Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NEED HELP PLEASE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby simi » April 23rd, 2005, 12:25 pm

. . i cant locate HKLM . . .how do i find it where will it be ? ?
simi
Regular Member
 
Posts: 63
Joined: April 23rd, 2005, 6:56 am
Advertisement
Register to Remove

Unread postby 3162 » April 23rd, 2005, 12:41 pm

Click Start
CLick Run
type in regedit and click Enter.

This will open registry editor.
In the left pane, you will see 5 lines as follows:
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG


These are abbreviated to
HKCR
HKCU
HKLM
HKU
HKCC

Makes sense now?
User avatar
3162
MRU Emeritus
MRU Emeritus
 
Posts: 648
Joined: March 20th, 2005, 7:10 am

Unread postby simi » April 23rd, 2005, 12:54 pm

This is the first one Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\en-us\\msnappau.exe\""
"Universal USB Service"="svchost32.exe"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

This is the second one
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"Windows Registry Repair Pro"="C:\\Program Files\\3B Software\\Windows Registry Repair Pro\\RegistryRepairPro.exe 4"
"Spyware Doctor"="C:\\PROGRA~1\\SPYWAR~1\\swdoctor.exe /Q"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /0"
"MessengerPlus3"="\"\\\" /WinStart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"


THis is hte third one
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Controls Folder]
"Presentation LCID"=dword:00000409
"Presentation Cache"=hex:c4,00,00,00,01,00,00,00,00,e4,c3,08,9d,2b,c1,01,00,00,\
00,00,00,4a,02,00,64,00,00,00,1f,00,00,00,2c,00,00,00,43,00,3a,00,5c,00,57,\
00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,33,00,32,00,5c,00,68,00,64,00,77,00,77,00,69,00,7a,00,2e,00,63,00,70,\
00,6c,00,00,00,41,00,64,00,64,00,20,00,48,00,61,00,72,00,64,00,77,00,61,00,\
72,00,65,00,00,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,73,00,20,00,61,\
00,6e,00,64,00,20,00,74,00,72,00,6f,00,75,00,62,00,6c,00,65,00,73,00,68,00,\
6f,00,6f,00,74,00,73,00,20,00,68,00,61,00,72,00,64,00,77,00,61,00,72,00,65,\
00,00,00,58,01,00,00,01,00,00,00,00,e4,c3,08,9d,2b,c1,01,00,00,00,00,00,de,\
02,00,64,00,00,00,1d,00,00,00,23,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,\
00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,6d,00,61,00,69,00,6e,00,2e,00,63,00,70,00,6c,00,00,00,4d,00,6f,\
00,75,00,73,00,65,00,00,00,43,00,75,00,73,00,74,00,6f,00,6d,00,69,00,7a,00,\
65,00,20,00,79,00,6f,00,75,00,72,00,20,00,6d,00,6f,00,75,00,73,00,65,00,20,\
00,73,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,2c,00,20,00,73,00,75,00,\
63,00,68,00,20,00,61,00,73,00,20,00,74,00,68,00,65,00,20,00,62,00,75,00,74,\
00,74,00,6f,00,6e,00,20,00,63,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,\
61,00,74,00,69,00,6f,00,6e,00,2c,00,20,00,64,00,6f,00,75,00,62,00,6c,00,65,\
00,2d,00,63,00,6c,00,69,00,63,00,6b,00,20,00,73,00,70,00,65,00,65,00,64,00,\
2c,00,20,00,6d,00,6f,00,75,00,73,00,65,00,20,00,70,00,6f,00,69,00,6e,00,74,\
00,65,00,72,00,73,00,2c,00,20,00,61,00,6e,00,64,00,20,00,6d,00,6f,00,74,00,\
69,00,6f,00,6e,00,20,00,73,00,70,00,65,00,65,00,64,00,2e,00,00,00,30,01,00,\
00,01,00,00,00,00,e4,c3,08,9d,2b,c1,01,00,00,00,00,00,de,02,00,c8,00,00,00,\
1d,00,00,00,26,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
61,00,69,00,6e,00,2e,00,63,00,70,00,6c,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,00,00,43,00,75,00,73,00,74,00,6f,00,6d,00,69,00,7a,00,\
65,00,20,00,79,00,6f,00,75,00,72,00,20,00,6b,00,65,00,79,00,62,00,6f,00,61,\
00,72,00,64,00,20,00,73,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,2c,00,\
20,00,73,00,75,00,63,00,68,00,20,00,61,00,73,00,20,00,74,00,68,00,65,00,20,\
00,63,00,75,00,72,00,73,00,6f,00,72,00,20,00,62,00,6c,00,69,00,6e,00,6b,00,\
20,00,72,00,61,00,74,00,65,00,20,00,61,00,6e,00,64,00,20,00,74,00,68,00,65,\
00,20,00,63,00,68,00,61,00,72,00,61,00,63,00,74,00,65,00,72,00,20,00,72,00,\
65,00,70,00,65,00,61,00,74,00,20,00,72,00,61,00,74,00,65,00,2e,00,00,00,00,\
00,70,01,00,00,01,00,00,00,00,e4,c3,08,9d,2b,c1,01,00,00,00,00,00,8a,08,00,\
bc,0b,00,00,1e,00,00,00,37,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,\
00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6d,00,6d,00,73,00,79,00,73,00,2e,00,63,00,70,00,6c,00,00,00,53,00,6f,\
00,75,00,6e,00,64,00,73,00,20,00,61,00,6e,00,64,00,20,00,41,00,75,00,64,00,\
69,00,6f,00,20,00,44,00,65,00,76,00,69,00,63,00,65,00,73,00,00,00,43,00,68,\
00,61,00,6e,00,67,00,65,00,20,00,74,00,68,00,65,00,20,00,73,00,6f,00,75,00,\
6e,00,64,00,20,00,73,00,63,00,68,00,65,00,6d,00,65,00,20,00,66,00,6f,00,72,\
00,20,00,79,00,6f,00,75,00,72,00,20,00,63,00,6f,00,6d,00,70,00,75,00,74,00,\
65,00,72,00,2c,00,20,00,6f,00,72,00,20,00,63,00,6f,00,6e,00,66,00,69,00,67,\
00,75,00,72,00,65,00,20,00,74,00,68,00,65,00,20,00,73,00,65,00,74,00,74,00,\
69,00,6e,00,67,00,73,00,20,00,66,00,6f,00,72,00,20,00,79,00,6f,00,75,00,72,\
00,20,00,73,00,70,00,65,00,61,00,6b,00,65,00,72,00,73,00,20,00,61,00,6e,00,\
64,00,20,00,72,00,65,00,63,00,6f,00,72,00,64,00,69,00,6e,00,67,00,20,00,64,\
00,65,00,76,00,69,00,63,00,65,00,73,00,2e,00,00,00,00,00,20,01,00,00,01,00,\
00,00,00,e4,c3,08,9d,2b,c1,01,00,00,00,00,00,e8,03,00,c8,00,00,00,20,00,00,\
00,2e,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,75,00,73,\
00,72,00,6d,00,67,00,72,00,2e,00,63,00,70,00,6c,00,00,00,55,00,73,00,65,00,\
72,00,20,00,41,00,63,00,63,00,6f,00,75,00,6e,00,74,00,73,00,00,00,43,00,68,\
00,61,00,6e,00,67,00,65,00,20,00,75,00,73,00,65,00,72,00,20,00,61,00,63,00,\
63,00,6f,00,75,00,6e,00,74,00,20,00,73,00,65,00,74,00,74,00,69,00,6e,00,67,\
00,73,00,20,00,61,00,6e,00,64,00,20,00,70,00,61,00,73,00,73,00,77,00,6f,00,\
72,00,64,00,73,00,20,00,66,00,6f,00,72,00,20,00,70,00,65,00,6f,00,70,00,6c,\
00,65,00,20,00,77,00,68,00,6f,00,20,00,73,00,68,00,61,00,72,00,65,00,20,00,\
74,00,68,00,69,00,73,00,20,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,\
00,2e,00,00,00,00,00,ec,00,00,00,01,00,00,00,00,e4,c3,08,9d,2b,c1,01,00,00,\
00,00,00,aa,01,00,ca,00,00,00,21,00,00,00,2f,00,00,00,43,00,3a,00,5c,00,57,\
00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,33,00,32,00,5c,00,70,00,6f,00,77,00,65,00,72,00,63,00,66,00,67,00,2e,\
00,63,00,70,00,6c,00,00,00,50,00,6f,00,77,00,65,00,72,00,20,00,4f,00,70,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,\
00,72,00,65,00,20,00,65,00,6e,00,65,00,72,00,67,00,79,00,2d,00,73,00,61,00,\
76,00,69,00,6e,00,67,00,20,00,73,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,\
00,20,00,66,00,6f,00,72,00,20,00,79,00,6f,00,75,00,72,00,20,00,63,00,6f,00,\
6d,00,70,00,75,00,74,00,65,00,72,00,2e,00,00,00,00,00,28,01,00,00,01,00,00,\
00,40,57,c4,ee,50,34,c5,01,00,00,00,00,00,2a,03,00,66,00,00,00,1c,00,00,00,\
2d,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6a,00,6f,00,79,00,\
2e,00,63,00,70,00,6c,00,00,00,47,00,61,00,6d,00,65,00,20,00,43,00,6f,00,6e,\
00,74,00,72,00,6f,00,6c,00,6c,00,65,00,72,00,73,00,00,00,41,00,64,00,64,00,\
2c,00,20,00,72,00,65,00,6d,00,6f,00,76,00,65,00,2c,00,20,00,61,00,6e,00,64,\
00,20,00,63,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,65,00,20,00,67,00,\
61,00,6d,00,65,00,20,00,63,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,6c,00,65,\
00,72,00,20,00,68,00,61,00,72,00,64,00,77,00,61,00,72,00,65,00,20,00,73,00,\
75,00,63,00,68,00,20,00,61,00,73,00,20,00,6a,00,6f,00,79,00,73,00,74,00,69,\
00,63,00,6b,00,73,00,20,00,61,00,6e,00,64,00,20,00,67,00,61,00,6d,00,65,00,\
70,00,61,00,64,00,73,00,2e,00,00,00,00,00,0c,01,00,00,01,00,00,00,00,e4,c3,\
08,9d,2b,c1,01,00,00,00,00,00,6e,00,00,64,00,00,00,21,00,00,00,39,00,00,00,\
43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,74,00,65,00,6c,00,65,00,70,00,\
68,00,6f,00,6e,00,2e,00,63,00,70,00,6c,00,00,00,50,00,68,00,6f,00,6e,00,65,\
00,20,00,61,00,6e,00,64,00,20,00,4d,00,6f,00,64,00,65,00,6d,00,20,00,4f,00,\
70,00,74,00,69,00,6f,00,6e,00,73,00,00,00,43,00,6f,00,6e,00,66,00,69,00,67,\
00,75,00,72,00,65,00,20,00,79,00,6f,00,75,00,72,00,20,00,74,00,65,00,6c,00,\
65,00,70,00,68,00,6f,00,6e,00,65,00,20,00,64,00,69,00,61,00,6c,00,69,00,6e,\
00,67,00,20,00,72,00,75,00,6c,00,65,00,73,00,20,00,61,00,6e,00,64,00,20,00,\
6d,00,6f,00,64,00,65,00,6d,00,20,00,73,00,65,00,74,00,74,00,69,00,6e,00,67,\
00,73,00,2e,00,00,00,ec,00,00,00,01,00,00,00,00,e4,c3,08,9d,2b,c1,01,00,00,\
00,00,00,60,01,00,c8,00,00,00,21,00,00,00,2f,00,00,00,43,00,3a,00,5c,00,57,\
00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,33,00,32,00,5c,00,74,00,69,00,6d,00,65,00,64,00,61,00,74,00,65,00,2e,\
00,63,00,70,00,6c,00,00,00,44,00,61,00,74,00,65,00,20,00,61,00,6e,00,64,00,\
20,00,54,00,69,00,6d,00,65,00,00,00,53,00,65,00,74,00,20,00,74,00,68,00,65,\
00,20,00,64,00,61,00,74,00,65,00,2c,00,20,00,74,00,69,00,6d,00,65,00,2c,00,\
20,00,61,00,6e,00,64,00,20,00,74,00,69,00,6d,00,65,00,20,00,7a,00,6f,00,6e,\
00,65,00,20,00,66,00,6f,00,72,00,20,00,79,00,6f,00,75,00,72,00,20,00,63,00,\
6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,2e,00,00,00,60,01,00,00,01,00,00,\
00,00,e8,f0,cc,9c,4e,c2,01,00,00,00,00,00,f8,01,00,64,00,00,00,1d,00,00,00,\
25,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,65,00,73,00,\
6b,00,2e,00,63,00,70,00,6c,00,00,00,44,00,69,00,73,00,70,00,6c,00,61,00,79,\
00,00,00,43,00,68,00,61,00,6e,00,67,00,65,00,20,00,74,00,68,00,65,00,20,00,\
61,00,70,00,70,00,65,00,61,00,72,00,61,00,6e,00,63,00,65,00,20,00,6f,00,66,\
00,20,00,79,00,6f,00,75,00,72,00,20,00,64,00,65,00,73,00,6b,00,74,00,6f,00,\
70,00,2c,00,20,00,73,00,75,00,63,00,68,00,20,00,61,00,73,00,20,00,74,00,68,\
00,65,00,20,00,62,00,61,00,63,00,6b,00,67,00,72,00,6f,00,75,00,6e,00,64,00,\
2c,00,20,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,73,00,61,00,76,00,65,\
00,72,00,2c,00,20,00,63,00,6f,00,6c,00,6f,00,72,00,73,00,2c,00,20,00,66,00,\
6f,00,6e,00,74,00,20,00,73,00,69,00,7a,00,65,00,73,00,2c,00,20,00,61,00,6e,\
00,64,00,20,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,72,00,65,00,73,00,\
6f,00,6c,00,75,00,74,00,69,00,6f,00,6e,00,2e,00,00,00,00,00,f8,00,00,00,01,\
00,00,00,00,e8,f0,cc,9c,4e,c2,01,00,00,00,00,00,d4,08,00,dc,05,00,00,1f,00,\
00,00,36,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,70,00,\
70,00,77,00,69,00,7a,00,2e,00,63,00,70,00,6c,00,00,00,41,00,64,00,64,00,20,\
00,6f,00,72,00,20,00,52,00,65,00,6d,00,6f,00,76,00,65,00,20,00,50,00,72,00,\
6f,00,67,00,72,00,61,00,6d,00,73,00,00,00,49,00,6e,00,73,00,74,00,61,00,6c,\
00,6c,00,20,00,6f,00,72,00,20,00,72,00,65,00,6d,00,6f,00,76,00,65,00,20,00,\
70,00,72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,20,00,61,00,6e,00,64,00,20,\
00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,63,00,6f,00,6d,00,70,00,\
6f,00,6e,00,65,00,6e,00,74,00,73,00,2e,00,00,00,00,00,f8,00,00,00,01,00,00,\
00,00,e8,f0,cc,9c,4e,c2,01,00,00,00,00,00,76,04,00,87,11,00,00,20,00,00,00,\
31,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6e,00,65,00,\
74,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,00,49,00,6e,00,74,00,65,\
00,72,00,6e,00,65,00,74,00,20,00,4f,00,70,00,74,00,69,00,6f,00,6e,00,73,00,\
00,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,65,00,20,00,79,00,6f,\
00,75,00,72,00,20,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,\
64,00,69,00,73,00,70,00,6c,00,61,00,79,00,20,00,61,00,6e,00,64,00,20,00,63,\
00,6f,00,6e,00,6e,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,73,00,65,00,\
74,00,74,00,69,00,6e,00,67,00,73,00,2e,00,00,00,34,01,00,00,01,00,00,00,00,\
e8,f0,cc,9c,4e,c2,01,00,00,00,00,00,dc,01,00,c8,00,00,00,1d,00,00,00,3b,00,\
00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6e,00,74,00,6c,00,\
2e,00,63,00,70,00,6c,00,00,00,52,00,65,00,67,00,69,00,6f,00,6e,00,61,00,6c,\
00,20,00,61,00,6e,00,64,00,20,00,4c,00,61,00,6e,00,67,00,75,00,61,00,67,00,\
65,00,20,00,4f,00,70,00,74,00,69,00,6f,00,6e,00,73,00,00,00,43,00,75,00,73,\
00,74,00,6f,00,6d,00,69,00,7a,00,65,00,20,00,73,00,65,00,74,00,74,00,69,00,\
6e,00,67,00,73,00,20,00,66,00,6f,00,72,00,20,00,74,00,68,00,65,00,20,00,64,\
00,69,00,73,00,70,00,6c,00,61,00,79,00,20,00,6f,00,66,00,20,00,6c,00,61,00,\
6e,00,67,00,75,00,61,00,67,00,65,00,73,00,2c,00,20,00,6e,00,75,00,6d,00,62,\
00,65,00,72,00,73,00,2c,00,20,00,74,00,69,00,6d,00,65,00,73,00,2c,00,20,00,\
61,00,6e,00,64,00,20,00,64,00,61,00,74,00,65,00,73,00,2e,00,00,00,00,00,54,\
01,00,00,01,00,00,00,00,e8,f0,cc,9c,4e,c2,01,00,00,00,00,00,18,04,00,01,00,\
00,00,1e,00,00,00,25,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,\
00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,79,00,73,00,64,00,6d,00,2e,00,63,00,70,00,6c,00,00,00,53,00,79,00,73,\
00,74,00,65,00,6d,00,00,00,53,00,65,00,65,00,20,00,69,00,6e,00,66,00,6f,00,\
72,00,6d,00,61,00,74,00,69,00,6f,00,6e,00,20,00,61,00,62,00,6f,00,75,00,74,\
00,20,00,79,00,6f,00,75,00,72,00,20,00,63,00,6f,00,6d,00,70,00,75,00,74,00,\
65,00,72,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,2c,00,20,00,61,00,6e,\
00,64,00,20,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,73,00,65,00,74,00,\
74,00,69,00,6e,00,67,00,73,00,20,00,66,00,6f,00,72,00,20,00,68,00,61,00,72,\
00,64,00,77,00,61,00,72,00,65,00,2c,00,20,00,70,00,65,00,72,00,66,00,6f,00,\
72,00,6d,00,61,00,6e,00,63,00,65,00,2c,00,20,00,61,00,6e,00,64,00,20,00,61,\
00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,20,00,75,00,70,00,64,00,\
61,00,74,00,65,00,73,00,2e,00,00,00,00,00,10,01,00,00,01,00,00,00,60,4e,13,\
f5,48,34,c5,01,00,00,00,00,00,02,01,00,6e,00,00,00,1f,00,00,00,35,00,00,00,\
43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,63,00,63,00,65,00,73,00,\
73,00,2e,00,63,00,70,00,6c,00,00,00,41,00,63,00,63,00,65,00,73,00,73,00,69,\
00,62,00,69,00,6c,00,69,00,74,00,79,00,20,00,4f,00,70,00,74,00,69,00,6f,00,\
6e,00,73,00,00,00,41,00,64,00,6a,00,75,00,73,00,74,00,20,00,79,00,6f,00,75,\
00,72,00,20,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,20,00,73,00,\
65,00,74,00,74,00,69,00,6e,00,67,00,73,00,20,00,66,00,6f,00,72,00,20,00,76,\
00,69,00,73,00,69,00,6f,00,6e,00,2c,00,20,00,68,00,65,00,61,00,72,00,69,00,\
6e,00,67,00,2c,00,20,00,61,00,6e,00,64,00,20,00,6d,00,6f,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,2e,00,00,00,4c,01,00,00,01,00,00,00,e0,34,b5,1a,48,34,\
c5,01,00,00,00,00,00,40,02,00,8a,00,00,00,3f,00,00,00,46,00,00,00,43,00,3a,\
00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,\
65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,\
00,65,00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,\
20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,53,00,70,00,65,00,65,00,63,\
00,68,00,5c,00,73,00,61,00,70,00,69,00,2e,00,63,00,70,00,6c,00,00,00,53,00,\
70,00,65,00,65,00,63,00,68,00,00,00,43,00,68,00,61,00,6e,00,67,00,65,00,20,\
00,73,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,20,00,66,00,6f,00,72,00,\
20,00,74,00,65,00,78,00,74,00,2d,00,74,00,6f,00,2d,00,73,00,70,00,65,00,65,\
00,63,00,68,00,20,00,61,00,6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,73,00,\
70,00,65,00,65,00,63,00,68,00,20,00,72,00,65,00,63,00,6f,00,67,00,6e,00,69,\
00,74,00,69,00,6f,00,6e,00,20,00,28,00,69,00,66,00,20,00,69,00,6e,00,73,00,\
74,00,61,00,6c,00,6c,00,65,00,64,00,29,00,2e,00,00,00,dc,00,00,00,01,00,00,\
00,00,25,61,3a,2b,4a,c3,01,00,00,00,00,38,90,01,00,81,00,00,00,34,00,00,00,\
39,00,00,00,43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,\
00,5c,00,43,00,4f,00,4d,00,4d,00,4f,00,4e,00,7e,00,31,00,5c,00,53,00,59,00,\
53,00,54,00,45,00,4d,00,5c,00,4d,00,53,00,4d,00,41,00,50,00,49,00,5c,00,31,\
00,30,00,33,00,33,00,5c,00,4d,00,4c,00,43,00,46,00,47,00,33,00,32,00,2e,00,\
43,00,50,00,4c,00,00,00,4d,00,61,00,69,00,6c,00,00,00,4d,00,69,00,63,00,72,\
00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,\
20,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,50,00,72,00,6f,00,66,\
00,69,00,6c,00,65,00,73,00,00,00,00,00,34,01,00,00,01,00,00,00,00,cd,ac,80,\
55,34,c5,01,00,00,00,00,00,10,04,00,89,00,00,00,40,00,00,00,4c,00,00,00,43,\
00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,\
6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,\
00,6c,00,65,00,73,00,5c,00,41,00,64,00,6f,00,62,00,65,00,5c,00,43,00,61,00,\
6c,00,69,00,62,00,72,00,61,00,74,00,69,00,6f,00,6e,00,5c,00,41,00,64,00,6f,\
00,62,00,65,00,20,00,47,00,61,00,6d,00,6d,00,61,00,2e,00,63,00,70,00,6c,00,\
00,00,41,00,64,00,6f,00,62,00,65,00,20,00,47,00,61,00,6d,00,6d,00,61,00,00,\
00,43,00,61,00,6c,00,69,00,62,00,72,00,61,00,74,00,65,00,20,00,6d,00,6f,00,\
6e,00,69,00,74,00,6f,00,72,00,20,00,66,00,6f,00,72,00,20,00,63,00,6f,00,6e,\
00,73,00,69,00,73,00,74,00,65,00,6e,00,74,00,20,00,63,00,6f,00,6c,00,6f,00,\
72,00,2c,00,20,00,63,00,72,00,65,00,61,00,74,00,65,00,20,00,49,00,43,00,43,\
00,20,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,2e,00,00,00

and this is the fourth one

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktopChanges"=dword:00000001

thanx . . a lot . . .:)
simi
Regular Member
 
Posts: 63
Joined: April 23rd, 2005, 6:56 am

Unread postby 3162 » April 23rd, 2005, 1:17 pm

Sorry to be a pain, but you gave me
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Controls Folder]
What I need is
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Control Panel]
User avatar
3162
MRU Emeritus
MRU Emeritus
 
Posts: 648
Joined: March 20th, 2005, 7:10 am

Unread postby simi » April 23rd, 2005, 1:30 pm

:( im sorry . . .to bother u soo much . . but theres no control panel . . .
.. under current version there is
applets
control folder
device installer
explorer
extensions
group policy
grvconv
internet
internet settings
policies
run
run once
settings
shell extensions
syncmgr
telephony
theme manager
themes
unread mail
webcheck
wintrust
wat should i do ?
simi
Regular Member
 
Posts: 63
Joined: April 23rd, 2005, 6:56 am

Unread postby 3162 » April 23rd, 2005, 1:34 pm

Not a bother. Like I said this is a new infection we're dealing with.

It's OK that Control Panel wasn't there ;)

OK, copy contents of code box below to notepad, save it as FixReg2.reg filetype .*.allfiles
Code: Select all
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=dword:00000091 
"NoActiveDesktopChanges"=dword:00000000


Right click FixReg2.reg and click Merge. Allow it to add/merge with registry.

Now manually delete this file:
C:\Windows\Web\desktop.html if it is there.

Then right click anywhere on an open area of desktop and click Properties.
Click the desktop tab
Click customise desktop
Click Web tab
Checkmark and delete anything in the white 'Wep Pages' space except My Current Homepage
OK...OK...OK out of those windows.

Reboot...and see if that sorts it out.
User avatar
3162
MRU Emeritus
MRU Emeritus
 
Posts: 648
Joined: March 20th, 2005, 7:10 am

Unread postby simi » April 23rd, 2005, 1:49 pm

okay all done
but its STILL not cleared !
its still there
i have control of my wallpaper now but there are still those unwanted icons on my desktop
and there is the big red cross on my tray which syas virus !
. . .and plus my browser keeps opening the site sayin wearning u have a virus !!
simi
Regular Member
 
Posts: 63
Joined: April 23rd, 2005, 6:56 am

Unread postby simi » April 23rd, 2005, 2:01 pm

i jus got more alerts sayign your computer hads been attacked by a stealth virus click here to remove
and wen i clicked it it opened some site which said doenload anti spyware to remove virus
plus there r these really VULGAR icons on my desktop im dying to get rid off but everytime i delet them they come back
simi
Regular Member
 
Posts: 63
Joined: April 23rd, 2005, 6:56 am

Unread postby 3162 » April 23rd, 2005, 2:06 pm

Sorry...got bumped offline for a few.
I'm not sure why those items keep returning other than that we must have another hidden starting point in registry.

I don't see any AV on your machine, I would suggest downloading AVG free from here

Install it, and run a complete system scan allowing it to remove all items found.
Then post another hijackthis log please.
We still have lots of other tools to use to find this infection and fix it.
User avatar
3162
MRU Emeritus
MRU Emeritus
 
Posts: 648
Joined: March 20th, 2005, 7:10 am

Unread postby 3162 » April 23rd, 2005, 2:07 pm

jus got more alerts sayign your computer hads been attacked by a stealth virus click here to remove
and wen i clicked it it opened some site


DO NOT CLICK THOSE POPUPS!
User avatar
3162
MRU Emeritus
MRU Emeritus
 
Posts: 648
Joined: March 20th, 2005, 7:10 am

Unread postby simi » April 23rd, 2005, 2:09 pm

even if i dont click them . . .the browsswer which i am using automatically changes to that site . . . .
again and again
simi
Regular Member
 
Posts: 63
Joined: April 23rd, 2005, 6:56 am

Unread postby 3162 » April 23rd, 2005, 2:12 pm

I understand your frustration, please be patient ;)

Let's get a new hijackthis log please.
User avatar
3162
MRU Emeritus
MRU Emeritus
 
Posts: 648
Joined: March 20th, 2005, 7:10 am

Unread postby simi » April 23rd, 2005, 2:15 pm

heheh . . . thanx . . .
that aVG scan is downloading meanwhile heres my current hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 11:42:55 PM, on 4/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0179/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=C:\Program Files\KEVIN\kevin.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Universal USB Service] svchost32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [Universal USB Service] svchost32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{748F67B5-54B6-45E8-88AB-E32FEA956BA5}: NameServer = 202.88.138.15,202.88.130.67,202.88.130.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
simi
Regular Member
 
Posts: 63
Joined: April 23rd, 2005, 6:56 am

Unread postby 3162 » April 23rd, 2005, 2:19 pm

:!: There is a specific file for this infection we need to look for:
Look in C:\windows\system32... do you see a file named systr.dll there?

If so, rename it to systr.old

Instructions of renaming a file:

Right-click on this file systr.dll and hit Rename and rename the file to systr.old

If you can't rename the file then try this:
Enable the 'Show Hidden Folders' option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Reboot, into safe mode, this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Go to the location of this file systr.dll and rename it using the same instructions above.

Reboot to normal mode and post another log please.
User avatar
3162
MRU Emeritus
MRU Emeritus
 
Posts: 648
Joined: March 20th, 2005, 7:10 am

Unread postby simi » April 23rd, 2005, 2:22 pm

nope no file like systr.dll
there is a file called syssetup.dll
thats all :(
simi
Regular Member
 
Posts: 63
Joined: April 23rd, 2005, 6:56 am
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 71 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware