Another About:Blank victim
-
Another About:Blank victim
Hello all!
Thank you for your time.
My home page has been hiacked by about:Blank, I have tried to use AboutBuster but it keeps having errors, ran HijackThis and got the following log readout
Logfile of HijackThis v1.97.7
Scan saved at 11:36:42, on 24/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\wanadoo\wanadooconnectionkit\atdialler1.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Aladdin Systems\Internet Cleanup\ONICTASK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\Program Files\Aladdin Systems\Internet Cleanup\ic3hlpr.dll
O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\Program Files\Aladdin Systems\Internet Cleanup\PopFiltr.dll
O2 - BHO: (no name) - {28F14756-A29D-4C44-B99A-B4F9097BD345} - C:\WINDOWS\System32\nhioab.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: IC Task Manager.lnk = C:\Program Files\Aladdin Systems\Internet Cleanup\ONICTASK.exe
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\wanadoo\wanadooconnectionkit\atdialler1.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: IC 3.0 (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MUSICMATCH MX Web Player (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:C:\dimitxx.chm::/on-line.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E890907-B687-4485-9401-8334783C4656}: NameServer = 195.92.195.95 195.92.195.94
Bit of a long one. What do I check to delete?
Thank you again for your time and any other ideas would be great, thanks!
CP
-
Hiya,
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {28F14756-A29D-4C44-B99A-B4F9097BD345} - C:\WINDOWS\System32\nhioab.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:C:\dimitxx.chm::/on-line.exe
Click Fix Checked
Then follow these instructions please:
Copy the contents of the bold text to Notepad.
Name the file Appinit.bat
Save as type All Files
Save on the Desktop.
Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt
Double click on Appinit.bat
This will create a file on the desktop named windows.txt
Copy and paste your Windows.txt file hin a new reply here
-
Sorry didn't understand all of what you said there, but fixed those checked items and rescanned with the following results
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\Program Files\Aladdin Systems\Internet Cleanup\ic3hlpr.dll
O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\Program Files\Aladdin Systems\Internet Cleanup\PopFiltr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: IC Task Manager.lnk = C:\Program Files\Aladdin Systems\Internet Cleanup\ONICTASK.exe
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\wanadoo\wanadooconnectionkit\atdialler1.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: IC 3.0 (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MUSICMATCH MX Web Player (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
There was no bold text, all was in the same case, and what does Reg save mean? Sorry, new to all this!
Thanks again
CP
-
Updated HijackThis to newest version and get the following log
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\Program Files\Aladdin Systems\Internet Cleanup\ic3hlpr.dll
O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\Program Files\Aladdin Systems\Internet Cleanup\PopFiltr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: IC Task Manager.lnk = C:\Program Files\Aladdin Systems\Internet Cleanup\ONICTASK.exe
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\wanadoo\wanadooconnectionkit\atdialler1.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: IC 3.0 (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MUSICMATCH MX Web Player (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
If that helps any!
Thanks again
CP
-
You have misunderstood the instructions. The Regsave bit in bold is the bold text you need to copy to notepad.
-
Right I understand you!
Following those instructions I get
regf� � � � � � � Pugf hbin � nk, p�'S� � � x 0 � 0 0 � Windows �sk
Looks liker giberish to me! But thats what I get, what does it mean?!
Thanks
CP
-
Could you try again. Make sure you copy and paste everything in bold in the previous post.
-
Sorry for the delay in responding, but heres everything
regf� � � � � � � 6� 6� 6� n6� \6� H6� 46� $6� �6� �6� 5� 5� 5� 5� 5� 5� 5� 5� :4� *4� �4� �4� 3� 3� 3� 3� *3� 3� |3� j3� Z3� J3� 83� (3� �3� 2� 2� 2� 2� 2� 2� 2� 2� x2� ^2� H2� .2� �2� 1� 1� 1� 1� 1� 1� 1� 1� 1� l1� ^1� R1� D1� 81� ,1� �1�
1� 0� 0� 0� 0� 0� 0� 0� 0� 0� p0� `0� N0� B0� &0� �0� �0� /� /� /� /� /� /� d/� *2� 8� 8� 8� 6� 6� 6� 6� �7� �7� `gf hbin � (e�� �
�@ �q@ nk, p�'S� � � x 0 � 0 0 � Windows �sk@Ax x � � � � � � �� � � �� � !� �� �� � !� �� ? � �� � � �� ��� � � �� ? � �� �� �� ��� �� �� ��� � �� � � �� �� @@B@vk� � � � fAppInit_DLLs֍G� h� vk� � � � � UDeviceNotSelectedTimeout1 5 � (�� 9 0 � =tvk� � �' � � �zGDIProcessHandleQuota"�vk� � 8� � � Spooler2y e s
_� h� � � �� `� vk� � � � �5swapdiskvk� � � � � . TransmissionRetryTimeouth� � � �� `� � � vk� � �' � � b USERProcessHandleQuota3
IMSPLib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL @@ +@ .?AUIMsgrIMSessions@@ +@ .?AV?$IDispatchImpl@UIMsgrIMSessions@@$1?IID_IMsgr IMSessions@@3U_GUID@@B$1?LIBID_RTCIMSPLib@@3U3@B$0 0$0A@VCComTypeInfoHolder@ATL@@@ATL@@ +@ .?AUIMsgrRTC@@ +@ .?AV?$IDispatchImpl@UIMsgrRTC@@$1?IID_IMsgrRTC@@3U _GUID@@B$1?LIBID_RTCIMSPLib@@3U3@B$00$0A@VCComType InfoHolder@ATL@@@ATL@@ +@ .?AUIUnknown@@ +@ .?AUIDispatch@@ +@ .?AUIMsgrService@@ +@ .?AUIMsgrSP@@ +@ .?AUIMsgrSP2@@ +@ .?AUIIMPrivSP@@ +@ .?AV?$IDispatchImpl@UIIMPrivSP@@$1?IID_IIMPrivSP@@ 3U_GUID@@B$1?LIBID_RTCIMSPLib@@3U3@B$00$0A@VCComTy peInfoHolder@ATL@@@ATL@@ +@ .?AVCRTCIMService@@ +@ .?AV?$CComContainedObject@VCRTCIMService@@@ATL@@ +@ .?AV?$CComObject@VCRTCIMService@@@ATL@@ +@ .?AV?$CComAggObject@VCRTCIMService@@@ATL@@ +@ .?AV?$CComObjectRootEx@VCComMultiThreadModel@ATL@@ @ATL@@ +@ .?AUIClassFactory@@ +@ .?AVCComClassFactory@ATL@@ +@ .?AV?$CComObjectNoLock@VCComClassFactory@ATL@@@ATL @@ �@ �@ � T�@ �@ � 4�@ �@ � �@ �@ � +@ .?AUIEnumConnectionPoints@@ +@ .?AV?$CComEnumImpl@UIEnumConnectionPoints@@$1?IID_ IEnumConnectionPoints@@3U_GUID@@BPAUIConnectionPoi nt@@V?$_CopyInterface@UIConnectionPoint@@@ATL@@@AT L@@ +@ .?AV?$CComEnum@UIEnumConnectionPoints@@$1?IID_IEnu mConnectionPoints@@3U_GUID@@BPAUIConnectionPoint@@ V?$_CopyInterface@UIConnectionPoint@@@ATL@@VCComSi ngleThreadModel@6@@ATL@@ +@ .?AV?$CComObject@V?$CComEnum@UIEnumConnectionPoint s@@$1?IID_IEnumConnectionPoints@@3U_GUID@@BPAUICon nectionPoint@@V?$_CopyInterface@UIConnectionPoint@ @@ATL@@VCComSingleThreadModel@6@@ATL@@@ATL@@ +@ .?AUIEnumConnections@@ +@ .?AV?$CComEnumImpl@UIEnumConnections@@$1?IID_IEnum Connections@@3U_GUID@@BUtagCONNECTDATA@@V?$_Copy@U tagCONNECTDATA@@@ATL@@@ATL@@ +@ .?AV?$CComEnum@UIEnumConnections@@$1?IID_IEnumConn ections@@3U_GUID@@BUtagCONNECTDATA@@V?$_Copy@UtagC ONNECTDATA@@@ATL@@VCComSingleThreadModel@6@@ATL@@ +@ .?AV?$CComObject@V?$CComEnum@UIEnumConnections@@$1 ?IID_IEnumConnections@@3U_GUID@@BUtagCONNECTDATA@@ V?$_Copy@UtagCONNECTDATA@@@ATL@@VCComSingleThreadM odel@6@@ATL@@@ATL@@ �@ �@ �@ �@ |�@ p�@ �@ �@ �@ +@ .?AUIIMContacts@@ +@ .?AV?$IDispatchImpl@UIIMContacts@@$1?IID_IIMContac ts@@3U_GUID@@B$1?LIBID_RTCIMSPLib@@3U3@B$00$0A@VCC omTypeInfoHolder@ATL@@@ATL@@ +@ .?AUIMsgrUsers@@ +@ .?AV?$IDispatchImpl@UIMsgrUsers@@$1?IID_IMsgrUsers @@3U_GUID@@B$1?LIBID_RTCIMSPLib@@3U3@B$00$0A@VCCom TypeInfoHolder@ATL@@@ATL@@ +@ .?AVCRTCIMUsers@@ +@ .?AV?$CComObject@VCRTCIMUsers@@@ATL@@ +@ .?AUIRTCEventNotification@@ +@ .?AVCRTC(hH^� lh(hH^(hH^(hH^� lhL.�(hL.�X.� P.�%-�J^<.�(hH^� (hH^� lh (h .�*.� 30h� @c@hpGdH^,hhGdt fpGd Hcbe.�PI^�� � *&Vj pGd pGd�� � *&V T@>e I^1hH^H^V?$_Copy@UtagVARIANT@@@ATL@@VCComS ingleThreadModel@6@@ATL@@@ATL@@ ��@ �@ � �@ �@ �
Still looks like gibberish to me!
Thanks again
CP
Newbie
