[coachwife6]

I want you to turn off system restore and follow the same procedure. I have included the instructions on how to turn it on and off below.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

[Advertisements]

ok i am at work right now. i will try this tonight and reply back to you after.
thanks you so much. i hope this works haha

[mr joshua]

ok i am at work right now. i will try this tonight and reply back to you after.
thanks you so much. i hope this works haha

[coachwife6]

OK. There's another fix out there, but I need to see a new log, unless it's the exact same.

[mr joshua]

here are the new log files
also there are random sites appearing in my favorits list. sites that i do not want there at all. i keep deleting them but they come back everytime restart internet explorer? i dunno
thank you

Logfile of HijackThis v1.99.1
Scan saved at 10:56:20 PM, on 2/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\sysoi32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINNT\appwt32.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\A5ZG943U\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com...ktime/download/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5DAA522C-50B4-CDFB-285D-D4B0ADFC7B1C} - C:\WINNT\system32\atlbj.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [apill32.exe] C:\WINNT\system32\apill32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysoi32.exe] C:\WINNT\system32\sysoi32.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Workstation NetLogon Service (�%AF夶À¨) - Unknown owner - C:\WINNT\appwt32.exe



Scanned at: 10:13:56 PM on: 2/17/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed! : C:\WINNT\bujyx.dat
Removed! : C:\WINNT\bupeh.dll
Error Removing! : C:\WINNT\bwfikh.dat
Removed! : C:\WINNT\chmha.dll
Removed! : C:\WINNT\cirdw.dat
Removed! : C:\WINNT\ckoryy.dat
Removed! : C:\WINNT\cnewo.dat
Removed! : C:\WINNT\cqagw.dat
Removed! : C:\WINNT\crpa.exe
Removed! : C:\WINNT\crwn.exe
Removed! : C:\WINNT\cwaiy.dll
Removed! : C:\WINNT\d3xz32.exe
Removed! : C:\WINNT\ddpkj.dat
Removed! : C:\WINNT\ddybd.dll
Removed! : C:\WINNT\dervw.dat
Removed! : C:\WINNT\dmgyq.dat
Removed! : C:\WINNT\dneuwf.dat
Removed! : C:\WINNT\dxsfo.dat
Removed! : C:\WINNT\emqxu.dll
Removed! : C:\WINNT\erkakl.dat
Removed! : C:\WINNT\ftvtw.dat
Removed! : C:\WINNT\ftvtws.dat
Removed! : C:\WINNT\gatsc.dat
Removed! : C:\WINNT\ggrnx.dll
Removed! : C:\WINNT\ggvwv.dll
Removed! : C:\WINNT\glota.dll
Removed! : C:\WINNT\gowoo.dat
Removed! : C:\WINNT\gowoo.dll
Removed! : C:\WINNT\grmte.dat
Removed! : C:\WINNT\gukrv.dat
Removed! : C:\WINNT\hafyi.dat
Removed! : C:\WINNT\hfavm.dll
Removed! : C:\WINNT\hnrmk.dll
Removed! : C:\WINNT\idvux.dat
Removed! : C:\WINNT\ienf.exe
Removed! : C:\WINNT\iomekv.dat
Removed! : C:\WINNT\irzmz.dll
Removed! : C:\WINNT\javaji.exe
Removed! : C:\WINNT\jplns.dat
Removed! : C:\WINNT\kffkw.dat
Removed! : C:\WINNT\kgbtj.dll
Removed! : C:\WINNT\khgpo.dat
Removed! : C:\WINNT\kiite.dll
Removed! : C:\WINNT\kitus.dat
Removed! : C:\WINNT\krwek.dat
Removed! : C:\WINNT\ksdxr.dll
Removed! : C:\WINNT\ktzpn.dll
Removed! : C:\WINNT\licwjl.dat
Removed! : C:\WINNT\mfcnb32.exe
Removed! : C:\WINNT\mjjau.dll
Removed! : C:\WINNT\mlrqh.dat
Removed! : C:\WINNT\mrkpl.dat
Removed! : C:\WINNT\msxn32.exe
