Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pokapoka70.exe removal for dummies. [CLOSED]


  • This topic is locked This topic is locked

#16
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please delete this folder:

C:\Documents and Settings\All Users\Application Data\KnobMessGreatAdmin

Then post a new HiJackthis log :tazz:
  • 0

Advertisements


#17
Astraeus

Astraeus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 15:55:50, on 23/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.orljfwwzz...X8vLiN60nR.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adsonwww.com/...L?zone=enternet
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\elitegfk32.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyfg32.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\\\etb\\pokapoka70.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#18
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please download LQfix.exe and save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will now reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Now do a scan with HiJackThis and place a check next to the following items and click FIX CHECKED:

1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.orljfwwzz...X8vLiN60nR.html

Rescan with HiJackThis and post a new log please :tazz:
  • 0

#19
Astraeus

Astraeus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 22:08:13, on 23/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adsonwww.com/...L?zone=enternet
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe




Thar we go! :tazz:
  • 0

#20
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Looking much better :tazz:

Quick question while I work on your fix:

Do you know what this is?
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adsonwww.com/...L?zone=enternet

Don't click it if you don't!

I will be back as soon as possible :)
  • 0

#21
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Download Brute Force Uninstaller.
Unzip it to itís own folder (c:\BFU)

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Derbiz Remover. Save it in the folder you made earlier (c:\BFU)

Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute copy and paste c:\bfu\derbiz.bfu
Press execute and let it do itís job.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Open Internet Explorer.
Under Tools > Internet Options > on the General tab change your startpage to the one you want.

Post a new HiJackThis log, please.
  • 0

#22
Astraeus

Astraeus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I thought Derbiz was malicious, just never thought to mention it. Thanks for all the help so far, my pc feels so much cleaner :tazz: anyway here is the log:



Logfile of HijackThis v1.99.1
Scan saved at 17:49:58, on 24/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adsonwww.com/...L?zone=enternet
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#23
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I will be back as soon as possible :tazz:
  • 0

#24
Astraeus

Astraeus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Allrighty :tazz:
  • 0

#25
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adsonwww.com/...L?zone=enternet

O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe


Close HiJackThis.

Delete the following files, if found:

C:\WINDOWS\system32\temp532.exe
C:\WINDOWS\iccontrol.exe
C:\WINDOWS\icc.dll

Then Please do this for me:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

Advertisements


#26
Astraeus

Astraeus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
well i deleted icccontrol, temp532 was nowhere to be found and the .dll wouldnt delete due to "Write protected" error message. Bah, bah i say! anywhos the results of the scan:


********
11:02: |∑∑∑ Start of Session, 25 September 2005 ∑∑∑|
11:02: Spy Sweeper started
11:02: Sweep initiated using definitions version 540
11:02: Starting Memory Sweep
11:06: Memory Sweep Complete, Elapsed Time: 00:04:15
11:06: Starting Registry Sweep
11:06: Found Adware: keenvalue/perfectnav
11:06: HKLM\software\microsoft\windows\currentversion\uninstall\incredifind\ (2 subtraces) (ID = 129513)
11:06: HKLM\software\searchupgrader\ (11 subtraces) (ID = 129519)
11:06: Found Adware: lopdotcom
11:06: HKU\S-1-5-21-3664489778-1698470064-157890801-1003\software\microsoft\internet explorer\new windows\allow\ || lop.com (ID = 130287)
11:06: HKU\S-1-5-21-3664489778-1698470064-157890801-1003\software\microsoft\internet explorer\new windows\allow\ || searchweb2.com (ID = 130288)
11:06: HKU\S-1-5-21-3664489778-1698470064-157890801-1003\software\microsoft\internet explorer\new windows\allow\ || www.lop.com (ID = 130289)
11:06: HKU\S-1-5-21-3664489778-1698470064-157890801-1003\software\microsoft\internet explorer\new windows\allow\ || www.searchweb2.com (ID = 130290)
11:06: Found Adware: navexcel navhelper
11:06: HKLM\software\microsoft\windows\currentversion\uninstall\navexcel search toolbar\ (4 subtraces) (ID = 623491)
11:06: Found Adware: clickyes2enter dialer
11:06: HKLM\software\microsoft\ras autodial\default\ || defaultinternet (ID = 636854)
11:06: HKLM\software\ieaccess\ (18 subtraces) (ID = 647351)
11:06: Registry Sweep Complete, Elapsed Time:00:00:18
11:06: Starting Cookie Sweep
11:06: Found Spy Cookie: atlas dmt cookie
11:06: owner@atdmt[2].txt (ID = 2253)
11:06: Cookie Sweep Complete, Elapsed Time: 00:00:02
11:06: Starting File Sweep
11:07: c:\program files\navexcel search toolbar (2 subtraces) (ID = -2147475427)
11:07: c:\program files\common files\searchupgrader (2 subtraces) (ID = -2147480789)
11:07: c:\program files\perfectnav (2 subtraces) (ID = -2147480782)
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114174.dzb". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114178.uwo". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114180.lvw". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114184.xbe". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114189.zia". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114190.tzk". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114204.cea". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114193.kxv". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114206.xjr". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114212.hed". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114217.uxf". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114218.nrp". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114404.ceo". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114852.aes". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114222.lrz". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114225.aje". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114226.gbg". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114245.ztr". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114231.psp". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114198.fmo". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114202.lmh". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114298.ugu". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114246.htp". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114304.csv". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114247.orp". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114718.eqx". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114714.lzz". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114251.lne". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114252.ztm". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114257.noi". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114260.sgz". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114263.ahv". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114305.spz". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114267.tak". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114318.jcm". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114355.mlj". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114235.uhe". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114239.ons". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114319.mae". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114309.gjk". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114357.btc". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114321.ycl". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114324.mmn". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114326.usd". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114329.syp". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114331.uyx". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114444.oym". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114240.rjt". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114271.ffp". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114337.afr". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114315.ijg". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114339.yzn". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114459.sin". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114671.xjq". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114668.kag". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114343.fdt". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114419.hsh". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114854.ikj". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114447.frs". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114487.wqt". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114409.hed". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114857.mvg". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114281.bdh". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114289.qzy". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114290.ukl". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114490.zkp". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114293.xzd". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114296.deo". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114619.fqw". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114461.pms". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114859.cod". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114544.oiv". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\windows\system32\preinstaller_p1.exe". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114647.aqt". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\windows\system32\config\systemprofile\application data\idol slow mode\third mail 2 for.exe". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114862.vhu". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114347.ywf". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114349.luj". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114463.lxy". System Error. Code: 5.
Access is denied
11:07: Warning: Failed to read file "c:\recycler\nprotect\00114866.blt". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114466.uru". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114467.xdm". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114867.eba". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114452.kaf". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114712.wgi". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114472.dds". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114354.img". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114368.ilu". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114475.blg". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114669.pdt". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114422.rle". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114686.wis". System Error. Code: 5.
Access is denied
11:08: launch derbiz.com.lnk (ID = 52854)
11:08: uninstall launch derbiz.com.lnk (ID = 52859)
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114376.kuv". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\documents and settings\owner\application data\idol slow mode\logothisproc.exe". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114383.jfa". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114492.lwo". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114416.mjp". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114477.gvk". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114528.fhs". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114693.ovd". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\documents and settings\owner\application data\idol slow mode\third mail 2 for.exe". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114529.sua". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114431.cji". System Error. Code: 5.
Access is denied
11:08: Found Adware: clearsearch
11:08: meunzcb6.dll (ID = 52822)
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114704.mmf". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114546.qol". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114602.nqk". System Error. Code: 5.
Access is denied
11:08: Warning: Failed to read file "c:\recycler\nprotect\00114626.ypa". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\documents and settings\owner.dan\local settings\temporary internet files\content.ie5\hkj53dto\pokapoka63[1].exe". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\recycler\nprotect\00114710.sbk". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\documents and settings\owner\application data\idol slow mode\mfcd start logo wave.exe". System Error. Code: 5.
Access is denied
11:09: sj3asizs.dll (ID = 52807)
11:09: Warning: Failed to read file "c:\windows\system32\config\systemprofile\application data\idol slow mode\mfcd start logo wave.exe". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\windows\system32\config\systemprofile\application data\idol slow mode\logothisproc.exe". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\windows\system32\config\systemprofile\application data\idol slow mode\idle logo move bias.exe". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\recycler\nprotect\00114493.pkr". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\recycler\nprotect\00114456.oyw". System Error. Code: 5.
Access is denied
11:09: bind aim.exe (ID = 67087)
11:09: Warning: Failed to read file "c:\windows\system32\config\systemprofile\application data\idol slow mode\dupe1cakemess.exe". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\recycler\nprotect\00114172.ysu". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\recycler\nprotect\00114514.ado". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\recycler\nprotect\00114515.wtk". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\recycler\nprotect\00114519.faf". System Error. Code: 5.
Access is denied
11:09: Warning: Failed to read file "c:\recycler\nprotect\00114498.gfz". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114563.low". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114683.kxb". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\documents and settings\default user\application data\idol slow mode\third mail 2 for.exe". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\documents and settings\default user\application data\idol slow mode\mfcd start logo wave.exe". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114690.lec". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114873.jwy". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114878.jcl". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114881.xth". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114882.hph". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114885.kzc". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114887.del". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114673.vma". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114676.vzb". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114629.eiy". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114633.iyg". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114888.jas". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114892.lkd". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114709.qbb". System Error. Code: 5.
Access is denied
11:10: cxetncx4.dll (ID = 52739)
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114895.izq". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114569.hbd". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114574.znq". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114603.fqd". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114605.utj". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114696.kzi". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114620.yoj". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114617.toq". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114418.jml". System Error. Code: 5.
Access is denied
11:10: Warning: Failed to read file "c:\recycler\nprotect\00114395.uom". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114500.tcd". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114441.pvy". System Error. Code: 5.
Access is denied
11:11: navexcelbar.dll (ID = 93779)
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114513.onr". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114625.btq". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114437.cwq". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114985.ktq". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114908.dfh". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114912.vyj". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114913.fef". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114916.gle". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114898.cda". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114903.dak". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114778.cul". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114780.bxj". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114786.kuw". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114789.vey". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114792.hvf". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114794.mfu". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114796.fkv". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114803.ldg". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114811.htu". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114818.dyw". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114826.yxv". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114828.iwj". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114832.squ". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114835.jbt". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114838.mmt". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114843.tzz". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114703.nnj". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114846.qvr". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114905.jwi". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114876.rny". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114848.cvp". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114851.pqn". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114919.ilu". System Error. Code: 5.
Access is denied
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114705.znr". System Error. Code: 5.
Access is denied
11:11: 19481236.dat (ID = 52532)
11:11: 41436579.dat (ID = 52544)
11:11: Found Adware: daosearch
11:11: 90155602.txt (ID = 57421)
11:11: bind aim.exe (ID = 67087)
11:11: Warning: Failed to read file "c:\recycler\nprotect\00114692.bnc". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\documents and settings\owner\application data\idol slow mode\idle logo move bias.exe". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114688.lhv". System Error. Code: 5.
Access is denied
11:12: 62434304.dat (ID = 57424)
11:12: Warning: Failed to read file "c:\documents and settings\owner\application data\idol slow mode\dupe1cakemess.exe". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114558.ewc". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114508.jrs". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114510.tik". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114588.ldf". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114615.zqo". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114599.rjq". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114587.iqp". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114572.nbp". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114585.hfh". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114680.uve". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114623.are". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114594.rwa". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114608.ams". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114582.zwc". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114596.blh". System Error. Code: 5.
Access is denied
11:12: 55599028.txt (ID = 116398)
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114427.fdk". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114579.nnc". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114575.mka". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114598.suq". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114521.ixe". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114597.ulx". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114576.mlh". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114562.mnv". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114637.izn". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114556.hbg". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114425.wjj". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114457.ato". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114537.pgg". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114539.wzr". System Error. Code: 5.
Access is denied
11:12: Warning: Failed to read file "c:\recycler\nprotect\00114502.ydc". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114531.jcb". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114398.kfy". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114542.qoq". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114555.zdg". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114483.lhg". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114485.rqo". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114565.xzy". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114578.edz". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114523.svz". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114612.fnt". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114622.urr". System Error. Code: 5.
Access is denied
11:13: bind aim.exe (ID = 67087)
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114682.aom". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\documents and settings\default user\application data\idol slow mode\dupe1cakemess.exe". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\documents and settings\default user\application data\idol slow mode\idle logo move bias.exe". System Error. Code: 5.
Access is denied
11:13: Warning: Failed to read file "c:\recycler\nprotect\00114651.pkq". System Error. Code: 5.
Access is denied
11:14: Warning: Failed to read file "c:\documents and settings\default user\application data\idol slow mode\logothisproc.exe". System Error. Code: 5.
Access is denied
11:14: 70669068.dat (ID = 52539)
11:14: i2mgg9uh.dll (ID = 52484)
11:14: Found Adware: mindset interactive - favoriteman
11:14: shawn_1.dll (ID = 69864)
11:15: 57151610.bin (ID = 52529)
11:16: Warning: Failed to read file "c:\windows\system32\csrss_log.dat". System Error. Code: 5.
Access is denied
11:17: im64.dll (ID = 69841)
11:18: system.cfg (ID = 64871)
11:18: 67617415.dat (ID = 52512)
11:18: 7921520.dat (ID = 116395)
11:18: 59081372.txt (ID = 57426)
11:18: 32090900.txt (ID = 57422)
11:18: 36489753.txt (ID = 52531)
11:18: 21893564.bin (ID = 52517)
11:18: 20218416.bin (ID = 52520)
11:18: 86909980.txt (ID = 52523)
11:18: 41490630.bin (ID = 52536)
11:18: 20297374.dat (ID = 57423)
11:18: 1451112.bin (ID = 52541)
11:19: File Sweep Complete, Elapsed Time: 00:12:36
11:19: Full Sweep has completed. Elapsed time 00:17:19
11:19: Traces Found: 85
11:21: Removal process initiated
11:21: Quarantining All Traces: keenvalue/perfectnav
11:22: Warning: Cannot open file "c:\program files\perfectnav\BHO\PerfectNav150c.dll". Access is denied
11:22: Failed to quarantine keenvalue/perfectnav
11:22: Failed to quarantine c:\program files\perfectnav
11:22: Quarantining All Traces: lopdotcom
11:22: Quarantining All Traces: navexcel navhelper
11:22: Quarantining All Traces: clickyes2enter dialer
11:22: Quarantining All Traces: atlas dmt cookie
11:22: Quarantining All Traces: clearsearch
11:22: Quarantining All Traces: daosearch
11:22: Quarantining All Traces: mindset interactive - favoriteman
11:22: Removal process completed. Elapsed time 00:01:35
********
11:01: |∑∑∑ Start of Session, 25 September 2005 ∑∑∑|
11:01: Spy Sweeper started
11:02: |∑∑∑ End of Session, 25 September 2005 ∑∑∑|
  • 0

#27
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
We need to clear out the Norton protected Recycle Bin:

1. On the desktop, right-click the Norton Protected Recycle Bin icon.
2. Click Properties.
3. On the Norton Protection tab, UNcheck Enable Protection.
4. Click OK.
5. Restart the computer - after reboot empty the Recycle Bin
6. On the desktop, right-click the Recycle Bin icon.
7. Click Properties.
8. On the Norton Protection tab, check Enable Protection.
9. Click OK.
10. Restart your computer into safe mode.

Once in Safe Mode, delete this folder:

C:\documents and settings\owner\application data\idol slow mode

Still in Safe Mode, try to delete this dll again:

C:\WINDOWS\icc.dll

If you still can't delete it we'll use a program called Killbox on it :tazz:
  • 0

#28
Astraeus

Astraeus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
odd...I uninstalled Norton a while ago because it started to go crazy and block the internet : /, to my knowledge it isnt on mys system. Did the uninstall fudgeup without me noticing?
  • 0

#29
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Did you try following my instructions? Please do so. There are items in the Recycle Bin still protected by Norton, so yes, the uninstall did fudgeup a bit.
  • 0

#30
Astraeus

Astraeus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thats the thing, there is no norton recycle bin... or any other norton stuff on my desktop or programs or anything. eek : /
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP