when try to burn it says

Answer #1
or you did not enter the file you want to be burned or you probably have a corrupt image

Right I’ve got ‘Speed Download’ up and running and working. I’ve entered my premium account details in…
Preferences…
RapidShare…
and checked the ‘premium’ box.
The problem is that I copy and paste the links into Speed Downloand and the 6 I’ve just done take 5 seconds each. The aren’t downloading properly, they download as 16k files.
Somethings not right somehow.
Any ideas?
Answer #1
Anyone know how to do this?
Cheers
Answer #2
reboot your computer and use ccleaner to clean your computers junk files than try it again
Answer #3
I’m on a MAC btw.
Is this how I do it on a MAC?
Please can someone help.
Thanks.
Answer #4
1. Do you have direct downloads enabled in your rapidshare account?
2. Do the files you download have .html at the end of it.
Answer #5
Hi – thanks for your help dude.
1. Yeah I’ve got direct downloads enabled.
2. No they have .rar at the end of them.
Cheers
Answer #6
Open up the 16 kb files and read what it says inside, then post what it says here

I am using Southern Electric and my electric will go off sometimes while I am playing on the Xbox 360 and my PC turned on, will it damage my Xbox 360 and PC?
Answer #1
Well, Power cuts are not so dangerous as the spikes / surges are. If you can use UPS (or any power backup device) then use it, it will be good for your PC.
I have a PC that’s never been used with UPS or any power backup devices.
Answer #2
it may over time as it wouldn’t have shutdown correctly especially a pc, surge is the worst so not so bad with the cut, but is it a power cut or something electrical causing the cut.
Answer #3
it may over time as it wouldn't have shutdown correctly especially a pc, surge is the worst so not so bad with the cut, but is it a power cut or something electrical causing the cut.
It’s the company fault, the electric cuts and sometimes it comes back straight away and sometime will come back on about 1 hour later
Answer #4
dont know about the Xbox 360, but will surely damage the power supply of your PC after some time (may damage the motherboard too) and will also corrupt the OS installed in the PC

I logged in Steam. I click my games tab… none of my games are installed it says. and under the “Uninstalled list” I have every single Steam game released. crazy… part of me wants to just say ~ censored ~ it and keep it, but when i try to run my games like cs and stuff it says i need to install it.. when i know its alrdy installed.. HELP PLEASE?
SCREENSHOT :
http://~ Disallowed image host ~/2vte809.jpg
ALSO: I DELETED MY CLIENTREGISTRY.BLOB and restarted steam. nothing… and the file didnt even recreate itself and i didnt hav to like update steam like it usally does… crazy
Links Coded. Please remember to double check that all your links have been coded -Headucatiion
#3.9 All links must be coded - including internal links (eg [code]Link placed inside here[/code]).
Answer #1
Yo fixed it. Deleted the clientregistry.blob again and this time it fixed it.. i wonder if i actually had all those games though.. i shuld have just re-installed all my games and kept it that way. ehh this ever happen to any of u guys?
Please do not double post, Use the edit button instead -Headucatiion

Hi, I’m having troubles with my SubSync. I used it frequently until someday it crashed and I removed it (using control panel)But now (couple of months later), I reinstalled it and the prog is giving an error when I open it.
I tried removing it again, then reinstalling.. even tried another program
but it’s no use.. I keep getting this error:

Answer #1
Download from:
http://www.missingocx.com/msdxm.ocx.html

What is the Best thing to use for Converting and Burning ConvertXdvd is bull because the dvds are skipping
Answer #1
well try burning at slower speeds with Convertx if thats no good, you can convert with convertx still and then burn with Nero

please tell me a good website to download songs from…..
Answer #1
mp3skull is what I usually use… or just a youtube converter.
Answer #2
Although is not a site I suggest Songr, give it a shot.
Answer #3
Just go to the link heaven section and search….mp3….you’ll find tons of sites.

