Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

0dp.com, xbloom.com popups [CLOSED]


  • This topic is locked This topic is locked

#1
ikoncenter

ikoncenter

    Member

  • Member
  • PipPip
  • 27 posts
Everytime I try and get on the internet on my computer, I get a bunch of pop-ups with 0dp.com or xbloom.com in the title box at the top of the window. It is super annoying, obviously, and it makes any activity on my comp terrible. Thanks for helping me out, I have no idea how to fix this.
  • 0

Advertisements


#2
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here to download HijackThis by Merijn Bellekom. Doubleclick the file, click Unzip and extract the application to C:\HijackThis. Run it from there to scan your computer.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Save the log, Ctrl-A to Select All and post it here for examination. Don't fix anything yet as most of what it lists will be harmless.
  • 0

#3
ikoncenter

ikoncenter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:05:34 PM, on 8/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\b2ZmaWNl\command.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\xzblsg.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\uree\atec.exe
C:\WINNT\system32\ks4dgl.exe
C:\WINNT\system32\sto32_.exe
C:\WINNT\system32\sto32_.exe
C:\WINNT\TEMP\wrapperouter.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\nsvsvc\nsvsvc.exe
C:\WINNT\system32\vidctrl\vidctrl.exe
C:\WINNT\etb\pokapoka63.exe
C:\WINNT\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\drwtsn32.exe
C:\WINNT\system32\drwtsn32.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.go2realsearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ikoncenter.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINNT\wupdt.exe
O4 - HKLM\..\Run: [Dinst] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ks4dgl.exe reg_run
O4 - HKLM\..\Run: [cbxouc] C:\WINNT\system32\cbxouc.exe
O4 - HKLM\..\Run: [dnam] C:\WINNT\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [eltupt] C:\WINNT\eltupt.exe
O4 - HKLM\..\Run: [039X39W] boomes.exe
O4 - HKLM\..\Run: [sjtjvc] C:\WINNT\system32\sjtjvc.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitemxo32.exe
O4 - HKLM\..\Run: [System service63] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\Run: [aihvrd] C:\WINNT\system32\xzblsg.exe r
O4 - HKLM\..\Run: [wghmhc] C:\WINNT\system32\wghmhc.exe
O4 - HKCU\..\Run: [H0q7RVaqO] admgen.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [regbcs] C:\WINNT\system32\regbcs.exe
O4 - HKCU\..\Run: [psnlba] C:\WINNT\system32\psnlba.exe
O4 - HKCU\..\Run: [nddsau] C:\WINNT\system32\nddsau.exe
O4 - HKCU\..\Run: [maplay] C:\WINNT\system32\maplay.exe
O4 - HKCU\..\Run: [mcivmg] C:\WINNT\system32\mcivmg.exe
O4 - HKCU\..\Run: [sto32_] C:\WINNT\system32\sto32_.exe
O4 - HKCU\..\RunOnce: [sto32_] C:\WINNT\system32\sto32_.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINNT\systb.dll (file missing)
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINNT\systb.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ikon.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ikon.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ikon.local
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMAPP\Client\cmappmf.dll
O20 - Winlogon Notify: StillImage - C:\WINNT\system32\dhfolder.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\b2ZmaWNl\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe
  • 0

#4
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
We'll use some clean-up tools first.

Click here to download CWShredder. Check for an update then run it, hit 'fix' as opposed to 'scan only'. Reboot when done.

Click here to download Spybot Search & Destroy v1.4 - install, update, scan and fix all RED items it finds. Reboot when done.

Click here to download Ad-Aware SE and install. Before scanning click on "check for updates now" to make sure you have the latest reference file.
  • Click "Start"
  • Select "Perform Full System scan"
  • Click "Next" to start the scan.
When the scan is finished, the screen will tell you if anything has been found.
  • Click "Next". The bad files will be listed.
  • Right click the pane and click "Select all objects" - this will put a check mark in the box at the side.
  • Click "Next" again
  • Click "OK" at the prompt "# objects will be removed. Continue?".
Reboot when done.

Click here to download Microsoft AntiSpyware Beta, check for updates and run it. Reboot when done.

Click here to download ewido security suite - it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.
  • 0

#5
ikoncenter

ikoncenter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:21:32 PM, on 8/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\b2ZmaWNl\command.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\etb\pokapoka63.exe
C:\Program Files\uree\atec.exe
C:\WINNT\system32\shaexdn.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\fixrra.exe
C:\WINNT\system32\fixrra.exe
C:\WINNT\system32\vidctrl\vidctrl.exe
C:\WINNT\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Office\LOCALS~1\Temp\Rar$EX03.959\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ikoncenter.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [Dinst] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ks4dgl.exe reg_run
O4 - HKLM\..\Run: [dnam] C:\WINNT\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [eltupt] C:\WINNT\eltupt.exe
O4 - HKLM\..\Run: [039X39W] boomes.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitemxo32.exe
O4 - HKLM\..\Run: [System service63] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\Run: [mrfjfa] C:\WINNT\system32\shaexdn.exe r
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [H0q7RVaqO] admgen.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [regbcs] C:\WINNT\system32\regbcs.exe
O4 - HKCU\..\Run: [psnlba] C:\WINNT\system32\psnlba.exe
O4 - HKCU\..\Run: [sto32_] C:\WINNT\system32\sto32_.exe
O4 - HKCU\..\Run: [wshxou] C:\WINNT\system32\wshxou.exe
O4 - HKCU\..\Run: [fixrra] C:\WINNT\system32\fixrra.exe
O4 - HKCU\..\RunOnce: [fixrra] C:\WINNT\system32\fixrra.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dipt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ikon.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ikon.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ikon.local
O20 - Winlogon Notify: Extensions - C:\WINNT\system32\modocs.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\b2ZmaWNl\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\winnt\SvcProc.exe
  • 0

#6
ikoncenter

ikoncenter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It seems that a lot of these pop-ups are connected to some type of program called aurora. It comes up with all of the pop-ups and other stuff. I can't find it anywhere on the computer, however, to delete it.
  • 0

#7
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Yes, that is what we are in the process of removing. You don't appear to have run the programs I requested - please repeat my last post.
  • 0

#8
ikoncenter

ikoncenter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
So far we have run CWShredder, spybot, and Ad-Aware. We are not able to run the Microsoft AntiSpyware Beta cause the computer we are doing this on won't connect to the internet to download the file. The rest of these we have been able to dowload the setup files, and then transfer them to the computer with problems. I am going to do the ewido now.
  • 0

#9
ikoncenter

ikoncenter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:44:42 AM, on 8/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\b2ZmaWNl\command.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\uree\atec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\Explorer.exe
C:\DOCUME~1\Office\LOCALS~1\Temp\ARV\aurareco.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\WINNT\system32\adculbf.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Office\LOCALS~1\Temp\Rar$EX00.564\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anetwork.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ks4dgl.exe reg_run
O4 - HKLM\..\Run: [dnam] C:\WINNT\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [039X39W] boomes.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitemxo32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\adculbf.exe r
O4 - HKCU\..\Run: [H0q7RVaqO] admgen.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [regbcs] C:\WINNT\system32\regbcs.exe
O4 - HKCU\..\Run: [psnlba] C:\WINNT\system32\psnlba.exe
O4 - HKCU\..\Run: [sto32_] C:\WINNT\system32\sto32_.exe
O4 - HKCU\..\Run: [slb2_3] C:\WINNT\system32\slb2_3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ikon.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ikon.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ikon.local
O20 - Winlogon Notify: WebCheck - C:\WINNT\system32\modocs.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\b2ZmaWNl\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\winnt\SvcProc.exe




---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:43:50 AM, 8/20/2005
+ Report-Checksum: 526C419C

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2098370590-2355827562-3356376025-1134\Software\LQ -> Dialer.Generic : Cleaned with backup
[188] C:\WINNT\system32\modocs.dll -> Spyware.Look2Me : Error during cleaning
[436] C:\WINNT\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
[1168] C:\Program Files\E2G\IeBHOs.dll -> Spyware.E2Give : Cleaned with backup
[1144] C:\WINNT\system32\ktmfqwo.exe -> Trojan.Agent.cp : Cleaned with backup
[1444] VM_022B0000 -> Adware.BetterInternet : Error during cleaning
[1668] C:\WINNT\system32\aaaaks.exe -> TrojanSpy.VB.eh : Cleaned with backup
[1688] C:\WINNT\system32\aaaaks.exe -> TrojanSpy.VB.eh : Error during cleaning
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dipt.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@ehg-stampsdotcom.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@www.goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Office\Cookies\office@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Office\Local Settings\Temp\DelA5.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Office\Local Settings\Temp\resA6.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Office\Local Settings\Temp\temp.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Office\Local Settings\Temp\temp.frAF47\MediaAccess.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Office\Local Settings\Temp\temp.frAF47\MediaAccK.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Office\Local Settings\Temp\temp.frD7C4 -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Office\Local Settings\Temporary Internet Files\Content.IE5\QPQVWHA7\kw[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\E2G\IeBHOs.dll -> Spyware.E2Give : Cleaned with backup
C:\RECYCLER\S-1-5-21-2098370590-2355827562-3356376025-1134\Dc1.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2098370590-2355827562-3356376025-1134\Dc4.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINNT\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINNT\dnnugjmp.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINNT\eltupt.exe -> TrojanDownloader.OneClickSearch.k : Cleaned with backup
C:\WINNT\etb\pokapoka63.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINNT\etb\xud_63.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINNT\etb\__delete_on_reboot__nt_hide63.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINNT\invitessk.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINNT\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINNT\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\aaaaks.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\system32\cbxouf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINNT\system32\dhfolder.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\dlcffi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\hccnv2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ktmfqwo.exe -> Trojan.Agent.gp : Cleaned with backup
C:\WINNT\system32\maplay.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mcivmg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\MCPI.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mf3obs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mGpistub.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\nsvsvc\nsv.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINNT\system32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
C:\WINNT\system32\qkbva.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINNT\system32\rjnv2iTW.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\sjtjvf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINNT\system32\syname.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\vdhelper.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\WINNT\system32\wghmhf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINNT\system32\__delete_on_reboot__ks4dgl.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINNT\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINNT\Temp\ei.exe -> TrojanDownloader.Small.bgl : Cleaned with backup
C:\WINNT\Temp\f5547416.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINNT\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINNT\zahjcrbcuw.exe -> Adware.BetterInternet : Cleaned with backup


::Report End
  • 0

#10
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Let's get rid of Look2Me next. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

Advertisements


#11
ikoncenter

ikoncenter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ok, I got program on there and opened the folder. After that when I open the l2mfix.bat and as soon as the window comes up I get a promt that says "CMD.exe has generated errors and will be closed by windows. You will need to restart the program." Then the program shutsdown. This is all I can get it to do. I have tried to restart the computer several times but this seems to do nothing.
  • 0

#12
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
OK, we'll park that for now. Post a new HJT log and don't reboot/restart from here on unless instructed to do so.
  • 0

#13
ikoncenter

ikoncenter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:43:21 AM, on 8/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\b2ZmaWNl\command.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\ctcxjpt.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\WINNT\etb\pokapoka63.exe
C:\DOCUME~1\Office\LOCALS~1\Temp\Rar$EX00.311\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anetwork.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ks4dgl.exe reg_run
O4 - HKLM\..\Run: [dnam] C:\WINNT\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [039X39W] boomes.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitemxo32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [ypcgch] C:\WINNT\system32\ctcxjpt.exe r
O4 - HKCU\..\Run: [H0q7RVaqO] admgen.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [regbcs] C:\WINNT\system32\regbcs.exe
O4 - HKCU\..\Run: [psnlba] C:\WINNT\system32\psnlba.exe
O4 - HKCU\..\Run: [sto32_] C:\WINNT\system32\sto32_.exe
O4 - HKCU\..\Run: [slb2_3] C:\WINNT\system32\slb2_3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ikon.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ikon.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ikon.local
O20 - Winlogon Notify: Controls Folder - C:\WINNT\system32\modocs.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\b2ZmaWNl\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\winnt\SvcProc.exe
  • 0

#14
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Please print these instructions.

Click here to download Nailfix. Extract it from the zip file to your desktop but do NOT run it yet.

Click here to download Process Explorer.

Click here to download dsrfix. Extract it from the zip file to your desktop - the program creates and names the new folder to house the files. Next, close Internet Explorer and open the new dsrfix folder. Double click on the dsrfix.bat file. Once dsrfix has completed, it will close on its own.

Run Process Explorer and find ctcxjpt.exe in the list of Processes. Select the process and click Process > Suspend.

Then open HijackThis, click Config > Misc Tools > Delete a file on reboot... In the explorer Window select c:\windows\system32\ctcxjpt.exe When prompted if you want to reboot click YES

Important - leave Process Explorer running with the process suspended through the reboot.

Have it reboot into Safe Mode by tapping F8 after the BIOS has loaded. Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Reboot into Normal Mode when done, rescan with HJT and post a new log here.
  • 0

#15
ikoncenter

ikoncenter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
When I try to run Process Explorer I keep getting the same prompt window as earlier that says there are errors and to restart the program. I can't go any further.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP