Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DrWatson Post Debug HELP PLEASE [resolved]


  • This topic is locked This topic is locked

#16
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Sorry about that, try this link:

http://cleanup.stevengould.org/

Click on "Download Cleanup! now"

Michelle :tazz:
  • 0

Advertisements


#17
ETHEKZ

ETHEKZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Okay here is the log for you. Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 7:05:59 AM, on 3/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\BMUpdate.exe
C:\Documents and Settings\Maria Cortez\Desktop\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Spy Watcher] "C:\Program Files\Spy Cleaner Gold Trial\SpyWatcher.exe" -S
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {FA59B1EC-89C2-44D8-BA0F-D6B47DAC71C8} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://streak.fimc.n...va/cfs31229.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://streak.fimc.n...va/cfs31235.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://streak.fimc.n...va/cfs40320.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094233807442
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Perllhruswi - VSO Software - (no file)
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#18
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Right click on your desktop. Go to New > Folder - click on it. Name the folder HJT, find your HiJackThis.exe on the desktop, right click on it and go to Cut. Go into the HJT folder you just made and paste it into it.

Run HiJackThis and put a check next to the following items, then click "FIX CHECKED"

R3 - Default URLSearchHook is missing
O23 - Service: Perllhruswi - VSO Software - (no file)


Close HiJack This.

Do you use this: ChatSpace Full Java Client?

Download the Hoster from here http://members.aol.c...bee/hoster.zip. Press "Restore Original Hosts" and press "OK". Exit Program.

Please run this online virus scan:
ActiveScan

Copy and paste the results of Activescan into this thread along with a new HiJackThis log.


Michelle :tazz:
  • 0

#19
ETHEKZ

ETHEKZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Okay here we go and You have been so much help I can tell the difference already.

Logfile of HijackThis v1.99.1
Scan saved at 2:01:17 PM, on 3/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Maria Cortez\Desktop\HJT\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Spy Watcher] "C:\Program Files\Spy Cleaner Gold Trial\SpyWatcher.exe" -S
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {FA59B1EC-89C2-44D8-BA0F-D6B47DAC71C8} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://streak.fimc.n...va/cfs31229.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://streak.fimc.n...va/cfs31235.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://streak.fimc.n...va/cfs40320.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094233807442
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Perllhruswi - VSO Software - (no file)
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Here is the activescan


Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\SearchUpgrader
Adware:Adware/WinTools No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.???
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:Adware/MoeMoney No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Maria Cortez\Favorites\Sites about\Ab scissor.url
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking
Adware:Adware/BrilliantDigitalNo disinfected C:\Program Files\Kazaa\bdcore.dll.updpnd
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay\myBar\5.bin\MY2NS.EXE
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay\myBar\5.bin\NPMYWAY.DLL
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addei32.exe
Adware:Adware/EasySearch No disinfected C:\WINDOWS\agqhu.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\crfb.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\system32\auunb.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\system32\cietw.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\system32\fucax.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\javayo32.exe
Adware:Adware/EasySearch No disinfected C:\WINDOWS\system32\reqij.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\system32\ribqx.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\system32\umkjo.dll
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\uodma.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\zbvyl.dll
  • 0

#20
ETHEKZ

ETHEKZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Just a note, My Anti Virus is turned off and not allow me to enable any chance this is related to anything I have done? Sorry so many questions
  • 0

#21
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You haven't fixed anything that would cause Norton to disable. I'm going to have you download a program shortly to kill off those files that Activescan found, then we'll check a few things to make sure the Norton files are where they are supposed to be. BTW, what version of Norton do you have?

Michelle :tazz:
  • 0

#22
ETHEKZ

ETHEKZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Norton Anti Virus 2004

Thanks
  • 0

#23
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Click Here to download Killbox.

*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the items listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure!):

C:\Program Files\Kazaa\bdcore.dll.updpnd
C:\Program Files\MyWay\myBar\5.bin\MY2NS.EXE
C:\Program Files\MyWay\myBar\5.bin\NPMYWAY.DLL
C:\WINDOWS\addei32.exe
C:\WINDOWS\agqhu.dll
C:\WINDOWS\crfb.dll
C:\WINDOWS\inf\alchem.inf
C:\WINDOWS\system32\auunb.dll
C:\WINDOWS\system32\cietw.dll
C:\WINDOWS\system32\fucax.dll
C:\WINDOWS\system32\javayo32.exe
C:\WINDOWS\system32\reqij.dll
C:\WINDOWS\system32\ribqx.dll
C:\WINDOWS\system32\umkjo.dll
C:\WINDOWS\uodma.dll
C:\WINDOWS\zbvyl.dll
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\alchem.???


Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to DELETE ON REBOOT press YES, when it asks if you want to REBOOT NOW press the NO button, until you have entered the very last file path then click YES on both prompts.

Then I need you to reboot in Safe Mode. IMPORTANT: be sure you're able to view hidden files. Use Windows Explorer and navigate to these folders and delete them:

C:\Program Files\MyWay
C:\Program Files\Kazaa
C:\WINDOWS\system32\P2P Networking
C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools
C:\Program Files\Common Files\SearchUpgrader

Reboot in normal mode. Then we will see about fixing Norton if you're still having problems. Can you not turn on auto-protect?

Michelle :tazz:
  • 0

#24
ETHEKZ

ETHEKZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Okay I will try right away. A silly questions how do I know if I am able to view hidden files? Is there a box to check in order to do so?
  • 0

#25
ETHEKZ

ETHEKZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I get this message trying to download off of the link

VirtuaNews Message
You do not have permission to do this action. If you think you should do, please contact the webmaster.
  • 0

Advertisements


#26
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
The link to VIEW HIDDEN FILES.

Then try this link to download Killbox:
http://www.bleepingc...les/killbox.php

And I found out the problem with Norton!

Michelle :tazz:
  • 0

#27
ETHEKZ

ETHEKZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Okay I got the link and I have the info to view files. I will try it all now and I am glad to hear about Norton. Be right back
  • 0

#28
ETHEKZ

ETHEKZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
okay I followed as you told. FYI Norton still not allowing me to enabled.
  • 0

#29
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
First we need to check to see if the Norton file is in startup:

*Go to Start > Run - Type msconfig click OK
*Under the General tab make sure "Normal Startup" is checked.
*Click on the Startup tab, scroll down and look for the Startup item "ccApp". If it's there, then make sure there is a checkmark by it. If it is not there, then we will manually add this file back into the registry (I will tell you step by step exactly how to do this).

Michelle :tazz:
  • 0

#30
ETHEKZ

ETHEKZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Okay I was not able to locate "ccApp" at all.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP