Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

16 bit ms dos subsystem error [RESOLVED]

Started by Maulik , Feb 26 2006 02:51 PM

  • This topic is locked This topic is locked

#16
greyknight17
Posted 28 February 2006 - 10:59 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you still need that workgroup now? If not, we'll remove it (see below with O17 entries).

Fix these in HijackThis:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DEEMPAL
O17 - HKLM\Software\..\Telephony: DomainName = DEEMPAL

Restart. Just want a quick update. Are you still getting the 16 bit msdos error?
  • 0

Advertisements

#17
Maulik
Posted 01 March 2006 - 04:48 PM

Maulik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I need the workgroup Deempal to let the netowrk stay on. So i have to leave them i guess. I will fix those when i get home from school. ill reply later round 4:30.

And yes unfortunatly i am getting the 16 bit subsystem problem. SUX

Maulik

Edited by Maulik, 01 March 2006 - 04:48 PM.

  • 0

#18
greyknight17
Posted 01 March 2006 - 06:29 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Running out of ideas here...

Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download L2MFix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts. Then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select the option that mentions that autoexec.nt file. See if that repairs the 16 bit MS-DOS error.

* Download WinPFind http://www.bleepingc...es/winpfind.php
o Double click on WinPFind and unzip it to your Desktop.
o Don 't do anything with it yet!
* Download Track qoo http://www.geekstogo...ds/Trackqoo.zip
o Save it to the Desktop.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Double click WinPFind.exe

* Click 'Start Scan'
* It will scan the entire system, so please be patient!
* Once the scan is complete:
1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Copy those results in the next post!

Reboot back to Normal Mode!

Double click on 'Track qoo.vbs'

Note - If you have an anti-virus program that has script blocking features, you will get a pop up window asking you what to do. Allow this entire script to run. It's harmless.

Wait a few seconds and Notepad will pop up. Copy & Paste those results and place them in the next post along with the results of WinPFind!
  • 0

#19
Maulik
Posted 01 March 2006 - 07:55 PM

Maulik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok i fix those Hijack files. I also did the L2MFix thing but no the 16 bit still comes up.

I scanned the WinPFind, here is the Results:

Attached File  WinPFind.Txt   70.78KB   328 downloads

And the Track qoo results:

Attached File  Report.txt   4.04KB   259 downloads


K
  • 0

#20
greyknight17
Posted 01 March 2006 - 10:53 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, we might have something there....

Did you uncheck a lot of programs from starting up? Please enable ALL of them now. It's hiding from view. Go to Start->Run and type in msconfig and hit OK. Then click on Normal Startup and hit OK. Restart your computer and post a new HijackThis log here.
  • 0

#21
Maulik
Posted 02 March 2006 - 12:26 AM

Maulik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
After i restarted the computer with normal start up i got these errors. I took a print screen of them...take a look:
Attached File  ERRORS_after_restart.doc   91KB   30 downloads

And i also did antoher hijack this log.....(sorry i forgot about having the msconfig on selective. My fault sorry)

Logfile of HijackThis v1.99.1
Scan saved at 10:22:14 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Windows Media Player\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Baldev\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:24491;
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [wjcfwtux] C:\WINDOWS\wjcfwtux.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WINDOWSflashbrg] C:\WINDOWS\sqldata1.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Zyusll.exe
O4 - HKLM\..\Run: [v7] C:\documents and settings\have fun\local settings\temp\v7.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [Turbo Memory Charger] C:\Program Files\Turbo Memory Charger\TurboMemoryCharger.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System Tray] C:\WINDOWS\msccn32.exe
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Onshia.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [SaferScan] "C:\Program Files\SaferScan\saferscan.exe" /aid:1002748
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\vvdxtj.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [PKVOLUME] C:\Program Files\PKVOLUME\PKVOLUME.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV] C:\WINDOWS\System32\RuxDLL32.exe
O4 - HKLM\..\Run: [MWER] C:\WINDOWS\MWER.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [InteliSys] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Half-Life 2 Crack] C:\Documents and Settings\Baldev\My Documents\Morpheus Shared\Downloads\Half-Life 2 Crack.exe
O4 - HKLM\..\Run: [GEBZMYJ] C:\WINDOWS\GEBZMYJ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [GBIOVCIPV] C:\WINDOWS\GBIOVCIPV.exe
O4 - HKLM\..\Run: [FQL] C:\WINDOWS\FQL.exe
O4 - HKLM\..\Run: [FMSZCJPW] C:\WINDOWS\FMSZCJPW.exe
O4 - HKLM\..\Run: [ezuf] C:\WINDOWS\ezuf.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [DirectX64] C:\WINDOWS\System32\DirectXset.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CJPWDGMT] C:\WINDOWS\CJPWDGMT.exe
O4 - HKLM\..\Run: [cesmain.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\Ces\cmail.dll,Rundll32
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2portalmon.exe
O4 - HKLM\..\Run: [0p9xkCQmN] C:\WINDOWS\xehvhg.exe
O4 - HKLM\..\Run: [00saskda] "C:\Program Files\Security Administrator\newadmin.exe" saskda
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
O4 - HKCU\..\Run: [SYSsfitb] C:\WINDOWS\SYSsfitb.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [PATCH.EXE] C:\WINDOWS\VOLUME\PATCH.EXE
O4 - HKCU\..\Run: [NBJ] "F:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [HitwarePKLite] F:\PROGRA~1\HITWAR~1\HITWAR~1.EXE
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: MPXPTray.lnk = C:\Program Files\Windows Media Player\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://cs5.chat.sc5....m/c174/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093384941640
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125024449640
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...e/gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DEEMPAL
O17 - HKLM\Software\..\Telephony: DomainName = DEEMPAL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE




I also got this spyware thing wen i restarted...TESTTIMER and SURFACCURACY....unfortuanatly i think i cant remove it....


Thanks
Maulik
  • 0

#22
greyknight17
Posted 02 March 2006 - 04:45 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Bingo :tazz:

Don't worry about those errors...they should be gone once we are done with all of this mess....

Do you know what this program is for?
C:\Program Files\PKVOLUME\PKVOLUME.exe

Just want to be sure this is a safe one, so see if you recognize this one as well?
C:\Program Files\Media\Media\UpdateStats.exe

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Also if you have any programs that may prevent system changes (like Spybot's TeaTimer program, Ad-aware's Ad-Watch, and others), make sure you disable them before doing any of the fixes (or accept the changes for the fix we give you when asked by the programs).

Go to My Computer->Tools (or View)->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders (it's Show all files for Windows 98).
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure you downloaded, installed, updated and ran these programs (run in Safe Mode) already - Ad-aware, Spybot and Ewido (only if you have Windows 2000 or XP). If you didn't, do them now. For more information, go to http://www.greyknigh...com/spyware.htm

Download LSPFix http://www.greyknigh.../spy/LSPFix.exe and run it. Check the box that says 'I know what I'm doing'. Click on any file that begins with newdotnet...dll on the left window and then click on the arrow pointing to the right. Click Finish and follow the prompts.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingc...showtutorial=61 ). Make sure to close any open browsers.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if found:

180 solutions
Comet Server
Internet Optimizer
New.net
Power Scan
Safer Scan
SurfSideKick
TV Media
Viewpoint
VVSN
Windows TaskAd
WinTools

WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't cool at all. They collect information about you and your usage. We recommend uninstalling it.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

Do you know what this program is for?
C:\Program Files\PKVOLUME\PKVOLUME.exe

O4 - HKLM\..\Run: [wjcfwtux] C:\WINDOWS\wjcfwtux.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WINDOWSflashbrg] C:\WINDOWS\sqldata1.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Zyusll.exe
O4 - HKLM\..\Run: [v7] C:\documents and settings\have fun\local settings\temp\v7.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [System Tray] C:\WINDOWS\msccn32.exe
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Onshia.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [SaferScan] "C:\Program Files\SaferScan\saferscan.exe" /aid:1002748
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\vvdxtj.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NAV] C:\WINDOWS\System32\RuxDLL32.exe
O4 - HKLM\..\Run: [MWER] C:\WINDOWS\MWER.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [InteliSys] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [GEBZMYJ] C:\WINDOWS\GEBZMYJ.exe
O4 - HKLM\..\Run: [GBIOVCIPV] C:\WINDOWS\GBIOVCIPV.exe
O4 - HKLM\..\Run: [FQL] C:\WINDOWS\FQL.exe
O4 - HKLM\..\Run: [FMSZCJPW] C:\WINDOWS\FMSZCJPW.exe
O4 - HKLM\..\Run: [ezuf] C:\WINDOWS\ezuf.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [DirectX64] C:\WINDOWS\System32\DirectXset.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [CJPWDGMT] C:\WINDOWS\CJPWDGMT.exe
O4 - HKLM\..\Run: [cesmain.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\Ces\cmail.dll,Rundll32
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [0p9xkCQmN] C:\WINDOWS\xehvhg.exe
O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
O4 - HKCU\..\Run: [SYSsfitb] C:\WINDOWS\SYSsfitb.exe
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O4 - Startup: PowerReg SchedulerV2.exe

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\PROGRA~1\COMETS~1\
C:\PROGRA~1\NEWDOT~1\
c:\program files\180solutions\sais.exe
C:\Program Files\AutoUpdate\
C:\Program Files\Common files\updater\
C:\Program Files\Common Files\WinTools\
C:\Program Files\Internet Optimizer\
C:\Program Files\ISTsvc\
C:\Program Files\Power Scan\
C:\Program Files\SaferScan\
C:\Program Files\SurfSideKick 3\
C:\Program Files\TV Media\
C:\Program Files\Viewpoint\
C:\Program Files\VVSN\
C:\Program Files\WildTangent\
C:\Program Files\Windows TaskAd\
C:\WINDOWS\CJPWDGMT.exe
C:\WINDOWS\ezuf.exe
C:\WINDOWS\FMSZCJPW.exe
C:\WINDOWS\FQL.exe
C:\WINDOWS\GBIOVCIPV.exe
C:\WINDOWS\GEBZMYJ.exe
C:\WINDOWS\msccn32.exe
C:\WINDOWS\MWER.exe
C:\WINDOWS\smss.exe - delete it in THIS folder ONLY and no where else
C:\WINDOWS\sqldata1.exe
C:\WINDOWS\SYSsfitb.exe
C:\WINDOWS\systask32l.exe
C:\WINDOWS\System32\DirectXset.exe
C:\WINDOWS\system32\Onshia.exe
C:\PROGRA~1\3721\
C:\WINDOWS\System32\RuxDLL32.exe
C:\WINDOWS\System32\winservn.exe
C:\WINDOWS\system32\Zyusll.exe
C:\WINDOWS\vvdxtj.exe
C:\WINDOWS\winppr32.exe
C:\WINDOWS\wjcfwtux.exe
C:\WINDOWS\xehvhg.exe

Restart and run a new HijackThis scan. Save the log file and post it here.

I want you to upload this file (C:\WINDOWS\VOLUME\PATCH.EXE) to http://virusscan.jotti.org and report back what it found.
  • 0

#23
Maulik
Posted 03 March 2006 - 06:26 PM

Maulik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I got PM msg and i will send the SAFE MODE hijack this logs to u..

I also did all that u told me to do....scan in safe mode and then fix thos hijack this items. once i scan and tried to the the hijack this deletion or fixes there werent there at all anymore and there was nothing in the uninstall thing in control panel or nor all the deletions from the C:/ drive.

I do no know wat PKVOLUME IS nor Media/Media/UpdateStatsexe

Here is the new hijack this log;

Logfile of HijackThis v1.99.1
Scan saved at 4:22:37 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Baldev\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:24491;
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [NBJ] "F:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: MPXPTray.lnk = C:\Program Files\Windows Media Player\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://cs5.chat.sc5....m/c174/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093384941640
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125024449640
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...e/gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DEEMPAL
O17 - HKLM\Software\..\Telephony: DomainName = DEEMPAL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#24
greyknight17
Posted 04 March 2006 - 04:11 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
None of those were found in HijackThis? Make sure...go into msconfig and see if you can spot any of those entries now. If not, then ok...

Is the new HijackThis log in Normal Mode?

Delete these (in Safe Mode if they are giving you problems):

C:\WINDOWS\VOLUME\
C:\Program Files\Media\
C:\Program Files\Common Files\slmss\
c:\windows\mwsvm.exe
  • 0

#25
Maulik
Posted 04 March 2006 - 05:18 PM

Maulik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yup none of those were found in the hijack this logs.

The log was in Normal mode...should i have done it in safe mode.

I deleted those files on the list above.....

But i got thiss issue now with my C:/...everytime i double click it... it takes me to the search folders window.....

Also just to let you know...the bit crap still come upppp.....[bleep] it...lol
  • 0

Advertisements

#26
greyknight17
Posted 04 March 2006 - 05:26 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yes, Normal Mode is correct :tazz:

See if this fixes the double click issue...

Go to Start->Run and copy/paste regsvr32 /i shell32.dll into the line and hit OK.

If that doesn't fix the problem, do this:

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Now while in the registry editor, go to:

HKEY_CLASSES_ROOT\Drive\shell and double click on Default value in the right pane there. Type in none and hit OK.

HKEY_CLASSES_ROOT\Directory\shell and double click on Default value in the right pane there. Type in none and hit OK.

Close the Registry Editor.

Fixed?
  • 0

#27
Maulik
Posted 04 March 2006 - 07:23 PM

Maulik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Fixed ty...[bleep] yall smart.
  • 0

#28
greyknight17
Posted 05 March 2006 - 05:45 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP