Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winfixer


  • Please log in to reply

#1
rcole23

rcole23

    New Member

  • Member
  • Pip
  • 5 posts
tried everything! and I mean everything, must have been at this for 6 hours now.

please for the sake of my sanity give me a hand.

here is my HJT log, it if seems strange, it probably is, I’ve pretty much torn my computer apart trying to rid my self of the winfixer disease.

R. Cole

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of HijackThis v1.99.1
Scan saved at 8:09:54 PM, on 8/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Ryan Cole\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\RYANCO~1

\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\RYANCO~1

\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {3E15077E-8992-4B02-AB28-5DD82AFED1EC} - C:\WINDOWS\System32\nppb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\RYANCO~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.

EXE"
O8 - Extra context menu item: &Download with FreeDAccelerator! - C:\Program Files\Free

Download Accelerator 2\FreeDAccelerator.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program

Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program

Files\Free Downloads Accelerator\0.999\fdaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2

\Office10\EXCEL.EXE/3000
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{037A062C-E2A8-4853-A1EB-5F95BACD5816}: NameServer =

192.168.1.1
O18 - Filter: text/html - {30FD47A7-290C-48DE-929D-F162218F362F} - C:\WINDOWS\System32\nppb

.dll
O18 - Filter: text/plain - {30FD47A7-290C-48DE-929D-F162218F362F} - C:\WINDOWS\System32

\nppb.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program

Files\Acesoft\Tracks Eraser Pro\autocomp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:

\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:

\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:

\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1

\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi rcole23 and Welcome to GeekstoGo!

Please go to Add\Remove Programs and Remove

Media Access

Please Download SpSeHjfix112:
http://www.derbilk.de/SpSeHjfix112.zip
or
http://www.trojaner-...gi?file=sphjfix
Once downloaded,Unzip it and Make sure to Extract All Files!

Download and install CleanUp!:
http://downloads.ste...p/CleanUp40.exe

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Run SpSeHjfix112

Click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process!

When it Reboots you-> Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

The tool creates a log of the fix which will appear in the new folder!
Please Save that Log,I may ask to see it!

Run SpSeHjfix112 again to ensure nothing is left behind and reboot back into Safe Mode!

Now,Open and Run CleanUp!-> When it prompts you to log off-> Click NO!

With all Windows and Browsers Closed-> Scan the Entire System with Ewido-> Clean all it finds-> Be sure to click the tab to Save the Report!

Locate and Delete this folder

C:\Program Files\Media Access

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from SpSeHjfix112-> Ewido and Panda!
  • 0

#3
rcole23

rcole23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok ive done about half of what you have asked me to do.

sorry about the time it took me to reply, i was having some dhcp problems.

I could not and still can not run SpSeHjfix112.exe, i am getting a close and send to microsoft? or dont send error every time.

I cannot run panda active scan, winfixer is taking over it every few mins and stops the scan.

I was able to run and install Cleanup!

I can run HJT

I was able to run Ewido, reports will be posted below.

I also enabled everything in msconfig liked you asked.

ANY HELP is appricated.

P.S. ya winfixer is still here.

R. Cole

HJT REPORT (CURRENT)

Logfile of HijackThis v1.99.1
Scan saved at 4:20:17 AM, on 8/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\dlsmgr\dlsmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Ryan Cole\Desktop\third attempt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dlsmgr] C:\Program Files\dlsmgr\dlsmgr.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\0.999\fdaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O18 - Filter: text/html - {30FD47A7-290C-48DE-929D-F162218F362F} - C:\WINDOWS\System32\nppb.dll
O18 - Filter: text/plain - {30FD47A7-290C-48DE-929D-F162218F362F} - C:\WINDOWS\System32\nppb.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE



EWIDO REPORT

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:34:25 AM, 8/15/2005
+ Report-Checksum: 16A8FF3

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\AtlBrowser.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\eZulaBootExe.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\eZulaMain.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0818D423-6247-11D1-ABEE-00D049C10000} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AtlBrCon.AtlBrCon -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AtlBrCon.AtlBrCon\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE} -> Spyware.TopText : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.IEObject -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.IEObject\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.IEObject\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaPopSearchPipe -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaPopSearchPipe\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaPopSearchPipe\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{241667A3-EC83-4885-84DD-C2DAAFC1C5EA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{25630B50-53C6-4E66-A945-9D7B6B2171FF} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{78BCF936-45B0-40A7-9391-DCC03420DB35} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{955CBF48-4313-4B1F-872B-254B7822CCF2} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9CFA26C2-81DA-4C9D-A501-F144A4A000FA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EFA52460-8822-4191-BA38-FACDD2007910} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Offer -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-1606980848-492894223-1957994488-1004\Software\eZula -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-1606980848-492894223-1957994488-1004\Software\eZula\Setup -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-1606980848-492894223-1957994488-1004\Software\eZula\Setup\ID -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-1606980848-492894223-1957994488-1004\Software\eZula\Setup\path -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-1606980848-492894223-1957994488-1004\Software\Web Offer -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-1606980848-492894223-1957994488-1004\Software\Web Offer\Setup -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-1606980848-492894223-1957994488-1004\Software\Web Offer\Setup\ID -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-1606980848-492894223-1957994488-1004\Software\Web Offer\Setup\Path -> Spyware.eZula : Cleaned with backup
C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\Cache\B30D44FEd01 -> Spyware.WinAD : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Ryan Cole\.limewire\Application Data\Mozilla\Firefox\Profiles\tr22xea8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Ryan Cole\Desktop\third attempt\second attempt\crack.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\eZula -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.dst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.kwd -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.pu -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\CHCON.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\eabh.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\genun.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\arrow1.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\arrow2.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\button_small.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\icon.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Bottom.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Center.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\new.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_divider.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Left.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Off.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_On.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Right.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_B.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_L.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_R.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\spacer.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\INSTALL.LOG -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\legend.lgn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\mmod.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\param.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\rwds.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\search.src -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\seng.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\UNWISE.EXE -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\upgrade.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\version.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\wndbannn.src -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\apev.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.dst -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.kwd -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.pu -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\CHPON.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\eapbh.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\gendis.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\INSTALL.LOG -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\paramp.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\rwdsp.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\sepng.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\UNWISE.EXE -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\upgradep.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\versionp.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\wndbannnp.src -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\wo.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\nppb.dll -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Not quite sure why that error is coming up???

Did you extract all files when Unziping the SpSeHjfix112.zip?

Please Make sure that All Files were Extracted and try to run it again when you go to Safe Mode!

Right-Click Here and Click "Save As" to download DelDomains.inf to your desktop.

Right Click DelDomains.inf on your desktop and select "Install"

It will perform a silent process>Give it a minute to run!

Download the Hoster from here:
http://www.funkytoad...load/hoster.zip
Press "Restore Original Hosts" and press "OK"!!
Exit Program!

Go to Add\Remove Programs and Remove

WebOffer
Ezula
Free Downloads Accelerator


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode

Try Running SpSeHjfix112 again just as Instructed before,rebooting back into Safe Mode both times!

Locate and Delete these files and folders

C:\Program Files\dlsmgr

C:\Program Files\eZula

C:\Program Files\Web Offer

C:\Program Files\Free Downloads Accelerator

C:\WINDOWS\system32\nppb.dll

Click Start-> Click Run-> Copy&Paste the Text below into the Text Box and Click OK!

regsvr32 /u nppb.dll
If you get an error message,try it like this:
regsvr32 /u C:\WINDOWS\system32\nppb.dll

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O4 - HKLM\..\Run: [dlsmgr] C:\Program Files\dlsmgr\dlsmgr.exe

O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\0.999\fdaie.htm

O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)

O18 - Filter: text/html - {30FD47A7-290C-48DE-929D-F162218F362F} - C:\WINDOWS\System32\nppb.dll
O18 - Filter: text/plain - {30FD47A7-290C-48DE-929D-F162218F362F} - C:\WINDOWS\System32\nppb.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!

Run CleanUp again just as you did before,when prompted to log off,just restart the PC back in Normal Mode and try the Panda Scan again!

Post back with a Fresh HijackThis log and the reports from WinPFind and Panda!
  • 0

#5
rcole23

rcole23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
New Log Post

I got your SE.dll fix to work, I was having a command problem that I fixed.

Still cant run panda because of winfixer.

I was able to run a Norton scan though, and it removed some things.

here is my most current Hijack this log for your.

============================================

Logfile of HijackThis v1.99.1
Scan saved at 5:24:56 PM, on 8/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Norton SystemWorks2\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan Cole\Desktop\third attempt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks2\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\RYANCO~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://housecall60.trendmicro.com
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks2\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE

:tazz:
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
What kind of Command Errors are you having?

Update Ewido!

Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!

Scan again with Ewido and Save the Report!

Restart Normal!

Can you run the SpSeHjfix112 again in Normal Mode and Save the log,unless you can locate the logs from the first 2 runs??

Post back with a fresh HijackThis log and the Reports from Ewido-> SpSeHjfix112 and WinPFind!

Edited by Cretemonster, 17 August 2005 - 06:07 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP