Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help - Many Popups [RESOLVED]


  • This topic is locked This topic is locked

#46
Flagler23

Flagler23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
aight heres the lastest. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:05:15 PM, on 7/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\JP Clark\Desktop\Clean Up\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113958217972
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#47
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Halleluja :tazz:

Ok, for good measure, please reboot one more time then post a new HiJackThis log. ;)

And let me know if you're having any other problems ;)
  • 0

#48
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Does your desktop still say system stopped?
  • 0

#49
Flagler23

Flagler23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
yah my system still says system stopped. thanks


Logfile of HijackThis v1.99.1
Scan saved at 7:13:34 PM, on 7/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\JP Clark\Desktop\Clean Up\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113958217972
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#50
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go to Start > Control Panel > Add or Remove Programs and remove the following, if found (don't worry if you don't find it!):

SpySheriff

Exit Add or Remove Programs.

Delete the following, in bold, if found:

C:\Documents and Settings\user account\Start Menu\Programs\SpySheriff <-whole folder
C:\Documents and Settings\user account\Application Data\Install.dat
C:\Program Files\SpySheriff <-whole folder
C:\Windows\Desktop.html
C:\winstall.exe

*NOTE* user account is not the actual name of that folder. The name of that folder will be the name of your computer profile.

RIGHT-CLICK HERE and go to Save As (in IE it's "Save Target As") in order to download the smitfraud reg to your desktop.

Double-click smitfraud.reg on your desktop. When asked if you want to merge with the registry click YES.

After the merged successfully prompt, Reboot your computer.

You should be able to change your desktop back to normal now.

Edited by bananafanafo, 06 July 2005 - 05:19 PM.

  • 0

#51
Flagler23

Flagler23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
yah u got it. the screen is gone and now i can change it. the desktop is fixed. nice job!! thanks
  • 0

#52
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
There is couple more program I would like to you to run :tazz:

Please download and follow these instructions for setting up and running Ad-Aware SE 1.06:
Ad-Aware SE Setup (if you already have Ad-Aware 1.06, please update to the latest definitions then set the program up per the instructions on the page).

After Ad-Aware has been run and everything found has been removed, please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.
  • 0

#53
Flagler23

Flagler23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
thanks here you go.

started Scanning
Internet Cookies
Found 'atwola.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'cliks.org' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'go.com' in 'Internet Explorer Cache'
Found 'offeroptimizer.com' in 'Internet Explorer Cache'
Found 'abetterinternet.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\P2P Networking\Clients'
Found 'Tmp' in 'Software\Kazaa'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'SOFTWARE\MBKWBar'
Found '' in 'SOFTWARE\Media Access'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'NextInstance' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'conc' in 'Software\Microsoft\Internet Explorer\Main'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'SOFTWARE\Classes\ZToolbar.StockBar.1\CLSID'
Found '' in 'SOFTWARE\Classes\ZToolbar.StockBar.1'
Found '' in 'SOFTWARE\Classes\ZToolbar.ParamWr.1\CLSID'
Found '' in 'SOFTWARE\Classes\ZToolbar.ParamWr.1'
Found '' in 'SOFTWARE\Classes\ZToolbar.activator.1\CLSID'
Found '' in 'SOFTWARE\Classes\ZToolbar.activator.1'
Found '' in 'SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}'
Found '' in 'SOFTWARE\Classes\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\Control'
Found '' in 'SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}'
Found '' in 'SOFTWARE\Classes\EPXACTIVEX.EPXActiveXCtrl.1'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX'
Found '' in 'Software\PaciSoft'
Found '' in 'Interface\{5FF31463-6856-4604-BEE9-D84C92F60BA4}'
Found '' in 'SOFTWARE\Classes\Interface\{5FF31463-6856-4604-BEE9-D84C92F60BA4}'
Found '' in 'TypeLib\{5530D356-0063-41B9-B20D-E9D799E8D907}'
Found '' in 'SOFTWARE\Classes\TypeLib\{5530D356-0063-41B9-B20D-E9D799E8D907}'
Found '' in 'Interface\{4781DAA6-4DE5-47A1-B02A-945F0D017A9E}'
Found '' in 'SOFTWARE\Classes\Interface\{4781DAA6-4DE5-47A1-B02A-945F0D017A9E}'
Found '' in 'Interface\{3517FB25-305D-4012-B531-186E3851E7ED}'
Found '' in 'SOFTWARE\Classes\Interface\{3517FB25-305D-4012-B531-186E3851E7ED}'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Found '' in 'SOFTWARE\WeirdOnTheWeb'
Internet URL Shortcuts
Files and Directories
Found '400.dfn' in 'C:\Documents and Settings\All Users\Application Data\nsv\cache'
Found 'wmv0104.dbd' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0106.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0204.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0315.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0412.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0504.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0904.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv1125.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv1204.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv1215.dbd' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv1909.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv1920.dbd' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv2007.dbd' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'picsvr.inf' in 'C:\Documents and Settings\All Users\Application Data\picsvr'
Found 'backup-20050706-183551-584.dll' in 'C:\Documents and Settings\JP Clark\Desktop\Clean Up\backups'
Found '' in 'C:\Documents and Settings\JP Clark\Favorites\HEALTH'
Found '' in 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX'
Found '' in 'C:\Program Files\AutoUpdate'
Found 'libexpat.dll' in 'C:\Program Files\AutoUpdate'
Found '' in 'C:\Program Files\INSTAFINK'
Found '' in 'C:\Program Files\MBKWBar'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'WinMX.exe' in 'C:\Program Files\WinMX'
Found '' in 'C:\WINDOWS\bsx32'
Found 'delprot.ini' in 'C:\WINDOWS'
Found 'MediaTicketsInstaller.INF' in 'C:\WINDOWS\Downloaded Program Files'
Found 'dlmax.inf' in 'C:\WINDOWS\inf'
Found 'MediaTicketsInstaller.INF' in 'C:\WINDOWS\LastGood\Downloaded Program Files'
Found 'farmmext.ini' in 'C:\WINDOWS\LastGood'
Found 'abcg.exe' in 'C:\WINDOWS\system32'
Found 'dhctyir.exe' in 'C:\WINDOWS\system32'
Found 'DrPMon.dll' in 'C:\WINDOWS\system32'
Found 'itdwxhr.exe' in 'C:\WINDOWS\system32'
Found 'License.txt' in 'C:\WINDOWS\system32\nsvsvc'
Found 'nvnxtwrm.exe' in 'C:\WINDOWS\system32'
Found 'piqrg.exe' in 'C:\WINDOWS\system32'
Found 'rdugb.exe' in 'C:\WINDOWS\system32'
Found 'ttfae.exe' in 'C:\WINDOWS\system32'
Found 'tuitg.exe' in 'C:\WINDOWS\system32'
Found 'wcptr.exe' in 'C:\WINDOWS\system32'
Found 'woinstall.exe' in 'C:\WINDOWS'
Finished Scanning
Started Backup
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Finished Backup
Started Cleaning
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'. Error=5.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\cache\400.dfn' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\cache\400.dfn' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\cache\400.dfn'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0104.dbd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0104.dbd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0104.dbd'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0315.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0315.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0315.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1125.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1125.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1125.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1204.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1204.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1204.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1215.dbd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1215.dbd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1215.dbd'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1909.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1909.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1909.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1920.dbd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1920.dbd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1920.dbd'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv2007.dbd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv2007.dbd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv2007.dbd'
Checking for 'C:\Documents and Settings\All Users\Application Data\picsvr\picsvr.inf' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\picsvr\picsvr.inf' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\picsvr\picsvr.inf'
Checking for 'C:\Documents and Settings\JP Clark\Desktop\Clean Up\backups\backup-20050706-183551-584.dll' in shortcut areas.
Checking for 'C:\Documents and Settings\JP Clark\Desktop\Clean Up\backups\backup-20050706-183551-584.dll' in startup areas.
Cleaning 'C:\Documents and Settings\JP Clark\Desktop\Clean Up\backups\backup-20050706-183551-584.dll'
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH' in shortcut areas.
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH' in startup areas.
Cleaning 'C:\Documents and Settings\JP Clark\Favorites\HEALTH'
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Decoding Food Labels - Men's Health.url' in shortcut areas.
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Decoding Food Labels - Men's Health.url' in startup areas.
Cleaning 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Decoding Food Labels - Men's Health.url'
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Eat Right Every Time - Men's Health.url' in shortcut areas.
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Eat Right Every Time - Men's Health.url' in startup areas.
Cleaning 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Eat Right Every Time - Men's Health.url'
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Even More Meals - Men's Health.url' in shortcut areas.
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Even More Meals - Men's Health.url' in startup areas.
Cleaning 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Even More Meals - Men's Health.url'
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Slim Down Home Cooking - Men's Health.url' in shortcut areas.
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Slim Down Home Cooking - Men's Health.url' in startup areas.
Cleaning 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Slim Down Home Cooking - Men's Health.url'
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Ten Ways to Cut Ten Grams - Men's Health.url' in shortcut areas.
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Ten Ways to Cut Ten Grams - Men's Health.url' in startup areas.
Cleaning 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\Ten Ways to Cut Ten Grams - Men's Health.url'
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\The Sex-For-Life Diet - Men's Health.url' in shortcut areas.
Checking for 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\The Sex-For-Life Diet - Men's Health.url' in startup areas.
Cleaning 'C:\Documents and Settings\JP Clark\Favorites\HEALTH\The Sex-For-Life Diet - Men's Health.url'
Checking for 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX' in shortcut areas.
Checking for 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX' in startup areas.
Cleaning 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX'
Checking for 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX\WinMX.lnk'
Checking for 'C:\Program Files\AutoUpdate' in shortcut areas.
Checking for 'C:\Program Files\AutoUpdate' in startup areas.
Cleaning 'C:\Program Files\AutoUpdate'
Checking for 'C:\Program Files\AutoUpdate\libexpat.dll' in shortcut areas.
Checking for 'C:\Program Files\AutoUpdate\libexpat.dll' in startup areas.
Cleaning 'C:\Program Files\AutoUpdate\libexpat.dll'
Checking for 'C:\Program Files\AutoUpdate\libexpat.dll' in shortcut areas.
Checking for 'C:\Program Files\AutoUpdate\libexpat.dll' in startup areas.
Cleaning 'C:\Program Files\AutoUpdate\libexpat.dll'
[SCANMODS] The file 'C:\Program Files\AutoUpdate\libexpat.dll' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\INSTAFINK' in shortcut areas.
Checking for 'C:\Program Files\INSTAFINK' in startup areas.
Cleaning 'C:\Program Files\INSTAFINK'
Checking for 'C:\Program Files\MBKWBar' in shortcut areas.
Checking for 'C:\Program Files\MBKWBar' in startup areas.
Cleaning 'C:\Program Files\MBKWBar'
Checking for 'C:\Program Files\MBKWBar\MBKWBar.exe' in shortcut areas.
Checking for 'C:\Program Files\MBKWBar\MBKWBar.exe' in startup areas.
Cleaning 'C:\Program Files\MBKWBar\MBKWBar.exe'
Checking for 'C:\Program Files\MBKWBar\TManager.exe' in shortcut areas.
Checking for 'C:\Program Files\MBKWBar\TManager.exe' in startup areas.
Cleaning 'C:\Program Files\MBKWBar\TManager.exe'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\JP Clark\Desktop\'
[SCANMODS] The file 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\JP Clark\Desktop\'
[SCANMODS] The file 'C:\Documents and Settings\JP Clark\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
[SCANMODS] The file 'C:\Documents and Settings\JP Clark\Desktop\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\bsx32' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32' in startup areas.
Cleaning 'C:\WINDOWS\bsx32'
Checking for 'C:\WINDOWS\bsx32\ASI2.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ASI2.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ASI2.bsx'
Checking for 'C:\WINDOWS\bsx32\ASICLRE.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ASICLRE.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ASICLRE.bsx'
Checking for 'C:\WINDOWS\bsx32\ASICLV.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ASICLV.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ASICLV.bsx'
Checking for 'C:\WINDOWS\bsx32\ASIEPRE.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ASIEPRE.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ASIEPRE.bsx'
Checking for 'C:\WINDOWS\bsx32\ASIEZ.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ASIEZ.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ASIEZ.bsx'
Checking for 'C:\WINDOWS\bsx32\ASIKAB.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ASIKAB.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ASIKAB.bsx'
Checking for 'C:\WINDOWS\bsx32\ASIMBC.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ASIMBC.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ASIMBC.bsx'
Checking for 'C:\WINDOWS\bsx32\ASIRCPRE.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ASIRCPRE.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ASIRCPRE.bsx'
Checking for 'C:\WINDOWS\bsx32\ASISS2RE.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ASISS2RE.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ASISS2RE.bsx'
Checking for 'C:\WINDOWS\bsx32\ASISSRE.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ASISSRE.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ASISSRE.bsx'
Checking for 'C:\WINDOWS\bsx32\bspace.html' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\bspace.html' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\bspace.html'
Checking for 'C:\WINDOWS\bsx32\TMPC.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPC.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPC.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPD.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPD.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPD.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPE.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPE.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPE.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPF.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPF.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPF.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPFAM.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPFAM.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPFAM.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPFI.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPFI.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPFI.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPFIN.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPFIN.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPFIN.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPG.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPG.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPG.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPH.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPH.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPH.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPHL.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPHL.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPHL.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPJ.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPJ.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPJ.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPM.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPM.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPM.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPMTV.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPMTV.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPMTV.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPN.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPN.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPN.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPR.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPR.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPR.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPS.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPS.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPS.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPSHOP.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPSHOP.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPSHOP.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPSP.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPSP.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPSP.bsx'
Checking for 'C:\WINDOWS\bsx32\TMPW.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\TMPW.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\TMPW.bsx'
Checking for 'C:\WINDOWS\bsx32\WEBS1.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\WEBS1.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\WEBS1.bsx'
Checking for 'C:\WINDOWS\bsx32\WEBS2.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\WEBS2.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\WEBS2.bsx'
Checking for 'C:\WINDOWS\bsx32\ZNETGP.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\bsx32\ZNETGP.bsx' in startup areas.
Cleaning 'C:\WINDOWS\bsx32\ZNETGP.bsx'
Checking for 'C:\WINDOWS\delprot.ini' in shortcut areas.
Checking for 'C:\WINDOWS\delprot.ini' in startup areas.
Cleaning 'C:\WINDOWS\delprot.ini'
Checking for 'C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF' in shortcut areas.
Checking for 'C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF' in startup areas.
Cleaning 'C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF'
Checking for 'C:\WINDOWS\inf\dlmax.inf' in shortcut areas.
Checking for 'C:\WINDOWS\inf\dlmax.inf' in startup areas.
Cleaning 'C:\WINDOWS\inf\dlmax.inf'
Checking for 'C:\WINDOWS\LastGood\Downloaded Program Files\MediaTicketsInstaller.INF' in shortcut areas.
Checking for 'C:\WINDOWS\LastGood\Downloaded Program Files\MediaTicketsInstaller.INF' in startup areas.
Cleaning 'C:\WINDOWS\LastGood\Downloaded Program Files\MediaTicketsInstaller.INF'
Checking for 'C:\WINDOWS\LastGood\farmmext.ini' in shortcut areas.
Checking for 'C:\WINDOWS\LastGood\farmmext.ini' in startup areas.
Cleaning 'C:\WINDOWS\LastGood\farmmext.ini'
Checking for 'C:\WINDOWS\system32\abcg.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\abcg.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\abcg.exe'
Checking for 'C:\WINDOWS\system32\dhctyir.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\dhctyir.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\dhctyir.exe'
Checking for 'C:\WINDOWS\system32\DrPMon.dll' in shortcut areas.
Checking for 'C:\WINDOWS\system32\DrPMon.dll' in startup areas.
Cleaning 'C:\WINDOWS\system32\DrPMon.dll'
[SCANMODS] WARNING: Deletion of the file 'C:\WINDOWS\system32\DrPMon.dll' requires a reboot.
Checking for 'C:\WINDOWS\system32\itdwxhr.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\itdwxhr.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\itdwxhr.exe'
Checking for 'C:\WINDOWS\system32\nsvsvc\License.txt' in shortcut areas.
Checking for 'C:\WINDOWS\system32\nsvsvc\License.txt' in startup areas.
Cleaning 'C:\WINDOWS\system32\nsvsvc\License.txt'
Checking for 'C:\WINDOWS\system32\nvnxtwrm.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\nvnxtwrm.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\nvnxtwrm.exe'
Checking for 'C:\WINDOWS\system32\piqrg.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\piqrg.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\piqrg.exe'
Checking for 'C:\WINDOWS\system32\rdugb.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\rdugb.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\rdugb.exe'
Checking for 'C:\WINDOWS\system32\ttfae.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\ttfae.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\ttfae.exe'
Checking for 'C:\WINDOWS\system32\tuitg.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\tuitg.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\tuitg.exe'
Checking for 'C:\WINDOWS\system32\wcptr.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\wcptr.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\wcptr.exe'
Checking for 'C:\WINDOWS\woinstall.exe' in shortcut areas.
Checking for 'C:\WINDOWS\woinstall.exe' in startup areas.
Cleaning 'C:\WINDOWS\woinstall.exe'
Finished Cleaning
  • 0

