95 Seconds to boot! PROBLEM

sudisha · May 21, 2005

hI, can somebody help?

I had installed few games from Digit DVD May Issue and upgraded
to MSN 7 and AVG. After that this problem showed up. I have scanned
with AVG and detected some virus which I healed and Moved to Virus Vault.
some of Virus detected are: :twisted:

1. VBS/Redlof
2. Trojan horse BackDoor.Agent.2.H

When I try to click on Heal, it shows some error.

What do I do to solve this problem. I am sure some it's because of Trojan or Spyware. Help need a.s.a.p.

My Configuration:
8)
Windows XP Professional Service Pack2
(with latest upgrade from Digit CD)
Pentium(R) 4 CPU 3.00GHz
504MB ram
Latest Intel Motherboard, good HD, good configuration.

Softwares Running in Background:

AVG Free Edition
Date Manager
Printer, Mouse
Natural Colour
Musicmatch Jukebox
Intel (R) Graphic Media Accelerator Driver
Sound Effect

Thanks,

:idea:

DIGIT IS A GREAT WAY TO KEEP ONESELF UPDATED. I HAVE BEEN BUYING THIS MAG FOR PAST 5 YEARS.

swatkat · May 21, 2005

Redlof is one of the higly irritating virus. Let's check whether Redlof is still present in the system or not. Right-click on Desktop, choose New> Text Document, whcich opens up NotePad, copy the text inside the "Code" box below, into NotePad.

Code:

regedit /e test1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" 
regedit /e test2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce" 
regedit /e test3.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices" 
regedit /e test4.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices" 
regedit /e test5.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" 
regedit /e test6.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
regedit /e test7.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects"
regedit /e test8.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main"
regedit /e test9.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"
regedit /e test10.txt "HKEY_CLASSES_ROOT\dllFile"
regedit /e test11.txt "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Options\Mail"
regedit /e test12.txt "HKEY_CURRENT_USER\Identities"
regedit /e test13.txt "HKEY_CLASSES_ROOT\.dll"
regedit /e test14.txt "HKEY_CLASSES_ROOT\vxdfile"

copy test1.txt + test2.txt + test3.txt + test4.txt + test5.txt + test6.txt + test7.txt + test8.txt + test9.txt + test10.txt + test11.txt + test12.txt + test13.txt + test14.txt = info.txt

del test1.txt
del test2.txt
del test3.txt
del test4.txt
del test5.txt
del test6.txt
del test7.txt
del test8.txt
del test9.txt
del test10.txt
del test11.txt
del test12.txt
del test13.txt
del test14.txt

Go to File> Save As and type the filename as Check.bat and save it and exit from NotePad. This would create a batch file named Check.bat on Desktop. Double-click on it, this opens up a DOS type window, and when it's titlebar changes to "Finished", close it. There will a be file named Info.txt in the same location where the Check.BAT is present, open the Text file, and copy and post it's contents here.

Download TrojanHunter and install it.
Boot in safe mode, and run TrojanHunter, select all the Hard Disk partitions and click "Full Scan". Remove any bad things it may find.

khattam_ · May 22, 2005

i think AVG is not a very good remover.........................
Try some other one

expertno.1 · May 22, 2005

use avast when i installed t from that day itdetected more than 4 virses and 3 trojans and repaired them

besides its free

disable some startup services and then it will take less time to boot

sudisha · May 22, 2005

Thanks Guys

swatkat, I did what you said and also downloaded trojanHunter free trial. Below is the code:
--------------------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"EPSON Stylus C45 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3T1.EXE /P23 \"EPSON Stylus C45 Series\" /O6 \"USB001\" /M \"Stylus C45\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="*www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="*www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="*www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"=hex:0a,00,00,00
"Delete_Temp_Files_On_Exit"="yes"
"Local Page"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,6c,00,61,00,6e,00,6b,00,2e,00,68,00,74,00,6d,00,00,00
"Anchor_Visitation_Horizon"=hex:01,00,00,00
"Use_Async_DNS"="yes"
"Placeholder_Width"=hex:1a,00,00,00
"Placeholder_Height"=hex:1a,00,00,00
"Start Page"="*www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Wizard_Version"="6.0.2600.0000"
"FullScreen"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\ErrorThresholds]
"400"=dword:00000200
"403"=dword:00000100
"404"=dword:00000200
"405"=dword:00000100
"406"=dword:00000200
"408"=dword:00000200
"409"=dword:00000200
"410"=dword:00000100
"500"=dword:00000200
"501"=dword:00000200
"505"=dword:00000200

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"*"=dword:00000001
"infopath.exe"=dword:00000000
"msn6.exe"=dword:00000000
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
@=""
"SAPLOGON.exe"=dword:00000000
"SAPfewgsrv.exe"=dword:00000000
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"*"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
@=""
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\UrlTemplate]
"1"="www.%s.com"
"2"="www.%s.org"
"3"="www.%s.net"
"4"="www.%s.edu"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="*www.rediffmailpro.com/"
"Use_DlgBox_Colors"="yes"
"Search Page"="*www.google.com"
"FullScreen"="no"
"Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,00,83,ff,ff,00,83,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,04,00,00,e4,02,00,\
00
"NotifyDownloadComplete"="yes"
"Use FormSuggest"="no"
"Save Directory"="C:\\Documents and Settings\\S H A N T A (MA)\\Desktop\\"
"AddToFavoritesExpanded"=dword:00000001
"Error Dlg Displayed On Every Error"="no"
"Use Custom Search URL"=dword:00000001
"AutoSearch"=dword:00000004
"Search Bar"="*www.google.com/ie"
"Use Search Asst"="no"
"Enable Browser Extensions"="yes"
"AllowWindowReuse"=dword:00000000
"ShowedCheckBrowser"="Yes"
"Check_Associations"="No"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings]
"LOCALMACHINE_CD_UNLOCK"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\dllFile]
@="Application Extension"
"AlwaysShowExt"=""
"EditFlags"=hex:01,00,00,00
"TileInfo"="prop:FileVersion;FileDescription"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"
"NoOpen"=""

[HKEY_CLASSES_ROOT\dllFile\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,35,\
00,34,00,00,00

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Identities]
"Identity Ordinal"=dword:00000002
"Migrated5"=dword:00000001
"Last Username"="Main Identity"
"Last User ID"="{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}"
"Default User ID"="{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}"

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}]
"Username"="Main Identity"
"User ID"="{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}"
"Directory Name"=dword:a81d21bd
"Identity Ordinal"=dword:00000001

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0]
"VerStamp"=dword:00000003
"SpellDontIgnoreDBCS"=dword:00000001
"MSIMN"=dword:00000001
"StoreMigratedV5"=dword:00000001
"ConvertedToDBX"=dword:00000001
"Settings Upgraded"=dword:00000007
"Running"=dword:00000000
"Store Root"=hex(2):25,00,55,00,73,00,65,00,72,00,50,00,72,00,6f,00,66,00,69,\
00,6c,00,65,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,\
74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,63,\
00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,5c,00,49,00,\
64,00,65,00,6e,00,74,00,69,00,74,00,69,00,65,00,73,00,5c,00,7b,00,41,00,38,\
00,31,00,44,00,32,00,31,00,42,00,44,00,2d,00,41,00,31,00,43,00,34,00,2d,00,\
34,00,30,00,45,00,35,00,2d,00,39,00,34,00,46,00,32,00,2d,00,36,00,38,00,42,\
00,30,00,44,00,46,00,46,00,46,00,36,00,45,00,43,00,43,00,7d,00,5c,00,4d,00,\
69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,4f,00,75,00,74,00,6c,\
00,6f,00,6f,00,6b,00,20,00,45,00,78,00,70,00,72,00,65,00,73,00,73,00,5c,00,\
00,00
"Migration Done"=dword:00000001
"PrevToolbarTextStyle"=dword:00000001
"Note Bands"=hex:0f,00,00,00,03,00,00,00,64,00,00,00,80,02,00,00,64,00,00,00,\
66,00,00,00,02,00,00,00,16,00,00,00,65,00,00,00,01,02,00,00,64,00,00,00
"ShowToolbarIEAK"=dword:00000001
"Toolbar Text"=dword:00000001
"Toolbar Icon Size"=dword:00000001
"SpoolerDlgPos"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,0c,01,00,00,ae,00,00,00,f4,02,00,00,41,01,00,00
"SpoolerTack"=dword:00000000

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Mail]
"Welcome Message"=dword:00000000
"Accounts Checked"=dword:00000001
"Safe Attachments"=dword:00000001
"Secure Safe Attachments"=dword:00000001
"Attach VCard"=dword:00000000
"NotePosEx"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,38,01,00,00,a0,00,00,00,c8,02,00,00,44,02,00,00
"Default_CodePage"=dword:00006faf

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\MailNote]
"Send Mail Toolbar Settings"=hex:db,9d,00,00,ff,ff,ff,ff,26,9d,00,00,24,9e,00,\
00,27,9d,00,00,25,9d,00,00,ff,ff,ff,ff,48,9d,00,00,47,9d,00,00,ff,ff,ff,ff,\
2d,9d,00,00,dc,9d,00,00,ff,ff,ff,ff,6b,9d,00,00,44,9d,00,00,b9,9c,00,00
"Saved Toolbar Settings Version"=dword:0000000f

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\News]
"Accounts Checked"=hex:00,00,00,00

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
"File0"="Clear Day.htm"
"File1"="Nature.htm"
"File2"="Maize.htm"
"File3"="Sunflower.htm"
"File4"="Citrus Punch.htm"
"File5"="Blank.htm"
"File6"="Leaves.htm"

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Rules]
"Messenger Auto logon"=dword:00000000
"MessengerWuzHere"=dword:00000000

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Rules\Mail]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Shared Settings]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Shared Settings\Setup]
"MigToLWP"=hex:bd,21,1d,a8,c4,a1,e5,40,94,f2,68,b0,df,ff,6e,cc
"MigToLWPVer"="6,0,2900,2180"

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\signatures]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Trident]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Trident\Main]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Trident\Settings]

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.dll]
@="dllfile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.dll\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\vxdfile]
@="Virtual device driver"

--------------------------------------------------------------------------------------

I think expertno.1 is also right about AVG. I'll try to install AVAST as well.

Thanks for the suggestion,
Sudisha

swatkat · May 22, 2005

I cannot find any refernces to Redlof in Registry. Which are the files that are being identified as virus by AVG?

But there are Gator, Trickler spywares in your PC.
Open NotePad, copy the below text inside the "Code" box and paste it in NotePad:-

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"=-
"Alcmtr"="-
"CMESys"=-

Go to File> Save As, and type filenamed as Fix.REG and save it. Exit from NotePad.
Boot in Safe mode. Double-click on the Fix.reg file, and choose "Yes" to merge it into Registry.

Go to Add/Remove Prgorams, and here uninstall, any of these entries you may find:-
Gain
Gator
Claria

Also, delete this folder:-
C:\Program Files\Common Files\CMEII
Delete these files, if you find:-
gmt.exe
fsg_4104.exe
cmesys.exe
gatorstubsetup.exe
gator.exe
guninstaller.exe
Alcmtr.exe
C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.html

Have you scanned your PC using TrojanHunter? Did it find anything?

Deleted member 5901 · May 22, 2005

yeah !!! i think ur problem is avg !!!

use avast !!! its free !!! much better !!!!

use windows anti - spyware beta thats good too !!!

its free !!!

ur problem is not trojan !!! its spyware related !!!!

Cheers !!!!

sudisha · May 24, 2005

Fix.reg

I saved the code to Note Pad as Fix.reg but when I started in a Safe Mode and double clicked it, it only opened, there was no prompt window or something.

I have removed the files you had said but still my OS is booting slow. No improvement.

Thanks

swatkat said:
I cannot find any refernces to Redlof in Registry. Which are the files that are being identified as virus by AVG?

But there are Gator, Trickler spywares in your PC.
Open NotePad, copy the below text inside the "Code" box and paste it in NotePad:-

Code:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AlcWzrd"=- "Alcmtr"="- "CMESys"=-

Go to File> Save As, and type filenamed as Fix.REG and save it. Exit from NotePad.
Boot in Safe mode. Double-click on the Fix.reg file, and choose "Yes" to merge it into Registry.

Go to Add/Remove Prgorams, and here uninstall, any of these entries you may find:-
Gain
Gator
Claria

Also, delete this folder:-
C:\Program Files\Common Files\CMEII
Delete these files, if you find:-
gmt.exe
fsg_4104.exe
cmesys.exe
gatorstubsetup.exe
gator.exe
guninstaller.exe
Alcmtr.exe
C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.html

Have you scanned your PC using TrojanHunter? Did it find anything?

sudisha · May 24, 2005

swatkat

Hi,

After Scanning with TrojanHunter I got the following results: Still my system is booting slow. What should I do next? :?:

Code:

---------------------------------------------------------------------------------
Trojan Detected:
----------------------------------------------------------------------------------
Registry scan
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com (matches Adware.Gator.100) 	(Regedit Jump)
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012160.DLL (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012161.exe (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012162.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012163.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012164.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012165.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012166.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012167.exe (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012168.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012169.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012170.dll (Adware.Claria.106)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012171.dll (Adware.Claria.106)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012172.EXE (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012174.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012175.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012176.dll (Adware.Claria.106)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012177.dll (Adware.Claria.106)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012178.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012310.DLL (Adware.Claria.106)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012326.dll (Adware.Claria.106)
Found trojan file: C:\Recycled\Dc366\CMEIIAPI.dll (Adware.Claria.106)
Found trojan file: C:\Recycled\Dc366\GStore.dll (Adware.Claria.106)
Found trojan file: C:\Recycled\Dc366\CMEUpd.exe (Adware.Gator.100)
Found trojan file: C:\Recycled\Dc366\GFormCTM.dll (Adware.Gator.100)
Found trojan file: C:\Recycled\Dc366\GSvcMgr.dll (Adware.Gator.100)
Found trojan file: C:\Recycled\Dc366\GSvcSAP.dll (Adware.Gator.100)
26 trojan files found

---------------------------------------------------------------------------------
Trojan Found:
 :twisted: ---------------------------------------------------------------------------------
Adware.Claria.106
Adware.Gator.100

---------------------------------------------------------------------------------
Clean Result:
---------------------------------------------------------------------------------
Can not clean HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com - too many sub-keys

Renamed file C:\Recycled\Dc366\CMEIIAPI.dll to C:\Recycled\Dc366\CMEIIAPI.dll.tcf
Renamed file C:\Recycled\Dc366\CMEUpd.exe to C:\Recycled\Dc366\CMEUpd.exe.tcf
Renamed file C:\Recycled\Dc366\GFormCTM.dll to C:\Recycled\Dc366\GFormCTM.dll.tcf
Renamed file C:\Recycled\Dc366\GStore.dll to C:\Recycled\Dc366\GStore.dll.tcf
Renamed file C:\Recycled\Dc366\GSvcMgr.dll to C:\Recycled\Dc366\GSvcMgr.dll.tcf
Renamed file C:\Recycled\Dc366\GSvcSAP.dll to C:\Recycled\Dc366\GSvcSAP.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012160.DLL to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012160.DLL.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012161.exe to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012161.exe.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012162.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012162.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012163.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012163.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012164.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012164.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012165.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012165.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012166.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012166.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012167.exe to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012167.exe.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012168.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012168.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012169.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012169.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012170.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012170.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012171.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012171.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012172.EXE to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012172.EXE.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012174.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012174.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012175.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012175.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012176.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012176.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012177.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012177.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012178.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012178.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012310.DLL to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012310.DLL.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012326.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012326.dll.tcf
Trojan cleaning finished.

anandk · May 25, 2005

use AVAST. Schedule a boot-time scan for the first time, and run it !
TDS-3 is i think a better trojan remover. try it !

Raaabo · Jun 14, 2005

try Spybot from the Digit CD / DVD

Nimda · Jun 15, 2005

1- Disable MSN 7 from running at boot. Visit this page
2- Uninstall AVG and scan your system for viruses from this web page:
Online Virus scan
3- Now, don't install AVG back. It's not a very good AV. I recommend you try NOD32.
4- Install ZoneAlaram if you haven't already done so.
5- If bootup time is still high, then goto Start -> Run and type msconfig. Goto the startup tab and disable *all* entries -> Apply -> ok -> Restart.
6- Now using Hit-and-trial, enable back all the entries you disabled one by one, restarting after each step. Until you find the program which is causing the bootup delay.

ashisharya · Jun 15, 2005

use Kaspersky Antivirus Personal Pro 5.0 and a good anti-spyware.

q3_abhi · Jun 18, 2005

Try Quick Heal 7.x. Its 1 of the best anti-virus with very low system requirements (compared 2 others).

95 Seconds to boot! PROBLEM

sudisha

Right off the assembly line

swatkat

Technomancer

khattam_

Guest

expertno.1

Technomancer

sudisha

Right off the assembly line

swatkat

Technomancer

Deleted member 5901

Guest

sudisha

Right off the assembly line

sudisha

Right off the assembly line

anandk

Distinguished Member

Raaabo

The Dark Lord

Nimda

l33t n00b!

ashisharya

In the zone

q3_abhi

Youngling