Gerdybug
@client.bresna
|  reply to CalamityJane
aproposfix
THANKS!!!! Seem to fix Mine... Here is log!
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\Dad\Desktop\Fix\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\CvXg3A2rgj35]
@="iZiB065IJJIJJKJ05Bs40IJJIYLJsejZksoJAGAB 4POJz90D 9AJ4\\.7y78KAGA"
"Device"="\\\\.\\intWmi"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\mfgpcpq.sys"
"DriverName"="MDMtion"
"HideUninstallerName"="C:\\Program Files\\Ado labs\\dsielnet.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\typprbda.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7F057F8C-A2D1-437D-B991-88B72401B16D}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\gdiigtab.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X215fc60-83ef-3b13-e7cc-225b721a6f76}"
"PageFiltering"=dword:00000001
"CrMnTmt"=dword:0036ee80
************
Removing hidden service:
Service MDMtion removed.
Removing hidden folder:
Deleting files:
Deletion of file C:\WINDOWS\system32\drivers\mfgpcpq.sys succeeded!
Deletion of file C:\WINDOWS\system32\mripdmoe.exe succeeded!
Deletion of file C:\WINDOWS\system32\gdiigtab.dll succeeded!
Deletion of file C:\WINDOWS\system32\typprbda.exe succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\CvXg3A2rgj35]
[-HKEY_LOCAL_MACHINE\Software\CvXg3A2rgj35]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F057F8C-A2D1-437D-B991-88B72401B16D}]
Done!
Finished! |
|
youareallgods
@awcable.com
| Thank you sooooo much. This fixed the blank device manager, no network connections, hoards of pop-ups popping up, annoying taskbar toolbars, my system32 folder being hidden no matter what, my windowblinds settings being lost every time I restart, and countless other. You are gods.
.:LOG:.
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\Sean\Desktop\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\CoVWmABEYf83]
@="kRCzmnnWXXWXXYXzmsox0wWXXWmZX2sxny2.XOUOPAIdcX9NERANOX9NIQO79YOUO"
"Device"="\\\\.\\PCIENUM"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\drmusbd.sys"
"DriverName"="AvgPCDD"
"HideUninstallerName"="C:\\Program Files\\Liminrar\\wmsctrac.exe"
"HDll"="C:\\WINDOWS\\system32\\srsdw400.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.LAV"
"InstallationId"="{Xceb6e3b-ec8a-58ac-5fea-24326c194983}"
"PageFiltering"=dword:00000001
"CrMnTmt"=dword:0036ee80
"ClientName"="C:\\Program Files\\Liminrar\\opelhtml.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\jgscfgnt.exe"
"Version"="2.0.128"
************
Removing hidden service:
Service AvgPCDD removed.
Removing hidden folder:
Deletion of folder Liminrar succeeded!
Deleting files:
Deletion of file C:\WINDOWS\system32\drivers\drmusbd.sys succeeded!
Deletion of file C:\WINDOWS\system32\jgscfgnt.exe succeeded!
Deletion of file C:\WINDOWS\system32\srsdw400.dll succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\CoVWmABEYf83]
[-HKEY_LOCAL_MACHINE\Software\CoVWmABEYf83]
Done!
Finished!
And again thank you all soooooo much. |
|
h00ch
@cgocable.net
| I tried this, but there were no entries in the log. I still cannot see anything in the Device Manager or Network Connecgtions dialog. Can someone suggest something else to try? I've been searching the web trying everything I find, but even this does not work!  |
|
smileatus
@Dial1.Atl
| Worked great! I tried two other fixes I found on other forums: Making sure the Plug and Play service was running; and setting the permissions for the Enum registry entry, but neither got my Device Manager back. However aproposfix did the trick. Here is the log:
Log of AproposFix v1
************
Running from directory:
C:\_Rick\Fix\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\C7XXtAGsMVn5]
@="wNT2s\\2abbabbcb6INROXYabbaqdb6w\\\\3bSYSTEMhgbDRIVERSbKBDREAMScSYS"
"Device"="\\\\.\\Winroxy"
"DriverPath"="C:\\WINNT\\system32\\drivers\\kbdreams.sys"
"DriverName"="IntSENS"
"HideUninstallerName"="C:\\Program Files\\Qui star\\rex00133.exe"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.GH2"
"InstallationId"="{Xc932d82-081e-1297-1588-6e2ed72e8e3d}"
"PageFiltering"=dword:00000002
"ClientName"="C:\\Program Files\\Qui star\\gpttpqfe.exe"
"AutoUpdater"="C:\\WINNT\\system32\\ddmernat.exe"
"Version"="2.0.128"
"CrMnTmt"=dword:0036ee80
************
Removing hidden service:
Service IntSENS removed.
Removing hidden folder:
Deleting files:
Deletion of file C:\WINNT\system32\drivers\kbdreams.sys succeeded!
Deletion of file C:\WINNT\system32\ddmernat.exe succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\C7XXtAGsMVn5]
[-HKEY_LOCAL_MACHINE\Software\C7XXtAGsMVn5]
Done!
Finished! |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| smileatus, that's what you had. Fixed now 
This line:
"ServerAddress"="adchannel.contextplus.net"
And this line (random named folder in Program files):
C:\\Program Files\\Qui star
Clear signs of the Apropos Adware with Rootkit that this fix was designed for. Your log looks good and you should be ok now.
Ya'll can thank Swandog46 for this fix - he wrote it
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