#54
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as fixme.reg on your desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT]

Double click fixme.reg and when it asks if you want to merge with the registry click YES.

Then, please run this online virus scan:
ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log.
  • 0

#55
Flagler23

Flagler23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
aight here are the 2 scans. thanks a lot for helping!


Incident Status Location

Adware:Adware/eZula No disinfected C:\WINDOWS\System32\ezPopStub.exe
Adware:Adware/SaveNow No disinfected C:\Documents and Settings\All Users\Application Data\nsv
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\banner.inf
Adware:Adware/Apropos No disinfected C:\WINDOWS\System32\auto_update_uninstall.???
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\System32\nsvsvc
Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/IEDriver No disinfected C:\WINDOWS\System32\Searchx.htm
Adware:Adware/IPInsight No disinfected C:\WINDOWS\LastGood\INF\farmmext.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/Fizzle No disinfected C:\Program Files\FwBarTemp
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/WUpd No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\LastGood\INF\dlmax.PNF
Adware:Adware/AzeSearch No disinfected C:\WINDOWS\System32\ztoolbar.bmp
Adware:Adware/CoolSearchHome No disinfected Windows Registry
Virus:Trj/Cryptic.A Disinfected Operating system
Adware:Adware/Pacimedia No disinfected Windows Registry
Adware:Adware/Adsmart No disinfected C:\WINDOWS\System32\vx.tll
Adware:Adware/Novo No disinfected Windows Registry
Adware:Adware/Weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\JP Clark\Application Data\Sskknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\JP Clark\Application Data\Sskuknwrd.dll
Adware:Adware/PopCapLoader No disinfected C:\Documents and Settings\JP Clark\Desktop\Clean Up\backups\backup-20050706-183552-124.inf
Adware:Adware/Transponder No disinfected C:\Documents and Settings\JP Clark\Local Settings\Temp\temp.fr2CF6
Adware:Adware/Thecoolbar No disinfected C:\Program Files\FwBarTemp\cohelper.exe
Adware:Adware/AzeSearch No disinfected C:\WINDOWS\blank.mht
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\banner.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\LastGood\INF\ceres.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\LastGood\INF\ceres.PNF
Adware:Adware/Transponder No disinfected C:\WINDOWS\LastGood\INF\dlmax.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\LastGood\INF\dlmax.PNF
Adware:Adware/IPInsight No disinfected C:\WINDOWS\LastGood\INF\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\LastGood\INF\farmmext.PNF
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/Envolo No disinfected C:\WINDOWS\system32\auto_update_uninstall.log
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\browseui.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\ezPopStub.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\Searchx.htm
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\Shex.exe
Adware:Adware/Adsmart No disinfected C:\WINDOWS\system32\vx.tll
Adware:Adware/CWS.Yexe No disinfected C:\WINDOWS\system32\vxh8jkdq8.exe
Virus:Trj/Downloader.DHB Disinfected C:\WINDOWS\system32\winlogon32.dll
Adware:Adware/AzeSearch No disinfected C:\WINDOWS\system32\ztoolbar.bmp
Adware:Adware/AzeSearch No disinfected C:\WINDOWS\system32\ztoolbar.xml
Adware:Adware/Weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe
Adware:Adware/AzeSearch No disinfected C:\WINDOWS\zsettings.dll


Logfile of HijackThis v1.99.1
Scan saved at 2:16:22 PM, on 7/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JP Clark\Desktop\Clean Up\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113958217972
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#56
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please delete the following folders, in bold:

C:\Documents and Settings\All Users\Application Data\nsv
C:\Program Files\Common Files\Totem Shared
C:\WINDOWS\System32\nsvsvc
C:\Program Files\FwBarTemp

* Then, Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\LastGood\INF\farmmext.inf
C:\WINDOWS\System32\ezPopStub.exe
C:\WINDOWS\inf\banner.inf
C:\WINDOWS\System32\auto_update_uninstall.???
C:\WINDOWS\System32\Searchx.htm
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\LastGood\INF\dlmax.PNF
C:\WINDOWS\System32\ztoolbar.bmp
C:\WINDOWS\System32\vx.tll
C:\WINDOWS\weirdontheweb_topc.exe
C:\Documents and Settings\JP Clark\Application Data\Sskknwrd.dll
C:\Documents and Settings\JP Clark\Application Data\Sskuknwrd.dll
C:\Documents and Settings\JP Clark\Local Settings\Temp\temp.fr2CF6
C:\Program Files\FwBarTemp\cohelper.exe
C:\WINDOWS\blank.mht
C:\WINDOWS\inf\banner.inf
C:\WINDOWS\LastGood\INF\ceres.inf
C:\WINDOWS\LastGood\INF\ceres.PNF
C:\WINDOWS\LastGood\INF\dlmax.inf
C:\WINDOWS\LastGood\INF\dlmax.PNF
C:\WINDOWS\LastGood\INF\farmmext.inf
C:\WINDOWS\LastGood\INF\farmmext.PNF
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\auto_update_uninstall.log
C:\WINDOWS\system32\browseui.exe
C:\WINDOWS\system32\ezPopStub.exe
C:\WINDOWS\system32\Searchx.htm
C:\WINDOWS\system32\Shex.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\vxh8jkdq8.exe
C:\WINDOWS\system32\ztoolbar.bmp
C:\WINDOWS\system32\ztoolbar.xml
C:\WINDOWS\weirdontheweb_topc.exe
C:\WINDOWS\zsettings.dll


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, there is one more scan I would like to you to do. It's a trial version of the program.

Please download WebRoot SpySweeper

Click the "Free Trial" button.
Download it and install it.
When you open the program, it will prompt you to update to the latest definitions.
Please do so, then click "Sweep Now"
Then click the "Start" button.
When it's done scanning, click the "Next" button.
Remove everything it finds, then save the log - copy the log and paste it here for me.
  • 0

#57
Flagler23

Flagler23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
i dont understand what to do with spyware scan. im not sure what to click or maybe i am just missing it.
  • 0

#58
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
If you followed my previous instructions for using killbox then follow these instructions - I'm not exactly sure where you're confused:

Please download WebRoot SpySweeper from here:
http://www.webroot.c...6d6f87b866d2848

Click the "Free Trial" button.
Download it and install it.
When you open the program, it will prompt you to update to the latest definitions.
Please do so.
After the definitions are updates, click "Sweep Now"
Then click the "Start" button.
When it's done scanning, click the "Next" button.
Remove everything it finds.
  • 0

#59
Flagler23

Flagler23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
ok got the spysweeper done. im havin internet connection problems so hopefully ill get back much quicker. sorry. it seems to be workin fine now so hoefully it'll stay. thanks
  • 0

#60
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, that's fine! Just whenever you get a chance, post one last HiJackThis log for me to look at. After that I will give you my recommendations on keeping your system clean. It was nasty when you got here and you definitely don't want that to happen again!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP