008 11:11 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/20/2008 10:23 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/11/2008 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNFxXR]
cbXNFxXR.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll qkocen.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRkihii

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{019c4c8b-45dc-11dd-9a09-000c7619b036}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Bha.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15c6cee3-c83a-11dc-98a6-000c7619b036}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2eb941be-fb4d-11dc-993b-000c7619b036}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92071770-f286-11dc-9924-000c7619b036}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Bha.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adacc40a-c75e-11dc-98a3-000c7619b036}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Bha.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2de7ba4-d6f2-11dc-98d8-000c7619b036}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2de7baa-d6f2-11dc-98d8-000c7619b036}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe




-- End of Deckard's System Scanner: finished at 2008-08-10 23:06:51 ------------
  • 0

#5
Maswati

Maswati

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
SDFix: Version 1.214
Run by Mas on Sun 08/10/2008 at 10:27 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\LOG12.TMP - Deleted
C:\LOG14.TMP - Deleted
C:\LOG2.TMP - Deleted
C:\LOG22.TMP - Deleted
C:\LOG3.TMP - Deleted
C:\LOG35.TMP - Deleted
C:\LOG4.TMP - Deleted
C:\LOG54.TMP - Deleted
C:\LOG5C.TMP - Deleted
C:\LOG6.TMP - Deleted
C:\LOG7.TMP - Deleted
C:\LOG70.TMP - Deleted
C:\LOG7D.TMP - Deleted
C:\LOG84.TMP - Deleted
C:\Documents and Settings\Mas\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted



Folder C:\Documents and Settings\Mas\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 22:37:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-02-18_11-15-00PM\\jre\\1.4.2\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-02-18_11-15-00PM\\jre\\1.4.2\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe"="C:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe:*:Enabled:java"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-03-02_06-14-56PM\\jre\\1.4.2\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-03-02_06-14-56PM\\jre\\1.4.2\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-04-07_01-08-52AM\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-04-07_01-08-52AM\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-04-07_02-11-42AM\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-04-07_02-11-42AM\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-05-04_11-06-57PM\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-05-04_11-06-57PM\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-05-27_09-06-20PM\\jre\\1.4.2\\bin\\javaw.exe"="C:\\Documents and Settings\\Mas\\Local Settings\\Temp\\OraInstall2008-05-27_09-06-20PM\\jre\\1.4.2\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 14 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sun 10 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 14 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Mas\Application Data\U3\temp\Launchpad Removal.exe"

Finished!
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {9BD0BCB4-885E-44C1-916E-8DD7BC36FEF9} - C:\WINDOWS\system32\rqRkihii.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - Winlogon Notify: cbXNFxXR - cbXNFxXR.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\temp01
    C:\WINDOWS\system32\iihikRqr.ini2
    G:\Recycled\ctfmon.exe
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{019c4c8b-45dc-11dd-9a09-000c7619b036}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15c6cee3-c83a-11dc-98a6-000c7619b036}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2eb941be-fb4d-11dc-993b-000c7619b036}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92071770-f286-11dc-9924-000c7619b036}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adacc40a-c75e-11dc-98a3-000c7619b036}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2de7ba4-d6f2-11dc-98d8-000c7619b036}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2de7baa-d6f2-11dc-98d8-000c7619b036}]


Then double click on the fix.reg file, when it prompts to merge click "Yes".



Reboot and post a new DSS Log
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP