Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Many problems!


  • This topic is locked This topic is locked
15 replies to this topic

#1 lil_halo_02

lil_halo_02

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 19 August 2004 - 10:48 PM

http ://4bf65.ilxt.info/popup7.php?pin=124 is a pop up I get every time I open aim, yahoo messanger or a new window for a site. It comes up 3 times. Sometimes the same ads, sometimes different. I'm at the end of my rope with my brother. He looks at porn sites and I end up having to deal with the pop ups on the family computer. I also have a site that takes over the home page "search for..." site. I do not want to stop him from going to porn sites, I just want to stop the pop ups! I have added ad-aware , spyware guard, spyblaster, spybot search and destory, and cwshredder. After the infection. Spy bot finds them but they come back the same ones. The cwshredder comes up after any thing is opened whether online or not! My Hijackthis Log :

Logfile of HijackThis v1.97.7
Scan saved at 10:43:21 PM, on 8/19/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ImageIt\ItRun.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Tina\SpywareGuard\sgmain.exe
C:\Tina\SpywareGuard\sgbhp.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Tina\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Tina\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Tina\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F4CB08FD-AC7D-4050-854D-D6E3A9412F92} - C:\WINNT\System32\diglb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [WinIt] C:\Program Files\ImageIt\ItRun.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Zone system] C:\WINNT\szchost.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Tina\Spyware Assassin 4.0\Spyware Assassin.exe"
O4 - Startup: SpywareGuard.lnk = C:\Tina\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Tina\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Tina\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Tina\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2.31/popf...u-ob-assets.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/stas1sp.chm::/on-line.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10CB8447-F661-4DB2-94F8-C534197058E5}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{10CB8447-F661-4DB2-94F8-C534197058E5}: NameServer = 205.188.146.146

BC AdBot (Login to Remove)

 


#2 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 20 August 2004 - 06:06 PM

Hi.

Please download FindnFix.exe from here: http://downloads.subratam.org/FINDnFIX.exe

Double Click on the FindnFix.exe and it will install the batch file in its own folder.

Open the FindnFix folder and double click on !LOG!.bat
IMPORTANT! Before you run this tool please close ALL running programs and ALL open windows except for the FindnFix folder.

The program will take several minutes to collect the necessary information. When it is done, it will close and log.txt should open.

*NOTE:If your AntiVirus is running a scriptblocker, when you run this tool, you will probably receive an alert warning you that the script is running. "Allow" the script to run.

Once the program has finished:

Open the FindnFix folder. It should be located at C:\FINDnFIX\
1. Post the contents of Log.txt in this thread.
2. Attach file Win.txt to the same post. (Please attach, do not post)

#3 lil_halo_02

lil_halo_02
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 25 August 2004 - 12:36 AM

My dad finally gave up on me trying to fix the pop ups and web page, So those are gone but I still have a Web dialer I know it. I can hear it trying to dial up sometimes. Will what you sugested get rid of the web dialer?

~Tina

#4 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 25 August 2004 - 01:04 PM

Download the latest version of HijackThis and post a new log please http://computercops.biz/downloads-file-328.html

It is the best way to see if we can get you cleaned up.

#5 lil_halo_02

lil_halo_02
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 25 August 2004 - 06:27 PM

This is the log after the McAfee Scan was bought.

Logfile of HijackThis v1.98.2
Scan saved at 6:24:23 PM, on 8/25/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ImageIt\ItRun.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Tina\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\tt\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {F4CB08FD-AC7D-4050-854D-D6E3A9412F92} - C:\WINNT\System32\diglb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [WinIt] C:\Program Files\ImageIt\ItRun.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Zone system] C:\WINNT\szchost.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Tina\Spyware Assassin 4.0\Spyware Assassin.exe"
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Tina\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Tina\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Tina\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Tina\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Tina\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Tina\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2.31/popf...u-ob-assets.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/stas1sp.chm::/on-line.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10CB8447-F661-4DB2-94F8-C534197058E5}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{10CB8447-F661-4DB2-94F8-C534197058E5}: NameServer = 205.188.146.146
O18 - Filter: text/html - {2B803C45-4743-4353-9344-A1CB49EB26AA} - (no file)
O18 - Filter: text/plain - {2B803C45-4743-4353-9344-A1CB49EB26AA} - (no file)

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:34 PM

Posted 30 August 2004 - 10:24 AM

Please do the following:

Download the program FindNFix from the following location:

http://www10.brinkster.com/expl0iter/freeatlast/FNF/

Once it is downloaded, double-click on the file to run it. Follow the prompts to install the program. Once it is installed a window will open up showing the installation directory and a bunch of files in the right section of the window.

On the right portion of the window look for the file called !LOG!.bat and double-click on it. It will scan through your computer for a while, so be patient. When it is completed it will automatically open a notepad window called Log.txt.

Copy the contents of that file into a reply to this post.

#7 lil_halo_02

lil_halo_02
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 30 August 2004 - 01:06 PM

Mon 30 Aug 04 12:59:38

»»»»»»»»»»»»»»»»»»***LOG!***(*updated *8/26*)»»»»»»»»»»»»»»»»

*System:
Microsoft Windows 2000 Professional 5.0 Service Pack 2 (Build 2195)
*IE version:
6.0.2600.0000

The type of the file system is NTFS.


MS-DOS Version 5.00.500

*command.com test passed!

__________________________________
!!*Creating backups...!!

The operation completed successfully
__________________________________

*Local time:
Monday, August 30, 2004 (8/30/2004)
12:59 PM, Central Daylight Time
*Uptime:
12:59:39 up 0 days, 0:29:50

*Path:
C:\FINDnFIX
----------------------------------------------------
»»Member of...: ("ADMIN" logon + group match required!)

User is a member of group TT-46A24R228N4G\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group \LOCAL.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Group BUILTIN\Administrators matches list.
Group BUILTIN\Users matches list.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

User: [TT-46A24R228N4G\tt], is a member of:

BUILTIN\Administrators
\Everyone

Running in WORKSTATION MODE.

SystemDrive is C:
SystemRoot is C:\WINNT
Logon Domain is TT-46A24R228N4G
Administrator's Name is tt
Computer Name is TT-46A24R228N4G
LOGON SERVER is \\TT-46A24R228N4G

»»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»
The list will produce a small database of files that will match certain criteria.
Ex: read only files, s/h files, last modified date. size, etc.
The filters provided and registry scan should match the
corresponding file(s) listed.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Unless the file match the entire criteria, it should not be pointed to remove
without attempting to confirm it's nature!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
At times there could be several (legit) files flagged, and/or duplicate culprit file(s)!
If in doubt, always search the file(s) and properties according to criteria!

The file(s) found should be moved to \FINDnFIX\"junkxxx" Subfolder

______________________________________________________________________________
***YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***
______________________________________________________________________________

......Scanning for file(s)...
*Note! The list(s) may include legitimate files!
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»» (*1*) »»»»» .........
»»Read access error(s)...


»»»»» (*2*) »»»»»........

»»»»» (*3*) »»»»»........

No matches found.

unknown/hidden files...

No matches found.

»»»»» (*4*) »»»»».........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»»»(*5*)»»»»»

»»»»»(*6*)»»»»»

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»»Search by size...
*List of files and specs according to 'size' :
*Note: Not all files listed here are infected, but *may include* the
name and spces of the offending file...
___________________________________________________________________________
Path: C:\WINNT\SYSTEM32 Including: *.DLL


____________________________________________________________________________
*By size and date...


No matches found.

No matches found.

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»


BHO search and other files...



No matches found.

No matches found.

--*sp.html in temp folder was NOT FOUND!--

*Filter keys search...
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
CLSID = {2B803C45-4743-4353-9344-A1CB49EB26AA}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain
CLSID = {2B803C45-4743-4353-9344-A1CB49EB26AA}

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

»»Checking for AppInit_DLLs (empty) value...
________________________________
!"AppInit_DLLs"=""!

Value Matches
________________________________

»»Comparing *saved* key with *original*...

REGDIFF 2.1 - Freeware written by Gerson Kurz (http://www.p-nand-q.com)

Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).

No differences found.

»»Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Full access BUILTIN\Users
Full access BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM



»»Performing string scan....
00001150: ?
00001190: , @ @ p
000011D0: vk E AppInit_DLLsH K vk ( E
00001210:DeviceNotSelectedTimeout 1 5 H vk '
00001250: r GDIProcessHandleQuota o vk n Spooler
00001290: y e s T i vk G swapdisk vk
000012D0: A TransmissionRetryTimeout 9 0 vk '
00001310: n USERProcessHandleQuotan 0 Q C!>\ kSe /h
00001350:= | \: + + v ` j X E= X % U wWu YG 1 \X
00001390: 0/ : + <z K~ f n = V CM| , # D S
000013D0:jm= d ~8 eR y P d QD #2' z 7d tg {} 2 ( K
00001410:-PV M I$. ) I c b k }k%)c g jsS 8< %
00001450: e C# t p 9 Bw < SKc d / C ( $
00001490: 9 C $ -g (j$ ] a ae i C@ ( '~P + e z
000014D0: / Jx {\ Y T i .  4C )| 5 1* f/ _6^6N 4 PD IP P<
00001510: )P aE cIcM 3 * + _ fy i A AC )h*?
00001550: " *< j 5 Z 5 $ QqV, Q|b 2Cb m $= }S
00001590: !R j=6 wg} B Ub5 # - { s ] )fu y`:bR SCSCSCS
000015D0: mWxa g E f!S. # D: CQCQ)Q : 5z V [ ;^;

---------- WIN.TXT
AppInit_DLLsH
--------------
--------------
$011E8: AppInit_DLLsH
$01210: DeviceNotSelectedTimeout
$01258: GDIProcessHandleQuota
$012D8: TransmissionRetryTimeout
$01318: USERProcessHandleQuotan
--------------
--------------
No strings found.

--------------
--------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

.............
A handle was successfully obtained for the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
This key has 0 subkeys.
The AppInitDLLs value exists and reports as 2 bytes, including the 2 for string termination.

[AppInitDLLs]
Ansi string : ""
0000 00 00 | ..
-----------------------

»»»»»»Backups list...»»»»»»
13:02:36 up 0 days, 0:32:47
-----------------------
Mon 30 Aug 04 13:02:36


C:\FINDNFIX\
keyback.hiv Mon Aug 30 2004 12:59:40p A.... 8,192 8.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 8,192 bytes 8.00 K

C:\FINDNFIX\KEYS1\
winkey.reg Mon Aug 30 2004 12:59:40p A.... 287 0.28 K

1 item found: 1 file, 0 directories.
Total of file sizes: 287 bytes 0.28 K

*Temp backups...

"C:\Documents and Settings\tt\Local Settings\Temp\Backs2\"
keyback2.hi_ Aug 30 2004 8192 "keyback2.hi_"
winkey2.re_ Aug 30 2004 287 "winkey2.re_"

2 items found: 2 files, 0 directories.
Total of file sizes: 8,479 bytes 8.28 K
-D---- JUNKXXX 00000000 12:59.40 30/08/2004
A----- STARTIT .BAT 00000060 12:59.40 30/08/2004

________________________________________________________________________________
***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'
AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!
MINIMAL REQUIREMENTS INCLUDE:
_________XP HOME/PRO; SP1; IE6/SP1
_________2K/SP4; IE6/SP1
________________________________________________________________________________
»»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»
-----END------
Mon 30 Aug 04 13:02:37


#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:34 PM

Posted 30 August 2004 - 01:28 PM

Just noticed something:

Your log shows that you are seriously behind on windows updates. It is essential that you update your windows before we continue to help you as the infections could reoccur. Go to http://www.windowsupdate.com and if it asks to install software, let it. Then click on the Scan link and let it do its thing. When its done you will see on your left a section called critical updates. Click on that section and install everything that you can. When it prompts you to reboot, do so. Then repeat this process again until there are no more critical updates listed. Then post a new log.

#9 lil_halo_02

lil_halo_02
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 01 September 2004 - 12:27 AM

I have problems doing the updates I can only download at 28K if i'm lucky! I have a 56k modem but the phone lines won't allow it to download that fast. We can't get anything other then that except satiliate and we don't have the money for that.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:34 PM

Posted 01 September 2004 - 09:40 AM

Ok ...hmm..we will have to do this manually then.

Hi. Please download and install the program Registry Lite from here:

http://www.resplendence.com/reglite

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

And press enter. You will now be presented with new information in the bottom right and left sections and on the right section, the name AppInit_DLLs should be highlighted. Double-click on the AppInit_DLLs entry and copy and paste the text found in the value field in your next reply to this post.

#11 lil_halo_02

lil_halo_02
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 03 September 2004 - 10:55 PM

Fri 03 Sep 04 22:48:18

»»»»»»»»»»»»»»»»»»***LOG!***(*updated *8/26*)»»»»»»»»»»»»»»»»

*System:
Microsoft Windows 2000 Professional 5.0 Service Pack 2 (Build 2195)
*IE version:
6.0.2600.0000

The type of the file system is NTFS.


MS-DOS Version 5.00.500

*command.com test passed!

__________________________________
!!*Creating backups...!!
__________________________________

*Local time:
Friday, September 03, 2004 (9/3/2004)
10:48 PM, Central Daylight Time
*Uptime:
22:48:20 up 0 days, 9:48:55

*Path:
C:\FINDnFIX
----------------------------------------------------
»»Member of...: ("ADMIN" logon + group match required!)

User is a member of group TT-46A24R228N4G\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
User is a member of group \LOCAL.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Group BUILTIN\Administrators matches list.
Group BUILTIN\Users matches list.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

User: [TT-46A24R228N4G\tt], is a member of:

BUILTIN\Administrators
\Everyone

Running in WORKSTATION MODE.

SystemDrive is C:
SystemRoot is C:\WINNT
Logon Domain is TT-46A24R228N4G
Administrator's Name is tt
Computer Name is TT-46A24R228N4G
LOGON SERVER is \\TT-46A24R228N4G

»»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»
The list will produce a small database of files that will match certain criteria.
Ex: read only files, s/h files, last modified date. size, etc.
The filters provided and registry scan should match the
corresponding file(s) listed.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Unless the file match the entire criteria, it should not be pointed to remove
without attempting to confirm it's nature!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
At times there could be several (legit) files flagged, and/or duplicate culprit file(s)!
If in doubt, always search the file(s) and properties according to criteria!

The file(s) found should be moved to \FINDnFIX\"junkxxx" Subfolder

______________________________________________________________________________
***YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***
______________________________________________________________________________

......Scanning for file(s)...
*Note! The list(s) may include legitimate files!
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»» (*1*) »»»»» .........
»»Read access error(s)...


»»»»» (*2*) »»»»»........

»»»»» (*3*) »»»»»........

No matches found.

unknown/hidden files...

No matches found.

»»»»» (*4*) »»»»».........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»»»(*5*)»»»»»

»»»»»(*6*)»»»»»

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»»Search by size...
*List of files and specs according to 'size' :
*Note: Not all files listed here are infected, but *may include* the
name and spces of the offending file...
___________________________________________________________________________
Path: C:\WINNT\SYSTEM32 Including: *.DLL


____________________________________________________________________________
*By size and date...


No matches found.

No matches found.

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»


BHO search and other files...



No matches found.

No matches found.

--*sp.html in temp folder was NOT FOUND!--

*Filter keys search...
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
CLSID = {2B803C45-4743-4353-9344-A1CB49EB26AA}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain
CLSID = {2B803C45-4743-4353-9344-A1CB49EB26AA}

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

»»Checking for AppInit_DLLs (empty) value...
________________________________
!"AppInit_DLLs"=""!

Value Matches
________________________________

»»Comparing *saved* key with *original*...

REGDIFF 2.1 - Freeware written by Gerson Kurz (http://www.p-nand-q.com)

Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).

No differences found.

»»Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM



»»Performing string scan....
00001150: ?
00001190: , @ @ p
000011D0: vk E AppInit_DLLsH K vk ( E
00001210:DeviceNotSelectedTimeout 1 5 H vk '
00001250: r GDIProcessHandleQuota o vk n Spooler
00001290: y e s T i vk G swapdisk vk
000012D0: A TransmissionRetryTimeout 9 0 vk '
00001310: n USERProcessHandleQuotan 0 Q C!>\ kSe /h
00001350:= | \: + + v ` j X E= X % U wWu YG 1 \X
00001390: 0/ : + <z K~ f n = V CM| , # D S
000013D0:jm= d ~8 eR y P d QD #2' z 7d tg {} 2 ( K
00001410:-PV M I$. ) I c b k }k%)c g jsS 8< %
00001450: e C# t p 9 Bw < SKc d / C ( $
00001490: 9 C $ -g (j$ ] a ae i C@ ( '~P + e z
000014D0: / Jx {\ Y T i .  4C )| 5 1* f/ _6^6N 4 PD IP P<
00001510: )P aE cIcM 3 * + _ fy i A AC )h*?
00001550: " *< j 5 Z 5 $ QqV, Q|b 2Cb m $= }S
00001590: !R j=6 wg} B Ub5 # - { s ] )fu y`:bR SCSCSCS
000015D0: mWxa g E f!S. # D: CQCQ)Q : 5z V [ ;^;

---------- WIN.TXT
AppInit_DLLsH
--------------
--------------
$011E8: AppInit_DLLsH
$01210: DeviceNotSelectedTimeout
$01258: GDIProcessHandleQuota
$012D8: TransmissionRetryTimeout
$01318: USERProcessHandleQuotan
--------------
--------------
No strings found.

--------------
--------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

.............
A handle was successfully obtained for the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
This key has 0 subkeys.
The AppInitDLLs value exists and reports as 2 bytes, including the 2 for string termination.

[AppInitDLLs]
Ansi string : ""
0000 00 00 | ..
-----------------------

»»»»»»Backups list...»»»»»»
22:51:12 up 0 days, 9:51:47
-----------------------
Fri 03 Sep 04 22:51:12


C:\FINDNFIX\
keyback.hiv Mon Aug 30 2004 12:59:40p A.... 8,192 8.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 8,192 bytes 8.00 K

C:\FINDNFIX\KEYS1\
winkey.reg Mon Aug 30 2004 12:59:40p A.... 287 0.28 K

1 item found: 1 file, 0 directories.
Total of file sizes: 287 bytes 0.28 K

*Temp backups...

"C:\Documents and Settings\tt\Local Settings\Temp\Backs2\"
keyback2.hi_ Aug 30 2004 8192 "keyback2.hi_"
winkey2.re_ Aug 30 2004 287 "winkey2.re_"

2 items found: 2 files, 0 directories.
Total of file sizes: 8,479 bytes 8.28 K
-D---- JUNKXXX 00000000 12:59.40 30/08/2004
A----- STARTIT .BAT 00000060 22:48.20 03/09/2004

________________________________________________________________________________
***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'
AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!
MINIMAL REQUIREMENTS INCLUDE:
_________XP HOME/PRO; SP1; IE6/SP1
_________2K/SP4; IE6/SP1
________________________________________________________________________________
»»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»
-----END------
Fri 03 Sep 04 22:51:13


#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:34 PM

Posted 05 September 2004 - 04:08 PM

I think you missed my last post...please do this:

Ok ...hmm..we will have to do this manually then.

Hi. Please download and install the program Registry Lite from here:

http://www.resplendence.com/reglite

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

And press enter. You will now be presented with new information in the bottom right and left sections and on the right section, the name AppInit_DLLs should be highlighted. Double-click on the AppInit_DLLs entry and copy and paste the text found in the value field in your next reply to this post.

Ok ...hmm..we will have to do this manually then.

Hi. Please download and install the program Registry Lite from here:

http://www.resplendence.com/reglite

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

And press enter. You will now be presented with new information in the bottom right and left sections and on the right section, the name AppInit_DLLs should be highlighted. Double-click on the AppInit_DLLs entry and copy and paste the text found in the value field in your next reply to this post.

Ok ...hmm..we will have to do this manually then.

Hi. Please download and install the program Registry Lite from here:

http://www.resplendence.com/reglite

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

And press enter. You will now be presented with new information in the bottom right and left sections and on the right section, the name AppInit_DLLs should be highlighted. Double-click on the AppInit_DLLs entry and copy and paste the text found in the value field in your next reply to this post.

#13 lil_halo_02

lil_halo_02
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 07 September 2004 - 01:58 AM

I didn't pay attention to that post cause I downloaded the updates for windows instead. I left the computer on all night and got it done.

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:34 PM

Posted 07 September 2004 - 11:16 AM

Please do the last step I asked you to do so we can continue cleaning thisup

#15 lil_halo_02

lil_halo_02
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 07 September 2004 - 08:16 PM

There wasn't a value for that field in the dll's




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users