Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removal of Webnexus network popups on Laptop [CLOSED]

Started by jefffffffrey91 , Jul 07 2005 06:18 PM

  • This topic is locked This topic is locked

#1
jefffffffrey91
Posted 07 July 2005 - 06:18 PM

jefffffffrey91

    Member

  • Member
  • PipPip
  • 23 posts
Annoying pop up windows with the web nexus title icon at the bottom of the window keep popping up repeatedly.

Logfile of HijackThis v1.99.1
Scan saved at 2:07:28 PM, on 7/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\vvmmmu.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ABC\ABC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JMAG91~1\LOCALS~1\Temp\Rar$EX00.823\HijackThis.exe

F2 - REG:system.ini: Shell=
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\vvmmmu.exe reg_run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Homepage Protector - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

Advertisements

#2
tampabelle
Posted 07 July 2005 - 07:46 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi jeffery,


Your PC has the Qoologic / Narrator infection.

Please download FindQoologic from here:
http://forums.net-in...=post&id=134981
Save it to the desktop and run Find-Qoologic2.bat. This will generate a log file; please post the entire contents of the log file here for me to see.
  • 0

#3
jefffffffrey91
Posted 10 July 2005 - 03:54 PM

jefffffffrey91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 2:53:53 PM, 7/10/2005
+ Report-Checksum: C405BE6C

File\SystemIni
Reg\HKLM\Run HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
Reg\HKLM\Run IgfxTray C:\WINDOWS\System32\igfxtray.exe
Reg\HKLM\Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Reg\HKLM\Run IntelWireless C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
Reg\HKLM\Run KavSvc C:\WINDOWS\system32\vvmmmu.exe reg_run
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------

+ Created on: 2:54:24 PM, 7/10/2005
+ Report-Checksum: 2641D317

0: System Process
4: System Process
108: C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
128: C:\WINDOWS\System32\alg.exe
148: C:\Program Files\ewido\security suite\ewidoctrl.exe
164: C:\Program Files\ewido\security suite\ewidoguard.exe
328: C:\Program Files\Internet Explorer\iexplore.exe
452: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
456: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
500: C:\WINDOWS\System32\svchost.exe
884: \SystemRoot\System32\smss.exe
932: \??\C:\WINDOWS\system32\csrss.exe
956: \??\C:\WINDOWS\system32\winlogon.exe
1000: C:\WINDOWS\system32\services.exe
1012: C:\WINDOWS\system32\lsass.exe
1168: C:\WINDOWS\system32\svchost.exe
1204: C:\WINDOWS\System32\svchost.exe
1256: C:\WINDOWS\system32\svchost.exe
1292: C:\WINDOWS\System32\svchost.exe
1332: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1380: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1464: C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
1544: C:\WINDOWS\System32\svchost.exe
1648: C:\WINDOWS\System32\svchost.exe
1672: C:\WINDOWS\Explorer.EXE
1952: C:\WINDOWS\system32\spoolsv.exe
2108: C:\WINDOWS\System32\hkcmd.exe
2144: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2160: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2168: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
2260: C:\Program Files\AIM\aim.exe
2456: C:\Program Files\Outlook Express\msimn.exe
3188: C:\Program Files\Internet Explorer\iexplore.exe
3408: C:\Program Files\Internet Explorer\IEXPLORE.EXE
3564: C:\Program Files\ewido\security suite\securitysuite.exe
4020: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  • 0

#4
tampabelle
Posted 10 July 2005 - 04:33 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Jeffry,

Since my previous post, we have discovered that net-forums is no longer hosting the Find_Qoologic2.zip file anymore.


Download Find_Qoologic2.zip from this location.

Unzip the file and save the extracted files on your Desktop.

Amongst these extracted files, locate Find_Qoologic2.bat (it may be shown without an extension, but the file name will be Find_Qoologic2) and double click on it.

It will generate a log file.

Please post the Find_Qoologic2 log file here in your next reply
  • 0

#5
jefffffffrey91
Posted 10 July 2005 - 07:25 PM

jefffffffrey91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
<NO NAME> REG_SZ {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fftttmxk
<NO NAME> REG_SZ {f9ab0090-d537-42d2-9d19-a69f8e796d25}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
<NO NAME> REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
<NO NAME> REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
<NO NAME> REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
<NO NAME> REG_SZ {B41DB860-8EE4-11D2-9906-E49FADC173CA}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
<NO NAME> REG_SZ Start Menu Pin

»»»»»»»»»»»»»»»»»»»»»»»»» Active setup »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  • 0

#6
tampabelle
Posted 11 July 2005 - 06:26 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Jeffrey,


Looks like you had some issues in running Find_Qoologic.

Please visit Panda and do an online scan. Save the scan report and post it in your next reply
  • 0

#7
jefffffffrey91
Posted 17 July 2005 - 03:24 PM

jefffffffrey91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Incident Status Location

Adware:Adware/BHO No disinfected C:\Documents and Settings\J Mag 91\Local Settings\Temp\ei40.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\J Mag 91\Local Settings\Temp\i15.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\J Mag 91\Local Settings\Temp\i3B.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\J Mag 91\Local Settings\Temp\i43.tmp
Adware:Adware/DelFinMedia No disinfected C:\Documents and Settings\J Mag 91\Local Settings\Temp\vmstmp\vmstmp.exe
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\J Mag 91\Local Settings\Temp\webrebates.exe
Possible Virus. No disinfected C:\Documents and Settings\J Mag 91\My Documents\R86539.EXE
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mm63.INF
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\mm63.INF
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\Downloaded Program Files\pcs_0006.exe
Possible Virus. No disinfected C:\WINDOWS\system32\datadx.dll
Possible Virus. No disinfected C:\WINDOWS\system32\ddjjjkh.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javex80.vxd[nvms.dll]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javex80.vxd[nls.exe]
Virus:Trj/Qoologic.G Disinfected C:\WINDOWS\system32\ppbbb.dat
Virus:Trj/Prutec.C Disinfected C:\WINDOWS\system32\prutpct.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[bb_auto_wider.swf]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[bb_click_wider.swf]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[bb_welcome1.swf]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[bb_welcome.html]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[icon.gif]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[logo.gif]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[cashback.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[cb.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[flash.exe]
Virus:Trj/Downloader.CFN Disinfected C:\WINDOWS\system32\temperror32.dat
Virus:Trj/Qoologic.G Disinfected C:\WINDOWS\system32\vvmmmu.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\wlnhours.exe
  • 0

#8
tampabelle
Posted 17 July 2005 - 03:36 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Jeffrey,


Please download and save the attached file.

Unzip it to your desktop. Let me know if you did, so I can remove the file from the post.

Double click the file and let it run. It's superfast and it will open a notepad file in no time.

Post me the content of that file.
  • 0

#9
jefffffffrey91
Posted 17 July 2005 - 07:27 PM

jefffffffrey91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"winsync"="C:\\WINDOWS\\system32\\jjaaap.exe reg_run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- fftttmxk
{f2f1ea53-7a8c-40b7-81e9-a7aabf72cb40}
C:\WINDOWS\system32\jjooo.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
==============================
C:\Documents and Settings\J Mag 91\Start Menu\Programs\Startup

desktop.ini
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
conres.cpl
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
igfxcpl.cpl Intel Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
plugincpl131_04.cpl Sun Microsystems
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
stac97.cpl SigmaTel Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
  • 0

#10
tampabelle
Posted 18 July 2005 - 06:10 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please download the Killbox.zip.
Unzip it to the desktop but do NOT run it yet.
Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

***

Once in Safe Mode, please run Killbox.
Click "Replace on Reboot" and check the "Use Dummy" box.
Paste the following into the top "Full Path of File to Delete" box.

C:\WINDOWS\System32\jjooo.dll

Click the red-and-white "Delete File".
Click "Yes" at the Replace on Reboot prompt.
Click "No" at the Pending Operations prompt.
Repeat the steps above for these files:

C:\WINDOWS\system32\jjaaap.exe
C:\WINDOWS\system32\vvmmmu.exe
C:\WINDOWS\system32\datadx.dll
C:\WINDOWS\system32\ddjjjkh.dll
C:\WINDOWS\system32\ppbbb.dat
C:\WINDOWS\system32\psis80ex.ax
C:\WINDOWS\system32\temperror32.dat
C:\WINDOWS\system32\wlnhours.exe
C:\WINDOWS\system32\prutpct.exe

For the last file,

C:\WINDOWS\system32\conres.cpl

Click the red-and-white "Delete File" button.
Click "Yes" at the Replace on Reboot prompt.
Click "Yes" at the Pending Operations prompt to restart your computer. You do not need to reboot into Safe Mode this time.

***

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\fftttmxk]

[-HKEY_CLASSES_ROOT\CLSID\{f2f1ea53-7a8c-40b7-81e9-a7aabf72cb40}]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.


Reboot and please run trackgoo again. Post me the log to check.
  • 0

#11
jefffffffrey91
Posted 19 July 2005 - 03:03 AM

jefffffffrey91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I get the error message "Cannot import C:\Documents and Settings\J Mag 91\Desktop\fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor." I saved file as all files and also as ANSI coding
  • 0

#12
tampabelle
Posted 19 July 2005 - 08:22 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Jeffrey,

I need to check on a couple of things -


1. What is the icon on the file fix.reg ??? Is it similar to the icon for the file - C:\Windows\Regedit ????

2. Is the first line in the fix.reg file - REGEDIT4 ??

If there is any thing above it (inlcuding an empty line), then please delete it. Try merging the file with Registry again.

We can also fix the entries manually, but I would prefer that you dont enter the registry manually.
  • 0

#13
tampabelle
Posted 31 July 2005 - 06:58 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP