95 Seconds to boot! PROBLEM

[sudisha]

hI, can somebody help?

I had installed few games from Digit DVD May Issue and upgraded
to MSN 7 and AVG. After that this problem showed up. I have scanned
with AVG and detected some virus which I healed and Moved to Virus Vault.
some of Virus detected are:

1. VBS/Redlof
2. Trojan horse BackDoor.Agent.2.H

When I try to click on Heal, it shows some error.

What do I do to solve this problem. I am sure some it's because of Trojan or Spyware. Help need a.s.a.p.

My Configuration:
8)
Windows XP Professional Service Pack2
(with latest upgrade from Digit CD)
Pentium(R) 4 CPU 3.00GHz
504MB ram
Latest Intel Motherboard, good HD, good configuration.

Softwares Running in Background:

AVG Free Edition
Date Manager
Printer, Mouse
Natural Colour
Musicmatch Jukebox
Intel (R) Graphic Media Accelerator Driver
Sound Effect


Thanks,

DIGIT IS A GREAT WAY TO KEEP ONESELF UPDATED. I HAVE BEEN BUYING THIS MAG FOR PAST 5 YEARS.

[swatkat]

Redlof is one of the higly irritating virus. Let's check whether Redlof is still present in the system or not. Right-click on Desktop, choose New> Text Document, whcich opens up NotePad, copy the text inside the "Code" box below, into NotePad.

Code:

regedit /e test1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" 
regedit /e test2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce" 
regedit /e test3.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices" 
regedit /e test4.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices" 
regedit /e test5.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" 
regedit /e test6.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
regedit /e test7.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects"
regedit /e test8.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main"
regedit /e test9.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"
regedit /e test10.txt "HKEY_CLASSES_ROOT\dllFile"
regedit /e test11.txt "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Options\Mail"
regedit /e test12.txt "HKEY_CURRENT_USER\Identities"
regedit /e test13.txt "HKEY_CLASSES_ROOT\.dll"
regedit /e test14.txt "HKEY_CLASSES_ROOT\vxdfile"

copy test1.txt + test2.txt + test3.txt + test4.txt + test5.txt + test6.txt + test7.txt + test8.txt + test9.txt + test10.txt + test11.txt + test12.txt + test13.txt + test14.txt = info.txt

del test1.txt
del test2.txt
del test3.txt
del test4.txt
del test5.txt
del test6.txt
del test7.txt
del test8.txt
del test9.txt
del test10.txt
del test11.txt
del test12.txt
del test13.txt
del test14.txt

Go to File> Save As and type the filename as Check.bat and save it and exit from NotePad. This would create a batch file named Check.bat on Desktop. Double-click on it, this opens up a DOS type window, and when it's titlebar changes to "Finished", close it. There will a be file named Info.txt in the same location where the Check.BAT is present, open the Text file, and copy and post it's contents here.

Download TrojanHunter and install it.
Boot in safe mode, and run TrojanHunter, select all the Hard Disk partitions and click "Full Scan". Remove any bad things it may find.

[khattam_]

i think AVG is not a very good remover.........................
Try some other one

[expertno.1]

use avast when i installed t from that day itdetected more than 4 virses and 3 trojans and repaired them

besides its free



disable some startup services and then it will take less time to boot

[sudisha]

swatkat, I did what you said and also downloaded trojanHunter free trial. Below is the code:
--------------------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.ex e"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.ex e"
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroChec k.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"EPSON Stylus C45 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I3T1.EXE /P23 \"EPSON Stylus C45 Series\" /O6 \"USB001\" /M \"Stylus C45\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc. exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgem c.exe"
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"=hex:0a,00,00,00
"Delete_Temp_Files_On_Exit"="yes"
"Local Page"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6 d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00 ,6d,00,33,00,32,00,5c,00,\
62,00,6c,00,61,00,6e,00,6b,00,2e,00,68,00,74,00,6d ,00,00,00
"Anchor_Visitation_Horizon"=hex:01,00,00,00
"Use_Async_DNS"="yes"
"Placeholder_Width"=hex:1a,00,00,00
"Placeholder_Height"=hex:1a,00,00,00
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Wizard_Version"="6.0.2600.0000"
"FullScreen"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\ErrorThresholds]
"400"=dword:00000200
"403"=dword:00000100
"404"=dword:00000200
"405"=dword:00000100
"406"=dword:00000200
"408"=dword:00000200
"409"=dword:00000200
"410"=dword:00000100
"500"=dword:00000200
"501"=dword:00000200
"505"=dword:00000200

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEM ENT]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"*"=dword:00000001
"infopath.exe"=dword:00000000
"msn6.exe"=dword:00000000
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PR OTOCOL]
@=""
"SAPLOGON.exe"=dword:00000000
"SAPfewgsrv.exe"=dword:00000000
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"*"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME _PASSWORD_DISABLE]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_ LOCKDOWN]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHIN G]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCK DOWN]
@=""
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTI VEXINSTALL]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILE DOWNLOAD]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOB JECT]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILE CHECK]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVI GATE_URL]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMA NAGEMENT]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRI CTIONS]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATIO N]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\UrlTemplate]
"1"="www.%s.com"
"2"="www.%s.org"
"3"="www.%s.net"
"4"="www.%s.edu"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://www.rediffmailpro.com/"
"Use_DlgBox_Colors"="yes"
"Search Page"="http://www.google.com"
"FullScreen"="no"
"Window_Placement"=hex:2c,00,00,00,02,00,00,00,03, 00,00,00,00,83,ff,ff,00,83,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00 ,00,00,04,00,00,e4,02,00,\
00
"NotifyDownloadComplete"="yes"
"Use FormSuggest"="no"
"Save Directory"="C:\\Documents and Settings\\S H A N T A (MA)\\Desktop\\"
"AddToFavoritesExpanded"=dword:00000001
"Error Dlg Displayed On Every Error"="no"
"Use Custom Search URL"=dword:00000001
"AutoSearch"=dword:00000004
"Search Bar"="http://www.google.com/ie"
"Use Search Asst"="no"
"Enable Browser Extensions"="yes"
"AllowWindowReuse"=dword:00000000
"ShowedCheckBrowser"="Yes"
"Check_Associations"="No"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_ LOCKDOWN]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_ LOCKDOWN\Settings]
"LOCALMACHINE_CD_UNLOCK"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\dllFile]
@="Application Extension"
"AlwaysShowExt"=""
"EditFlags"=hex:01,00,00,00
"TileInfo"="prop:FileVersion;FileDescription"
"InfoTip"="prop:FileDescription;Company;FileVersio n;Create;Size"
"NoOpen"=""

[HKEY_CLASSES_ROOT\dllFile\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00 ,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00 ,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c ,00,2c,00,2d,00,31,00,35,\
00,34,00,00,00

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Identities]
"Identity Ordinal"=dword:00000002
"Migrated5"=dword:00000001
"Last Username"="Main Identity"
"Last User ID"="{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}"
"Default User ID"="{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}"

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}]
"Username"="Main Identity"
"User ID"="{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}"
"Directory Name"=dword:a81d21bd
"Identity Ordinal"=dword:00000001

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0]
"VerStamp"=dword:00000003
"SpellDontIgnoreDBCS"=dword:00000001
"MSIMN"=dword:00000001
"StoreMigratedV5"=dword:00000001
"ConvertedToDBX"=dword:00000001
"Settings Upgraded"=dword:00000007
"Running"=dword:00000000
"Store Root"=hex(2):25,00,55,00,73,00,65,00,72,00,50,00,7 2,00,6f,00,66,00,69,\
00,6c,00,65,00,25,00,5c,00,4c,00,6f,00,63,00,61,00 ,6c,00,20,00,53,00,65,00,\
74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70 ,00,70,00,6c,00,69,00,63,\
00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00 ,74,00,61,00,5c,00,49,00,\
64,00,65,00,6e,00,74,00,69,00,74,00,69,00,65,00,73 ,00,5c,00,7b,00,41,00,38,\
00,31,00,44,00,32,00,31,00,42,00,44,00,2d,00,41,00 ,31,00,43,00,34,00,2d,00,\
34,00,30,00,45,00,35,00,2d,00,39,00,34,00,46,00,32 ,00,2d,00,36,00,38,00,42,\
00,30,00,44,00,46,00,46,00,46,00,36,00,45,00,43,00 ,43,00,7d,00,5c,00,4d,00,\
69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c ,00,4f,00,75,00,74,00,6c,\
00,6f,00,6f,00,6b,00,20,00,45,00,78,00,70,00,72,00 ,65,00,73,00,73,00,5c,00,\
00,00
"Migration Done"=dword:00000001
"PrevToolbarTextStyle"=dword:00000001
"Note Bands"=hex:0f,00,00,00,03,00,00,00,64,00,00,00,80, 02,00,00,64,00,00,00,\
66,00,00,00,02,00,00,00,16,00,00,00,65,00,00,00,01 ,02,00,00,64,00,00,00
"ShowToolbarIEAK"=dword:00000001
"Toolbar Text"=dword:00000001
"Toolbar Icon Size"=dword:00000001
"SpoolerDlgPos"=hex:2c,00,00,00,00,00,00,00,01,00, 00,00,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,0c,01,00,00,ae,00,00,00 ,f4,02,00,00,41,01,00,00
"SpoolerTack"=dword:00000000

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Mail]
"Welcome Message"=dword:00000000
"Accounts Checked"=dword:00000001
"Safe Attachments"=dword:00000001
"Secure Safe Attachments"=dword:00000001
"Attach VCard"=dword:00000000
"NotePosEx"=hex:2c,00,00,00,00,00,00,00,01,00,00,0 0,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,38,01,00,00,a0,00,00,00,c8,02 ,00,00,44,02,00,00
"Default_CodePage"=dword:00006faf

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\MailNote]
"Send Mail Toolbar Settings"=hex:db,9d,00,00,ff,ff,ff,ff,26,9d,00,00, 24,9e,00,\
00,27,9d,00,00,25,9d,00,00,ff,ff,ff,ff,48,9d,00,00 ,47,9d,00,00,ff,ff,ff,ff,\
2d,9d,00,00,dc,9d,00,00,ff,ff,ff,ff,6b,9d,00,00,44 ,9d,00,00,b9,9c,00,00
"Saved Toolbar Settings Version"=dword:0000000f

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\News]
"Accounts Checked"=hex:00,00,00,00

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
"File0"="Clear Day.htm"
"File1"="Nature.htm"
"File2"="Maize.htm"
"File3"="Sunflower.htm"
"File4"="Citrus Punch.htm"
"File5"="Blank.htm"
"File6"="Leaves.htm"

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Rules]
"Messenger Auto logon"=dword:00000000
"MessengerWuzHere"=dword:00000000

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Rules\Mail]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Shared Settings]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Shared Settings\Setup]
"MigToLWP"=hex:bd,21,1d,a8,c4,a1,e5,40,94,f2,68,b0 ,df,ff,6e,cc
"MigToLWPVer"="6,0,2900,2180"

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\signatures]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Trident]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Trident\Main]

[HKEY_CURRENT_USER\Identities\{A81D21BD-A1C4-40E5-94F2-68B0DFFF6ECC}\Software\Microsoft\Outlook Express\5.0\Trident\Settings]

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.dll]
@="dllfile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.dll\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\vxdfile]
@="Virtual device driver"

--------------------------------------------------------------------------------------

I think expertno.1 is also right about AVG. I'll try to install AVAST as well.

Thanks for the suggestion,
Sudisha

[swatkat]

I cannot find any refernces to Redlof in Registry. Which are the files that are being identified as virus by AVG?

But there are Gator, Trickler spywares in your PC.
Open NotePad, copy the below text inside the "Code" box and paste it in NotePad:-

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"=-
"Alcmtr"="-
"CMESys"=-

Go to File> Save As, and type filenamed as Fix.REG and save it. Exit from NotePad.
Boot in Safe mode. Double-click on the Fix.reg file, and choose "Yes" to merge it into Registry.

Go to Add/Remove Prgorams, and here uninstall, any of these entries you may find:-
Gain
Gator
Claria

Also, delete this folder:-
C:\Program Files\Common Files\CMEII
Delete these files, if you find:-
gmt.exe
fsg_4104.exe
cmesys.exe
gatorstubsetup.exe
gator.exe
guninstaller.exe
Alcmtr.exe
C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.html

Have you scanned your PC using TrojanHunter? Did it find anything?

[King_Niral]

yeah !!! i think ur problem is avg !!!

use avast !!! its free !!! much better !!!!

use windows anti - spyware beta thats good too !!!

its free !!!

ur problem is not trojan !!! its spyware related !!!!

Cheers !!!!

[sudisha]

I saved the code to Note Pad as Fix.reg but when I started in a Safe Mode and double clicked it, it only opened, there was no prompt window or something.

I have removed the files you had said but still my OS is booting slow. No improvement.

Thanks

Quote:

Originally Posted by swatkat

I cannot find any refernces to Redlof in Registry. Which are the files that are being identified as virus by AVG?

But there are Gator, Trickler spywares in your PC.
Open NotePad, copy the below text inside the "Code" box and paste it in NotePad:-

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"=-
"Alcmtr"="-
"CMESys"=-

Go to File> Save As, and type filenamed as Fix.REG and save it. Exit from NotePad.
Boot in Safe mode. Double-click on the Fix.reg file, and choose "Yes" to merge it into Registry.

Go to Add/Remove Prgorams, and here uninstall, any of these entries you may find:-
Gain
Gator
Claria

Also, delete this folder:-
C:\Program Files\Common Files\CMEII
Delete these files, if you find:-
gmt.exe
fsg_4104.exe
cmesys.exe
gatorstubsetup.exe
gator.exe
guninstaller.exe
Alcmtr.exe
C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.html

Have you scanned your PC using TrojanHunter? Did it find anything?

[sudisha]

Hi,

After Scanning with TrojanHunter I got the following results: Still my system is booting slow. What should I do next?

Code:

---------------------------------------------------------------------------------
Trojan Detected:
----------------------------------------------------------------------------------
Registry scan
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com (matches Adware.Gator.100) 	(Regedit Jump)
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012160.DLL (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012161.exe (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012162.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012163.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012164.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012165.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012166.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012167.exe (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012168.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012169.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012170.dll (Adware.Claria.106)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012171.dll (Adware.Claria.106)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012172.EXE (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012174.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012175.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012176.dll (Adware.Claria.106)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012177.dll (Adware.Claria.106)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012178.dll (Adware.Gator.100)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012310.DLL (Adware.Claria.106)
Found trojan file: C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012326.dll (Adware.Claria.106)
Found trojan file: C:\Recycled\Dc366\CMEIIAPI.dll (Adware.Claria.106)
Found trojan file: C:\Recycled\Dc366\GStore.dll (Adware.Claria.106)
Found trojan file: C:\Recycled\Dc366\CMEUpd.exe (Adware.Gator.100)
Found trojan file: C:\Recycled\Dc366\GFormCTM.dll (Adware.Gator.100)
Found trojan file: C:\Recycled\Dc366\GSvcMgr.dll (Adware.Gator.100)
Found trojan file: C:\Recycled\Dc366\GSvcSAP.dll (Adware.Gator.100)
26 trojan files found

---------------------------------------------------------------------------------
Trojan Found:
 :twisted: ---------------------------------------------------------------------------------
Adware.Claria.106
Adware.Gator.100

---------------------------------------------------------------------------------
Clean Result:
---------------------------------------------------------------------------------
Can not clean HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com - too many sub-keys

Renamed file C:\Recycled\Dc366\CMEIIAPI.dll to C:\Recycled\Dc366\CMEIIAPI.dll.tcf
Renamed file C:\Recycled\Dc366\CMEUpd.exe to C:\Recycled\Dc366\CMEUpd.exe.tcf
Renamed file C:\Recycled\Dc366\GFormCTM.dll to C:\Recycled\Dc366\GFormCTM.dll.tcf
Renamed file C:\Recycled\Dc366\GStore.dll to C:\Recycled\Dc366\GStore.dll.tcf
Renamed file C:\Recycled\Dc366\GSvcMgr.dll to C:\Recycled\Dc366\GSvcMgr.dll.tcf
Renamed file C:\Recycled\Dc366\GSvcSAP.dll to C:\Recycled\Dc366\GSvcSAP.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012160.DLL to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012160.DLL.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012161.exe to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012161.exe.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012162.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012162.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012163.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012163.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012164.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012164.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012165.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012165.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012166.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012166.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012167.exe to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012167.exe.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012168.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012168.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012169.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012169.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012170.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012170.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012171.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012171.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012172.EXE to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012172.EXE.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012174.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012174.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012175.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012175.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012176.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012176.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012177.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012177.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012178.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP75\A0012178.dll.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012310.DLL to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012310.DLL.tcf
Renamed file C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012326.dll to C:\System Volume Information\_restore{D0C2FAB4-8585-4A4B-B417-193F3E3DED08}\RP77\A0012326.dll.tcf
Trojan cleaning finished.

[anandk]

use AVAST. Schedule a boot-time scan for the first time, and run it !
TDS-3 is i think a better trojan remover. try it !

[Raaabo]

try Spybot from the Digit CD / DVD

[Nimda]

1- Disable MSN 7 from running at boot. Visit this page
2- Uninstall AVG and scan your system for viruses from this web page:
Online Virus scan
3- Now, don't install AVG back. It's not a very good AV. I recommend you try NOD32.
4- Install ZoneAlaram if you haven't already done so.
5- If bootup time is still high, then goto Start -> Run and type msconfig. Goto the startup tab and disable *all* entries -> Apply -> ok -> Restart.
6- Now using Hit-and-trial, enable back all the entries you disabled one by one, restarting after each step. Until you find the program which is causing the bootup delay.

[ashisharya]

use Kaspersky Antivirus Personal Pro 5.0 and a good anti-spyware.

[q3_abhi]

Try Quick Heal 7.x. Its 1 of the best anti-virus with very low system requirements (compared 2 others).