hi guys, can anyone help me, i’m planning to buy an external hard drive
and it’s my first time to buy this stuff so i’m completely have no idea.
i’m planning to buy the imation apollo 2.5 portable hard drive 500gb and i want
to ask if anyone has already tried it and how was it?
i’m also thinking about western digital my passport ultra 500gb.
can anyone help me choosing? thank you.
i’m also open to some other brands you can suggest.
Answer #1
Firstly, the imation is only USB2 so that model should be sent to the “don’t consider” bucket. Even if you don’t have a USB3 port, you eventually will have when you upgrade.
Secondly, the imation is more expensive even with its age (2008): Passport is 2013 and should you need it, it comes with backup software at a lower price.
I have about 8 external usb drives – Seagate and WD. I haven’t had an issue with either brand, all 8 drives going at least 2 years now virtually 24/7.
Answer #2
go WD! IMO WD hard drives are tested and proven.
Answer #3
Even if the materials used to create both drives are the same, I’d still go with WD.
It just has a better software and tools, and probably better warranty support.
Western Digital is a big player in the storage industry for a reason.
Answer #4
I have 3 Maxtor (Seagate), 1 Iomega , 1 Samsung, 1 Seagate, 1 WD , 1 Toshiba, several small Hitachi drives and my experience is avoid Seagate stick with WD.
Only had problems with Seagate Toshiba and Iomega. Iomega drive died and corrupted the Seagate occasionally shows as being empty and had a reallocation event within months of purchase also it get too hot. Whatever you choose try and get a metal enclosure for heat dissipation, heat is bad news for drives.
Alsohttp://www.buzzfeed.com/tommywilhelm/how-three-hard-drive-companies-gobbled-up-the-indu#3gt7oxp
looks like choices may be more limited than we think
Good luck,
Answer #5
I own this imation HD, and I think this is also the one you’re referring to.

I still have it and it’s a very old model but durable HD. I think I’ve been holding on to it for about 3 years now, maybe even longer (bought it too long ago for me to remember). Dropped it a few times accidentally at short heights and it’s still working perfectly. I’ll recommend getting this one. But as has mentioned, this one doesn’t have USB 3. I also own WD drives, not the portable ones though, so can’t say much on it. My friend’s portable WD 1TB drive has loose connectors and the cable doesn’t fit in perfectly. Maybe its just his luck.
Read and heard many negative reviews about Seagate, so strike that off your list.
If I were you, I’ll buy the one which offers a longer warranty period for WD and Imation. Cheers
Answer #6
Western Digital Without a doubt. i got 8tb’s of data and all of it stored in WD..
4 external HD – 2 TB each – all of them are of same brand “WD”, 2 of the HD [WD elements 3.5 inch] need external power source and its heavy[1 kilogram]. it is little bit irritating because you have carry all those wires and adapters and the heavy weights still its good. And other 2, i have no issue with it at all[WD passport ultra 2.5inch] no need of external power source and it is light in weight [230 gram].. Man i highly suggest you to go for “WD”. also love the built quality and good warranty Period..
Answer #7
my imation did not even last the warranty period…

Hello guys
I have a broken graphic card it’s an nvidea 8600M GS thebscreen is black,
I’m thinking if It is possible to change the BGA Chip ?
In general, the problem of the broken graphic card is coming from that piece ?
Answer #1
Are you sure it’s the GPU and not the Motherboard/RAM?
Try removing all memory modules and powering it up, If it beeps, The motherboard is likely in good
condition, If it doesn’t, Then it’s dead. If it’s all good in that department, Then try testing the RAM out.
A faulty module can cause a black screen too. If you got 2 of em, Try each one standalone (As in with the other one
disconnected). If you only have one, Then you’re gonna have to buy another one in order to test it. Another possibility is a bad monitor or monitor cable, Most (If not all) laptops have an external display output (Usually VGA or HDMI)
so try connecting it to a 3rd party Monitor or TV and see how that goes (You would have to press FN+One of the F keys after you power it up in order to make it switch the output!)
If you’ve reached the conclusion that it’s indeed the GPU, Then your best bet would be to either reflow it or replace the motherboard (It should have a part number on it, Just look it up on Google or Ebay and you’ll find some sellers!)
In order to reflow it (Fix loose soldering joints) you could either use a heat gun, Or simply bake it in the over (And I’m being completely serious here!) it does work sometimes, Just see this example
http://www.youtube.com/watch?v=jsmlALfEgPg&feature=related
Basically, You need to first disassemble your laptop and remove the motherboard (Look up the service/maintenance manual for your particular model on Google if you’re unsure how to do this) up next, Remove the round BIOS battery (As it can explode in high heat!). Use pure alcohol of 90% or better along with q-tips/cotton balls to clean up any old thermal paste from the CPU/GPU, Pre-heat your oven to 200C or 385F (Depending on whatever temperature standard they use in your country) Take a tray, Put aluminum foil on it, And also make a few aluminum balls (You don’t want the motherboard to touch it directly, So put it under the motherboard’s corners for some spacing) Anyways, Put it in, And give it 9-10 minutes, Turn off the oven, Open it up and give it an hour or two to cool off, Remove the tray, Put it all back together, And hope for the best! (Do note that you’re gonna need some thermal paste too for reapplying) If your laptop’s CPU/GPU cooler have thermal pads instead (rubber pieces underneath) better remove em before you put it back in, Otherwise the heat conductivity would suck. Generally speaking, You can either use paste or pads but not both at once. Thermal paste generally provides much better heat conductivity than pads however, So is always the better option.
In an answer to your original question, Yes, But it’s not simple one bit!
First of, Only a limited number of GPU chips would fit, And they wont be easy to find. And on top of that, You would need an SMD soldering rework station and a lot of experience in order to do it properly. So to sum it up, Baking or replacing the motherboard are your only practical options!
Answer #2
Thank you Roberto for all these details ! You are not a V.I.P for nothing dude !
If I press FN+F1 it will shows directly to the output without needing to pass by the control panel ?
And I think that the problem came from the graphic card, because it started when I move the PC the screen became black,
Then I cannot open the hinged cover only if I do not exceed an acute angle ! !
But after that when I open the PC, it starts but the screen remain black.
I founded an article that’s seems interessant, it describe the same method that you proposed !
http://m.voices.yahoo.com/fix-broken-video-card-oven-11644398.html
Thank you again Roberto!
Answer #3
Thank you Roberto for all these details !
You’re welcome!
You are not a V.I.P for nothing dude !
Thanks for the compliment.
If I press FN+F1 it will shows directly to the output without needing to pass by the control panel ?
Provided it’s the correct F key for the job, It should work OS regardless.
Speaking about OS’s, If you turn your laptop on and wait 2 mins, Do you hear the Windows welcome screen sound? And I think that the problem came from the graphic card, because it started when I move the PC the screen became black,
Then I cannot open the hinged cover only if I do not exceed an acute angle ! !
Are you saying the screen only displayed an output when you opened it slightly, But not when you opened it fully?
If so, This may indicate a problem with the inverter board or cable.
I founded an article that's seems interessant, it describe the same method that you proposed !
Here’s a lengthy forum discussion about it, With a lot of success stories and pics:
http://hardforum.com/showthread.php?t=1421792
I’m sure you’ll find it useful.
Answer #4
Thank so much Roberto ! I’ll start by changing the inverter board ? I have a wreck amilo xi 2528 that I’m using for parts !
Thank you again Hope that the problem is not from the G.card
Answer #5
Good luck with that!
Just don’t forget to check the other things I mentioned too!
Such as trying an external display (3rd party monitor or TV) / Testing the motherboard (A healthy one would beep with the memory modules removed!) / The memory modules themselves (If you got 2 of em, Try each one standalone, If you don’t, Then the only way to test if it’s a bad module would be buying a new one!)
If nothing goes, Well, You still got the all mighty oven to the rescue!
Sorry for the late reply btw, Just been busy over the weekend.

I got a spyware on my PC during surfing, the desktop has changed a wallpaper.
When I right click on the taskbar pop-up menu appears, but the option “task manager” is not able to select. And when I press ctrl+alt+del, it says: “Task manager has been disabled by your administrator.”
How can I fix this?
I installed new AVG 8 and scaned whole comp, but it can not find any spyware. I cleanned the registry with CCleaner, too, but task manager still doesn’t work.
Registry editor doesn’t work either. When I: start/run/regedit, it also says: “Registry editing has been disabled by your administrator.”
How can I make “task manager” and “registry editor” works again?
Thanks.
Answer #1
yeah..i got this spyware dude..more specifically malware…
http://www.malwarebytes.org/
this one helped me..i got rid of it
Answer #2
use this
http://files.brothersoft.com/security/anti_virus/RRT.exe
Answer #3
thank you, people, i’ll try these.
Answer #4
Hello. Follow my instructions very carefully
I need a Combofix log to start off

• Disable your current antivirus or any other guards you might have
• Download ComboFix from the link below and save it to your Desktop
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Exit all running applications and run ComboFix
• Agree to it’s terms. Let it install the recovery console etc. It will do a series of scans. Do not click anywhere or do anything till it finishes as it might cause it to stall
• It might reboot your PC. In any case it will come back with log (a text file)
• Copy/paste the contents of the log inside a [code] box so I can give further instructions. This step is important

Good luck
Answer #5
yes….i forgot about combofix….
Answer #6
I had the same thing,
Spybot S&D fixed it for me.
But follow ^|^’s instructions for now…
Answer #7
Open a notepad and paste this code. Then save it as abc.vbs
Option Explicit
'Declare variables
Dim WSHShell, n, MyBox, p, t, mustboot, errnum, vers
Dim enab, disab, jobfunc, itemtype
Set WSHShell = WScript.CreateObject("WScript.Shell")
p = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"
p = p & "DisableRegistryTools"
itemtype = "REG_DWORD"
mustboot = "Log off and back on, or restart your pc to" & vbCR & "effect the changes"
enab = "ENABLED"
disab = "DISABLED"
jobfunc = "Registry Editing Tools are now "
'This section tries to read the registry key value. If not present an 'error is generated.  Normal error return should be 0 if value is 'present
t = "Confirmation"
Err.Clear
On Error Resume Next
n = WSHShell.RegRead (p)
On Error Goto 0
errnum = Err.Number
if errnum <> 0 then
'Create the registry key value for DisableRegistryTools with value 0
   WSHShell.RegWrite p, 0, itemtype
End If
'If the key is present, or was created, it is toggled
'Confirmations can be disabled by commenting out 'the two MyBox lines below
If n = 0 Then
   n = 1
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & disab & vbCR & mustboot, 4096, t)
ElseIf n = 1 then
   n = 0
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & enab & vbCR & mustboot, 4096, t)
End If

Double click this file and click on yes.
This file ^^ here enables registry editing.
after doing this, create another file and save this code there- as abc.reg

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"**del.DisableTaskMgr"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DisableCAD"=dword:00000000

Double click on this file^^. It enables task manager.
Enjoy!
Answer #8
Reg edit works, TaskManager works again! Thanks people!
but now I have another problem:
I guess it happend when the malware changed my desktop background.
When I right click on desktop/properties and in dialog “display properties” – desktop tab, the background option with all wallpapers in the list (ascent, autumn, azul, bliss…) is freezed and I can not select any of the background files in the list to change my desktop background.
I can only change the background when I select a jpg file and then with option “set as desktop background”
How can I fix/unfreeze this list?
Thanks.
Answer #9
Can you please follow the instructions above ^
Answer #10
Here is the ComboFix.txt file:

[code]ComboFix 08-10-29.04 - 2008-10-30 20:54:13.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.297 [GMT 1:00]
Running from: C:\Documents and Settings\\Desktop\ComboFix.exe
 * Created a new restore point
 * Resident AV is active
.
(((((((((((((((((((((((((   Files Created from 2008-09-28 to 2008-10-30  )))))))))))))))))))))))))))))))
.
2008-10-28 20:15 . 2008-10-28 20:15   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 20:15 . 2008-10-28 20:15   <DIR>   d--------   C:\Documents and Settings\\Application Data\Malwarebytes
2008-10-28 20:15 . 2008-10-28 20:15   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-28 20:15 . 2008-10-22 16:10   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-28 20:15 . 2008-10-22 16:10   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-10-28 19:44 . 2008-10-28 19:44   16,244   --a------   C:\WINDOWS\system32\rrt_is.wav
2008-10-28 19:44 . 2008-10-28 19:44   7,302   --a------   C:\WINDOWS\system32\rrt_vf.wav
2008-10-28 19:44 . 2008-10-28 19:44   7,148   --a------   C:\WINDOWS\system32\rrt_tv.wav
2008-10-28 19:44 . 2008-10-28 19:44   6,282   --a------   C:\WINDOWS\system32\rrt_tn.wav
2008-10-27 16:11 . 2008-10-27 16:11   <DIR>   d--h-----   C:\$AVG8.VAULT$
2008-10-27 16:06 . 2008-10-27 16:06   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-10-27 16:06 . 2008-10-27 16:06   <DIR>   d--------   C:\Program Files\AVG
2008-10-27 16:06 . 2008-10-27 16:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-10-27 16:06 . 2008-10-27 16:06   97,928   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-27 16:06 . 2008-10-27 16:06   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-27 16:06 . 2008-10-27 16:06   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-10-27 15:51 . 2008-10-27 15:51   <DIR>   d--h-----   C:\WINDOWS\system32\GroupPolicy
2008-10-27 15:46 . 2008-10-27 15:46   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 21:27 . 2001-08-17 22:36   99,328   --a------   C:\WINDOWS\system32\srusd.dll
2008-10-26 21:27 . 2001-08-17 22:36   99,328   --a------   C:\WINDOWS\system32\dllcache\srusd.dll
2008-10-26 21:27 . 2001-08-17 22:36   71,680   --a------   C:\WINDOWS\system32\fnfilter.dll
2008-10-26 21:27 . 2001-08-17 22:36   71,680   --a------   C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-10-26 21:27 . 2001-08-17 13:53   6,784   --a------   C:\WINDOWS\system32\drivers\serscan.sys
2008-10-26 21:27 . 2001-08-17 13:53   6,784   --a------   C:\WINDOWS\system32\dllcache\serscan.sys
2008-09-25 15:16 . 2008-09-25 15:16   <DIR>   d--------   C:\Documents and Settings\\Application Data\PlayFirst
2008-09-25 15:16 . 2008-09-25 15:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-15 16:55 . 2008-09-15 23:22   78   --a------   C:\WINDOWS\system32\test.aok
2008-09-13 18:24 . 2008-09-13 18:24   <DIR>   d--------   C:\Program Files\CCleaner
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 20:49   82,380   ----a-w   C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-08-26 18:21   28,672   ----a-w   C:\WINDOWS\system32\Partizan.exe
2008-01-31 20:54   179,680   ----a-w   C:\Documents and Settings\\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-09-01 08:00  359040  7b11118b078b88f87183fe69eda43137   C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-01 09:00  215552  a77219a971029dc2fb683e8513713803   C:\WINDOWS\system32\termsrv.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-27 1234712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-07 77824]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-01 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-02-13 20:38 3032800 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-06-07 22:52 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-11 04:19 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18693:TCP"= 18693:TCP:NortonAV
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-27 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-27 76040]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-22 170640]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [2008-10-22 15504]
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2008-08-26 30946]
S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 65664]
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RRT-Auto - H:\TaskManager\Remove Restrictions Tool 4.8.0.1\Remove.Restrictions.Tool.4.8.0.1\RRT.exe
SharedTaskScheduler-IPC Configuration Utility - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 20:56:55
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ... scanning hidden autostart entries ...
scanning hidden files ... scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-30 20:58:31
ComboFix-quarantined-files.txt  2008-10-30 19:58:24
Pre-Run: 5.227.618.304 bytes free
Post-Run: 5,216,608,256 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MS Windows XP Professional - Radni" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="MS Windows XP Professional - Melod" /noexecute=optin /fastdetect
137   --- E O F ---   2008-02-16 12:38:51[/code]

How does this “code” work?
I checked the display properties dialog and now the background files in the list can be changed, but there are a lot of files there, I don’t remember I put them there. Can I reduce the list?
Waiting for further instruction!
Thanks
Answer #11
Sorry, I put a “code” word in the combofix.txt file by mistake… at the begining and in the end one:

ComboFix 08-10-29.04 - 2008-10-30 20:54:13.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.297 [GMT 1:00]
Running from: C:\Documents and Settings\\Desktop\ComboFix.exe
 * Created a new restore point
 * Resident AV is active
.
(((((((((((((((((((((((((   Files Created from 2008-09-28 to 2008-10-30  )))))))))))))))))))))))))))))))
.
2008-10-28 20:15 . 2008-10-28 20:15   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 20:15 . 2008-10-28 20:15   <DIR>   d--------   C:\Documents and Settings\\Application Data\Malwarebytes
2008-10-28 20:15 . 2008-10-28 20:15   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-28 20:15 . 2008-10-22 16:10   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-28 20:15 . 2008-10-22 16:10   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-10-28 19:44 . 2008-10-28 19:44   16,244   --a------   C:\WINDOWS\system32\rrt_is.wav
2008-10-28 19:44 . 2008-10-28 19:44   7,302   --a------   C:\WINDOWS\system32\rrt_vf.wav
2008-10-28 19:44 . 2008-10-28 19:44   7,148   --a------   C:\WINDOWS\system32\rrt_tv.wav
2008-10-28 19:44 . 2008-10-28 19:44   6,282   --a------   C:\WINDOWS\system32\rrt_tn.wav
2008-10-27 16:11 . 2008-10-27 16:11   <DIR>   d--h-----   C:\$AVG8.VAULT$
2008-10-27 16:06 . 2008-10-27 16:06   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-10-27 16:06 . 2008-10-27 16:06   <DIR>   d--------   C:\Program Files\AVG
2008-10-27 16:06 . 2008-10-27 16:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-10-27 16:06 . 2008-10-27 16:06   97,928   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-27 16:06 . 2008-10-27 16:06   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-27 16:06 . 2008-10-27 16:06   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-10-27 15:51 . 2008-10-27 15:51   <DIR>   d--h-----   C:\WINDOWS\system32\GroupPolicy
2008-10-27 15:46 . 2008-10-27 15:46   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 21:27 . 2001-08-17 22:36   99,328   --a------   C:\WINDOWS\system32\srusd.dll
2008-10-26 21:27 . 2001-08-17 22:36   99,328   --a------   C:\WINDOWS\system32\dllcache\srusd.dll
2008-10-26 21:27 . 2001-08-17 22:36   71,680   --a------   C:\WINDOWS\system32\fnfilter.dll
2008-10-26 21:27 . 2001-08-17 22:36   71,680   --a------   C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-10-26 21:27 . 2001-08-17 13:53   6,784   --a------   C:\WINDOWS\system32\drivers\serscan.sys
2008-10-26 21:27 . 2001-08-17 13:53   6,784   --a------   C:\WINDOWS\system32\dllcache\serscan.sys
2008-09-25 15:16 . 2008-09-25 15:16   <DIR>   d--------   C:\Documents and Settings\\Application Data\PlayFirst
2008-09-25 15:16 . 2008-09-25 15:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-15 16:55 . 2008-09-15 23:22   78   --a------   C:\WINDOWS\system32\test.aok
2008-09-13 18:24 . 2008-09-13 18:24   <DIR>   d--------   C:\Program Files\CCleaner
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 20:49   82,380   ----a-w   C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-08-26 18:21   28,672   ----a-w   C:\WINDOWS\system32\Partizan.exe
2008-01-31 20:54   179,680   ----a-w   C:\Documents and Settings\\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-09-01 08:00  359040  7b11118b078b88f87183fe69eda43137   C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-01 09:00  215552  a77219a971029dc2fb683e8513713803   C:\WINDOWS\system32\termsrv.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-27 1234712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-07 77824]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-01 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-02-13 20:38 3032800 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-06-07 22:52 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-11 04:19 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18693:TCP"= 18693:TCP:NortonAV
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-27 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-27 76040]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-22 170640]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [2008-10-22 15504]
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2008-08-26 30946]
S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 65664]
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RRT-Auto - H:\TaskManager\Remove Restrictions Tool 4.8.0.1\Remove.Restrictions.Tool.4.8.0.1\RRT.exe
SharedTaskScheduler-IPC Configuration Utility - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 20:56:55
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ... scanning hidden autostart entries ...
scanning hidden files ... scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-30 20:58:31
ComboFix-quarantined-files.txt  2008-10-30 19:58:24
Pre-Run: 5.227.618.304 bytes free
Post-Run: 5,216,608,256 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MS Windows XP Professional - Radni" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="MS Windows XP Professional - Melod" /noexecute=optin /fastdetect
137   --- E O F ---   2008-02-16 12:38:51

here it is!
Answer #12
Does Task Manager work now?
I need you to do something for me
Run > regedit
Navigate to these keys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\System
Take a screenshot of the right hand pane for all of those keys and post them here.
Answer #13
Hello ^|^, .
, do this instead, it will do exactly what ^|^ wants, but it will keep your next post shorter and easier to read.

• Now open a new notepad file.
• Input this into the notepad file:
  
regedit /e peek1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer"
regedit /e peek2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\System"
regedit /e peek3.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer"
regedit /e peek4.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\System"
type peek1.txt >> look.txt
type peek2.txt >> look.txt
type peek3.txt >> look.txt
type peek4.txt >> look.txt
del peek*.txt
del look.bat
start notepad look.txt



• Save this as look.bat, save it to your desktop.
• Double click look.bat to run it.
• A black cmd window will open a close, then open a look.txt, paste this in your reply.

Answer #14
^|^,
Both TaskManager and RegEdit work, also DisplayProperties/Desktop/Background list works, but there are a lot of photos in the list.
Here is look.txt:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000e3
"NoDrives"=dword:00000000
"NoDriveAutoRun"=dword:03ffffff
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer\Run]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer]
"NoDrives"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer\run]
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\System]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"HideStartupScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000

Hope, this helps!
Answer #15
By the way, I noticed in “System Configuration Utility”/ win.ini some softwares (e.g. autodata cd) which I thought I deleted; and in “start up” acrotray, babylon, qttask (unchecked). Do they have to be there?
Also, have some “partizan” left which is shown while starting windows, I used it to delete something called adober!
Maybe, they caused this?
Thanks
Answer #16
Can you give a screenshot of those desktop entries you’re mentioning?
Answer #17
What is screenshot?
Answer #18
How do I give a screenshot?
start/run/msconfig
System Configuration Utility
“win.ini” tab & “start up” tab has some items (esiwin instal, autodata cd), I don’t know what are they for?
Answer #19
win.ini has been used in the past to load droppers of malware. Looking back at your CF log, I see RavAV, part of AdobeR.exe virus, it’s a flash drive infection.
Have you used any external drives/Ipods?
bochke, I need you to unhide protected operating system files.

To Unhide Files and folders:
• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
  Under the Hidden files and folders heading deselect “Hide protected operating system files (Recommended)”

• Check the “Show hidden files and folders” option.
• Hit the “Apply To All Folders” option.
• Click Yes to confirm. Click OK.

Is there any autorun.inf file in the root of your C:\ drive [and if you have a D drive, check that too]
Navigate to this file in bold.
C:\Windows\win.ini
Open it in notepad, copy and paste everything inside it back here. (do not modify anything)
Answer #20
Ah. Those are just startup entries. They’re harmless but can bog down the system. Let’s see if we can do something about it
Download HiJackThis from the link below
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Run it, select scan system and make log file
Copy/paste that log file here
Answer #21
i think u got NoooH virus
when u opean the PC u will have a message its tell u try to opean the task manger and the titel of the message its will shown NoooH



u can remove it buy doing that
start ur PC at save mode by click F5 or F8 when u start the OS
and then show the hidden files and remove the right which shown at (Hide protected operating system files recommend )
tack care when u open any driver from ur drivers click right click and choose open never double click on the virus shown at E:\Sys
them
u click right click at the c drive and choose open then go to C:\WINDOWS\Web
and delete the system file which named Sys
then go to all driver and right click and open and delete autorun and Sys file
make restart to ur PC
open run command  and wright gpedit.msc
User config
administrative templates
System
Ctrl +Alt+Del options
disable
go back and choose prevent access to registry editing tools
and choose Not configured  
Hope its help u
Answer #22
My comp is slower now, when I start windows… it does something over a minute before red light (hard disk) stops lighting… and then it’s “normal”… this usually lasts shorter…
I have an external HD, but haven’t used it for a while (long before malware), but I use flash memory often (by the way, when I insert flash in usb it doesn’t autoplay anymore). Can I delete RavAV?
autorun.inf file does not exist in the root of any of my drives.
Here is “win.ini”:
(can I delete that row with: “;msconfig AUTODATAPATH=C:\ADCDA2”)

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
[ESIWIN INSTALL]
;msconfig AUTODATAPATH=C:\ADCDA2
[AUTODATA CD]
;msconfig PATH=C:\ADCDA2
[IRIS_IPE]
menu=1
[MSUCE]
Advanced=1
CodePage=Unicode
Font=France YU
[netsock]
netapi.dll-UVU-MMVOYBMFEB-b41=23986742

^|^, when I start the system, i had two OS to chose, now there is the third one “Microsoft Windows Recovery Console”. I think this one came with one of the programs you gave me to run (combofix, or when I made a “look.txt” file). Can someone use these “codes” i’m sending you, to influence on my comp?
There is still that “RegRun Partizan – Bootwatch Antirootkit” when I start windows! I used it before to remove adober.
here is hijackthis.log:
(should I use “fix” button. I just made a log file)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:02, on 02/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
--
End of file - 4729 bytes

, sorry but i’m not sure i can follow you… my task manager works…
I don’t have any messages (noooh) when I start my PS. And there is no “sys” file in the Web folder!
Answer #23
I have an external HD, but haven't used it for a while (long before malware), but I use flash memory often (by the way, when I insert flash in usb it doesn't autoplay anymore). Can I delete RavAV?
Sure. Autoplay on USB’s is better left disabled as autorun viruses from USB drives is one of the most common ways of getting yourself infected. I actually recommend keeping something like Davis Flash Guard on your PC if you use a lot of removable drives
My comp is slower now, when I start windows... it does something over a minute before red light (hard disk) stops lighting... and then it's "normal"... this usually lasts shorter...
That’s a bug with Windows. Not due to a virus. Can you disable your network adapter and reboot. If it starts up faster then that bug will be confirmed
You have very little processes running. The PC is still slow? I can’t find a reason for it.
Answer #24
How do I disable my network adapter?
is there a way to remove a “Microsoft Windows Recovery Console” from the boot list?
Answer #25
How do I disable my network adapter?
go into computer mangement >> device manager>> from the drop down list, open up network adaptors and right click>>disable it. is there a way to remove a "Microsoft Windows Recovery Console" from the boot list?
Yes there is. Go to tools in my computer>>folder options then select show hidden files and folders. Now go into C drive, copy the boot.ini to another location (for back-up) and then go back to C drive. Open up boot.ini with notepad and remove this line from it:
C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons
Answer #26
I disabled all of my network adapters (6 of them) and I guess it’s not slow for that long anymore (it used to be slow for a minute or two after starting windows and then works normal – maybe because of AVG) . Should I enable them back? What are they used for?
I have 27 processes running when windows starts!
Anyway, thank you, people, for your help.
TaskManager and RegEditor work.
thanks.
Cheers!
Answer #27
That slowing down of the network adapters thing has plagued me for years as well. To this day I really can’t find a solution to that. It just occurs out of nowhere. Only happens on XP though never on Vista
Answer #28
Thanks anyway
All I need works now fine
I was just wondering if i should enable them again?
Answer #29
If you enable them again it might slow down again. Check and see