Removed! : C:\WINNT\muovv.dat
Removed! : C:\WINNT\muvgb.dll
Removed! : C:\WINNT\mwzdb.dat
Removed! : C:\WINNT\ngbyz.dll
Removed! : C:\WINNT\nhfjw.dat
Removed! : C:\WINNT\nidvsh.dat
Removed! : C:\WINNT\niihy.dat
Removed! : C:\WINNT\nkzut.dat
Removed! : C:\WINNT\ntzb.dll
Removed! : C:\WINNT\nyixv.dat
Removed! : C:\WINNT\n_atoplu.dat
Removed! : C:\WINNT\n_cfutcz.dat
Removed! : C:\WINNT\n_nvnaxm.dat
Removed! : C:\WINNT\n_nzosor.dat
Removed! : C:\WINNT\n_qrdnho.dat
Removed! : C:\WINNT\n_tocsjz.dat
Removed! : C:\WINNT\n_vebedf.dat
Removed! : C:\WINNT\ohiaj.dat
Removed! : C:\WINNT\orijg.dat
Removed! : C:\WINNT\ovqxw.dat
Removed! : C:\WINNT\pdrmj.dll
Removed! : C:\WINNT\pwnez.dat
Removed! : C:\WINNT\pyvdr.dat
Removed! : C:\WINNT\qjufl.dat
Removed! : C:\WINNT\qvmal.dat
Removed! : C:\WINNT\qyfor.dll
Removed! : C:\WINNT\sbboq.dat
Removed! : C:\WINNT\sbuvg.dat
Removed! : C:\WINNT\scupi.dat
Removed! : C:\WINNT\sdkbn.exe
Removed! : C:\WINNT\sdkdu32.exe
Removed! : C:\WINNT\sdkfw32.exe
Removed! : C:\WINNT\sdkrh.exe
Removed! : C:\WINNT\sdkti32.exe
Removed! : C:\WINNT\sysll32.exe
Removed! : C:\WINNT\thjzx.dat
Removed! : C:\WINNT\tqljm.dat
Removed! : C:\WINNT\tqsqh.dat
Removed! : C:\WINNT\tqtwu.dll
Removed! : C:\WINNT\trkkf.dat
Removed! : C:\WINNT\twgmyb.dat
Removed! : C:\WINNT\uljge.dat
Removed! : C:\WINNT\uxmmd.dll
Removed! : C:\WINNT\vhohx.dat
Removed! : C:\WINNT\vhrilh.dat
Removed! : C:\WINNT\vkgbt.dat
Removed! : C:\WINNT\vvbvz.dat
Removed! : C:\WINNT\vxudr.dll
Removed! : C:\WINNT\vzrzh.dat
Removed! : C:\WINNT\wohab.dat
Removed! : C:\WINNT\wvkwt.dll
Removed! : C:\WINNT\wvyvu.dat
Removed! : C:\WINNT\xqwdx.dll
Removed! : C:\WINNT\yntuu.dat
Removed! : C:\WINNT\ytkda.dat
Removed! : C:\WINNT\yvzff.dat
Removed! : C:\WINNT\yymev.dat
Removed! : C:\WINNT\zjehm.dat
Removed! : C:\WINNT\zwbsy.dll
Removed! : C:\WINNT\system32\acoax.dat
Removed! : C:\WINNT\system32\apvgo.dat
Removed! : C:\WINNT\system32\aqwcl.dat
Removed! : C:\WINNT\system32\atjbw.dll
Removed! : C:\WINNT\system32\azcea.dat
Removed! : C:\WINNT\system32\bhnww.dll
Removed! : C:\WINNT\system32\bidvi.dat
Removed! : C:\WINNT\system32\boans.dat
Removed! : C:\WINNT\system32\bopgd.dat
Removed! : C:\WINNT\system32\bqciz.dll
Removed! : C:\WINNT\system32\ctcwy.dat
Removed! : C:\WINNT\system32\cwvhp.dat
Removed! : C:\WINNT\system32\czbyy.dat
Removed! : C:\WINNT\system32\dfcnk.dll
Removed! : C:\WINNT\system32\dgrye.dll
Removed! : C:\WINNT\system32\dloaw.dat
Removed! : C:\WINNT\system32\dlrtc.dll
Removed! : C:\WINNT\system32\ehrvl.dat
Removed! : C:\WINNT\system32\ejmte.dat
Removed! : C:\WINNT\system32\esufb.dat
Removed! : C:\WINNT\system32\euaoe.dat
Removed! : C:\WINNT\system32\fcfjs.dat
Removed! : C:\WINNT\system32\fdkai.dat
Removed! : C:\WINNT\system32\fwmlo.dat
Removed! : C:\WINNT\system32\gevhq.dll
Removed! : C:\WINNT\system32\gfckb.dll
Removed! : C:\WINNT\system32\gjyxt.dat
Removed! : C:\WINNT\system32\gkgyx.dat
Removed! : C:\WINNT\system32\gltvp.dat
Removed! : C:\WINNT\system32\gnrwj.dat
Removed! : C:\WINNT\system32\gxlag.dat
Removed! : C:\WINNT\system32\hbpnp.dat
Removed! : C:\WINNT\system32\heveh.dat
Removed! : C:\WINNT\system32\hevxp.dat
Removed! : C:\WINNT\system32\hkjxb.dat
Removed! : C:\WINNT\system32\hvmsz.dat
Removed! : C:\WINNT\system32\hywpo.dll
Removed! : C:\WINNT\system32\igzkq.dat
Removed! : C:\WINNT\system32\igzkq.dll
Removed! : C:\WINNT\system32\inqto.dll
Removed! : C:\WINNT\system32\ipyj32.exe
Removed! : C:\WINNT\system32\itmcf.dat
Removed! : C:\WINNT\system32\javagr32.exe
Removed! : C:\WINNT\system32\javaow.exe
Removed! : C:\WINNT\system32\javapv32.exe
Removed! : C:\WINNT\system32\javasl.exe
Removed! : C:\WINNT\system32\jcwyu.dat
Removed! : C:\WINNT\system32\jlpmv.dll
Removed! : C:\WINNT\system32\jqgsa.dat
Removed! : C:\WINNT\system32\jxhkc.dll
Removed! : C:\WINNT\system32\kamcm.dat
Removed! : C:\WINNT\system32\kbldc.dll
Removed! : C:\WINNT\system32\kfthp.dat
Removed! : C:\WINNT\system32\kqhmf.dat
Removed! : C:\WINNT\system32\ksvwm.dll
Removed! : C:\WINNT\system32\ktsxc.dat
Removed! : C:\WINNT\system32\kvzlp.dat
Removed! : C:\WINNT\system32\kydhd.dat
Removed! : C:\WINNT\system32\lashb.dat
Removed! : C:\WINNT\system32\ldgvv.dat
Removed! : C:\WINNT\system32\ljvcb.dat
Removed! : C:\WINNT\system32\lterz.dat
Removed! : C:\WINNT\system32\lzhxh.dat
Removed! : C:\WINNT\system32\mhywp.dat
Removed! : C:\WINNT\system32\nbssj.dll
Removed! : C:\WINNT\system32\ngvcd.dat
Removed! : C:\WINNT\system32\nrygi.dat
Removed! : C:\WINNT\system32\ntap32.exe
Removed! : C:\WINNT\system32\nxdvz.dat
Removed! : C:\WINNT\system32\ouiyz.dat
Removed! : C:\WINNT\system32\oupul.dll
Removed! : C:\WINNT\system32\ozrur.dll
Removed! : C:\WINNT\system32\pcpjs.dat
Removed! : C:\WINNT\system32\pcpjs.dll
Removed! : C:\WINNT\system32\pgtnp.dat
Removed! : C:\WINNT\system32\ppteo.dat
Removed! : C:\WINNT\system32\pxqzx.dat
Removed! : C:\WINNT\system32\qkutt.dat
Removed! : C:\WINNT\system32\qqeae.dat
Removed! : C:\WINNT\system32\rcxyz.dat
Removed! : C:\WINNT\system32\rkpty.dat
Removed! : C:\WINNT\system32\rkrdl.dll
Removed! : C:\WINNT\system32\rlacu.dat
Removed! : C:\WINNT\system32\sdgrq.dat
Removed! : C:\WINNT\system32\sdkbe.exe
Removed! : C:\WINNT\system32\sdkxd.exe
Removed! : C:\WINNT\system32\seiac.dat
Removed! : C:\WINNT\system32\sysxk.exe
Removed! : C:\WINNT\system32\taqfy.dat
Removed! : C:\WINNT\system32\tilsd.dat
Removed! : C:\WINNT\system32\tnqsp.dat
Removed! : C:\WINNT\system32\ujrlp.dll
Removed! : C:\WINNT\system32\uxnaw.dat
Removed! : C:\WINNT\system32\uxnaw.dll
Removed! : C:\WINNT\system32\uzwaw.dll
Removed! : C:\WINNT\system32\vgkzc.dat
Removed! : C:\WINNT\system32\vjepw.dat
Removed! : C:\WINNT\system32\vqfqm.dat
Removed! : C:\WINNT\system32\vuxtf.dat
Removed! : C:\WINNT\system32\wkqwk.dll
Removed! : C:\WINNT\system32\wpigy.dat
Removed! : C:\WINNT\system32\xldsl.dll
Removed! : C:\WINNT\system32\xmyfc.dat
Removed! : C:\WINNT\system32\xpqgh.dll
Removed! : C:\WINNT\system32\xtjea.dat
Removed! : C:\WINNT\system32\xtynh.dll
Removed! : C:\WINNT\system32\xywhv.dat
Removed! : C:\WINNT\system32\xzrzk.dat
Removed! : C:\WINNT\system32\yajzl.dat
Removed! : C:\WINNT\system32\ycbel.dat
Removed! : C:\WINNT\system32\ydech.dat
Removed! : C:\WINNT\system32\yhnyo.dll
Removed! : C:\WINNT\system32\ylabo.dll
Removed! : C:\WINNT\system32\zflbz.dat
Removed! : C:\WINNT\system32\zmlnn.dat
Removed! : C:\WINNT\system32\zphux.dll
Removed! : C:\WINNT\system32\zwfvz.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed! : C:\WINNT\bwfikh.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!

[coachwife6]

working on it.

[coachwife6]

Turn off system restore.

OK. We have an old version of About Buster:

It should read

About:Buster Version 4.0
Reference List : 23

Download the newest version of about buster at

http://malwarebytes....AboutBuster.zip

and unzip it to a folder.

Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.


Please download and install http://www.lavasoftu...pport/download/.
Check http://russelltexas....e/adawarese.htm on how setup and use it - please make sure you update it first.

Download and unzip cwsserviceremove to your desktop. use either link below:
http://computercops....ownload&id=3002
http://www.mytechsup...rviceremove.zip


Download CW-Shredder at the link below:
http://cwshredder.ne.../CWShredder.exe

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigha...ds/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

Here's the fix:

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
Remote Procedure Call (RPC) Helper


When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!

3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for:

appee32.exe
appwt32.exe

If you find the files, click on them, and then click End Process => Exit the Task Manager.

4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mvuin.dll/sp.html#12802

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {5DAA522C-50B4-CDFB-285D-D4B0ADFC7B1C} - C:\WINNT\system32\atlbj.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [apill32.exe] C:\WINNT\system32\apill32.exe
O4 - HKLM\..\Run: [sysoi32.exe] C:\WINNT\system32\sysoi32.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)


O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O23 - Service: Workstation NetLogon Service (�%AF夶À¨) - Unknown owner - C:\WINNT\appwt32.exe


5. Delete the following files if present:

C:\WINNT\system32\mvuin.dll
C:\WINNT\system32\atlbj.dll
C:\WINNT\system32\apill32.exe
C:\WINNT\system32\sysoi32.exe
C:\WINNT\appwt32.exe
C:\WINNT\appee32.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.


(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

7. Scan with AdAware and let it remove any bad files found.

8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

9. Double click on the cwsserviceremove and when asked to merge say yes.

10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

11. Reboot into normal mode.

Delete this folder if still present: C:\Program Files\TimeSink

12. Download the Hoster from here http://members.aol.c...dbee/hoster.zip. Press "Restore Original Hosts" and press "OK". Exit Program.

13. Download and run this online virus scan:
http://housecall.tre.../start_corp.asp
Make sure you check "AutoClean"


14. Reboot and post a fresh HJT log back here by using the add reply button below, and lets see how we did.

Big Thanks to Mr. C for the fix.

[mr joshua]

here is my new stuff.
also there are some sites that keeping on poping up in my favorites list, that i absoulty do not want. every time i delete them, when i restart they are back again. i dunno.
is it cool just to delete dr. watson? case i can try that..
thank you.
joshua


Logfile of HijackThis v1.99.1
Scan saved at 10:56:20 PM, on 2/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\sysoi32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINNT\appwt32.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\A5ZG943U\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mvuin.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com...ktime/download/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5DAA522C-50B4-CDFB-285D-D4B0ADFC7B1C} - C:\WINNT\system32\atlbj.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [apill32.exe] C:\WINNT\system32\apill32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysoi32.exe] C:\WINNT\system32\sysoi32.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Workstation NetLogon Service (�%AF夶À¨) - Unknown owner - C:\WINNT\appwt32.exe


Scanned at: 10:13:56 PM on: 2/17/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed! : C:\WINNT\bujyx.dat
Removed! : C:\WINNT\bupeh.dll
Error Removing! : C:\WINNT\bwfikh.dat
Removed! : C:\WINNT\chmha.dll
Removed! : C:\WINNT\cirdw.dat
Removed! : C:\WINNT\ckoryy.dat
Removed! : C:\WINNT\cnewo.dat
Removed! : C:\WINNT\cqagw.dat
Removed! : C:\WINNT\crpa.exe
Removed! : C:\WINNT\crwn.exe
Removed! : C:\WINNT\cwaiy.dll
Removed! : C:\WINNT\d3xz32.exe
Removed! : C:\WINNT\ddpkj.dat
Removed! : C:\WINNT\ddybd.dll
Removed! : C:\WINNT\dervw.dat
Removed! : C:\WINNT\dmgyq.dat
Removed! : C:\WINNT\dneuwf.dat
Removed! : C:\WINNT\dxsfo.dat
Removed! : C:\WINNT\emqxu.dll
Removed! : C:\WINNT\erkakl.dat
Removed! : C:\WINNT\ftvtw.dat
Removed! : C:\WINNT\ftvtws.dat
Removed! : C:\WINNT\gatsc.dat
Removed! : C:\WINNT\ggrnx.dll
Removed! : C:\WINNT\ggvwv.dll
Removed! : C:\WINNT\glota.dll
Removed! : C:\WINNT\gowoo.dat
Removed! : C:\WINNT\gowoo.dll
Removed! : C:\WINNT\grmte.dat
Removed! : C:\WINNT\gukrv.dat
Removed! : C:\WINNT\hafyi.dat
Removed! : C:\WINNT\hfavm.dll
Removed! : C:\WINNT\hnrmk.dll
Removed! : C:\WINNT\idvux.dat
Removed! : C:\WINNT\ienf.exe
Removed! : C:\WINNT\iomekv.dat
Removed! : C:\WINNT\irzmz.dll
Removed! : C:\WINNT\javaji.exe
Removed! : C:\WINNT\jplns.dat
Removed! : C:\WINNT\kffkw.dat
Removed! : C:\WINNT\kgbtj.dll
Removed! : C:\WINNT\khgpo.dat
Removed! : C:\WINNT\kiite.dll
Removed! : C:\WINNT\kitus.dat
Removed! : C:\WINNT\krwek.dat
Removed! : C:\WINNT\ksdxr.dll
Removed! : C:\WINNT\ktzpn.dll
Removed! : C:\WINNT\licwjl.dat
Removed! : C:\WINNT\mfcnb32.exe
Removed! : C:\WINNT\mjjau.dll
Removed! : C:\WINNT\mlrqh.dat
Removed! : C:\WINNT\mrkpl.dat
Removed! : C:\WINNT\msxn32.exe
Removed! : C:\WINNT\muovv.dat
Removed! : C:\WINNT\muvgb.dll
Removed! : C:\WINNT\mwzdb.dat
Removed! : C:\WINNT\ngbyz.dll
Removed! : C:\WINNT\nhfjw.dat
Removed! : C:\WINNT\nidvsh.dat
Removed! : C:\WINNT\niihy.dat
Removed! : C:\WINNT\nkzut.dat
Removed! : C:\WINNT\ntzb.dll
Removed! : C:\WINNT\nyixv.dat
Removed! : C:\WINNT\n_atoplu.dat
Removed! : C:\WINNT\n_cfutcz.dat
Removed! : C:\WINNT\n_nvnaxm.dat
Removed! : C:\WINNT\n_nzosor.dat
Removed! : C:\WINNT\n_qrdnho.dat
Removed! : C:\WINNT\n_tocsjz.dat
Removed! : C:\WINNT\n_vebedf.dat
Removed! : C:\WINNT\ohiaj.dat
Removed! : C:\WINNT\orijg.dat
Removed! : C:\WINNT\ovqxw.dat
Removed! : C:\WINNT\pdrmj.dll
Removed! : C:\WINNT\pwnez.dat
Removed! : C:\WINNT\pyvdr.dat
Removed! : C:\WINNT\qjufl.dat
Removed! : C:\WINNT\qvmal.dat
Removed! : C:\WINNT\qyfor.dll
Removed! : C:\WINNT\sbboq.dat
Removed! : C:\WINNT\sbuvg.dat
Removed! : C:\WINNT\scupi.dat
Removed! : C:\WINNT\sdkbn.exe
Removed! : C:\WINNT\sdkdu32.exe
Removed! : C:\WINNT\sdkfw32.exe
Removed! : C:\WINNT\sdkrh.exe
Removed! : C:\WINNT\sdkti32.exe
Removed! : C:\WINNT\sysll32.exe
Removed! : C:\WINNT\thjzx.dat
Removed! : C:\WINNT\tqljm.dat
Removed! : C:\WINNT\tqsqh.dat
Removed! : C:\WINNT\tqtwu.dll
Removed! : C:\WINNT\trkkf.dat
Removed! : C:\WINNT\twgmyb.dat
Removed! : C:\WINNT\uljge.dat
Removed! : C:\WINNT\uxmmd.dll
Removed! : C:\WINNT\vhohx.dat
Removed! : C:\WINNT\vhrilh.dat
Removed! : C:\WINNT\vkgbt.dat
Removed! : C:\WINNT\vvbvz.dat
Removed! : C:\WINNT\vxudr.dll
Removed! : C:\WINNT\vzrzh.dat
Removed! : C:\WINNT\wohab.dat
Removed! : C:\WINNT\wvkwt.dll
Removed! : C:\WINNT\wvyvu.dat
Removed! : C:\WINNT\xqwdx.dll
Removed! : C:\WINNT\yntuu.dat
Removed! : C:\WINNT\ytkda.dat
Removed! : C:\WINNT\yvzff.dat
Removed! : C:\WINNT\yymev.dat
Removed! : C:\WINNT\zjehm.dat
Removed! : C:\WINNT\zwbsy.dll
Removed! : C:\WINNT\system32\acoax.dat
Removed! : C:\WINNT\system32\apvgo.dat
Removed! : C:\WINNT\system32\aqwcl.dat
Removed! : C:\WINNT\system32\atjbw.dll
Removed! : C:\WINNT\system32\azcea.dat
Removed! : C:\WINNT\system32\bhnww.dll
Removed! : C:\WINNT\system32\bidvi.dat
Removed! : C:\WINNT\system32\boans.dat
Removed! : C:\WINNT\system32\bopgd.dat
Removed! : C:\WINNT\system32\bqciz.dll
Removed! : C:\WINNT\system32\ctcwy.dat
Removed! : C:\WINNT\system32\cwvhp.dat
Removed! : C:\WINNT\system32\czbyy.dat
Removed! : C:\WINNT\system32\dfcnk.dll
Removed! : C:\WINNT\system32\dgrye.dll
Removed! : C:\WINNT\system32\dloaw.dat
Removed! : C:\WINNT\system32\dlrtc.dll
Removed! : C:\WINNT\system32\ehrvl.dat
Removed! : C:\WINNT\system32\ejmte.dat
Removed! : C:\WINNT\system32\esufb.dat
Removed! : C:\WINNT\system32\euaoe.dat
Removed! : C:\WINNT\system32\fcfjs.dat
Removed! : C:\WINNT\system32\fdkai.dat
Removed! : C:\WINNT\system32\fwmlo.dat
Removed! : C:\WINNT\system32\gevhq.dll
Removed! : C:\WINNT\system32\gfckb.dll
Removed! : C:\WINNT\system32\gjyxt.dat
Removed! : C:\WINNT\system32\gkgyx.dat
Removed! : C:\WINNT\system32\gltvp.dat
Removed! : C:\WINNT\system32\gnrwj.dat
Removed! : C:\WINNT\system32\gxlag.dat
Removed! : C:\WINNT\system32\hbpnp.dat
Removed! : C:\WINNT\system32\heveh.dat
Removed! : C:\WINNT\system32\hevxp.dat
Removed! : C:\WINNT\system32\hkjxb.dat
Removed! : C:\WINNT\system32\hvmsz.dat
Removed! : C:\WINNT\system32\hywpo.dll
Removed! : C:\WINNT\system32\igzkq.dat
Removed! : C:\WINNT\system32\igzkq.dll
Removed! : C:\WINNT\system32\inqto.dll
Removed! : C:\WINNT\system32\ipyj32.exe
Removed! : C:\WINNT\system32\itmcf.dat
Removed! : C:\WINNT\system32\javagr32.exe
Removed! : C:\WINNT\system32\javaow.exe
Removed! : C:\WINNT\system32\javapv32.exe
Removed! : C:\WINNT\system32\javasl.exe
Removed! : C:\WINNT\system32\jcwyu.dat
Removed! : C:\WINNT\system32\jlpmv.dll
Removed! : C:\WINNT\system32\jqgsa.dat
Removed! : C:\WINNT\system32\jxhkc.dll
Removed! : C:\WINNT\system32\kamcm.dat
Removed! : C:\WINNT\system32\kbldc.dll
Removed! : C:\WINNT\system32\kfthp.dat
Removed! : C:\WINNT\system32\kqhmf.dat
Removed! : C:\WINNT\system32\ksvwm.dll
Removed! : C:\WINNT\system32\ktsxc.dat
Removed! : C:\WINNT\system32\kvzlp.dat
Removed! : C:\WINNT\system32\kydhd.dat
Removed! : C:\WINNT\system32\lashb.dat
Removed! : C:\WINNT\system32\ldgvv.dat
Removed! : C:\WINNT\system32\ljvcb.dat
Removed! : C:\WINNT\system32\lterz.dat
Removed! : C:\WINNT\system32\lzhxh.dat
Removed! : C:\WINNT\system32\mhywp.dat
Removed! : C:\WINNT\system32\nbssj.dll
Removed! : C:\WINNT\system32\ngvcd.dat
Removed! : C:\WINNT\system32\nrygi.dat
Removed! : C:\WINNT\system32\ntap32.exe
Removed! : C:\WINNT\system32\nxdvz.dat
Removed! : C:\WINNT\system32\ouiyz.dat
Removed! : C:\WINNT\system32\oupul.dll
Removed! : C:\WINNT\system32\ozrur.dll
Removed! : C:\WINNT\system32\pcpjs.dat
Removed! : C:\WINNT\system32\pcpjs.dll
Removed! : C:\WINNT\system32\pgtnp.dat
Removed! : C:\WINNT\system32\ppteo.dat
Removed! : C:\WINNT\system32\pxqzx.dat
Removed! : C:\WINNT\system32\qkutt.dat
Removed! : C:\WINNT\system32\qqeae.dat
Removed! : C:\WINNT\system32\rcxyz.dat
Removed! : C:\WINNT\system32\rkpty.dat
Removed! : C:\WINNT\system32\rkrdl.dll
Removed! : C:\WINNT\system32\rlacu.dat
Removed! : C:\WINNT\system32\sdgrq.dat
Removed! : C:\WINNT\system32\sdkbe.exe
Removed! : C:\WINNT\system32\sdkxd.exe
Removed! : C:\WINNT\system32\seiac.dat
Removed! : C:\WINNT\system32\sysxk.exe
Removed! : C:\WINNT\system32\taqfy.dat
Removed! : C:\WINNT\system32\tilsd.dat
Removed! : C:\WINNT\system32\tnqsp.dat
Removed! : C:\WINNT\system32\ujrlp.dll
Removed! : C:\WINNT\system32\uxnaw.dat
Removed! : C:\WINNT\system32\uxnaw.dll
Removed! : C:\WINNT\system32\uzwaw.dll
Removed! : C:\WINNT\system32\vgkzc.dat
Removed! : C:\WINNT\system32\vjepw.dat
Removed! : C:\WINNT\system32\vqfqm.dat
Removed! : C:\WINNT\system32\vuxtf.dat
Removed! : C:\WINNT\system32\wkqwk.dll
Removed! : C:\WINNT\system32\wpigy.dat
Removed! : C:\WINNT\system32\xldsl.dll
Removed! : C:\WINNT\system32\xmyfc.dat
Removed! : C:\WINNT\system32\xpqgh.dll
Removed! : C:\WINNT\system32\xtjea.dat
Removed! : C:\WINNT\system32\xtynh.dll
Removed! : C:\WINNT\system32\xywhv.dat
Removed! : C:\WINNT\system32\xzrzk.dat
Removed! : C:\WINNT\system32\yajzl.dat
Removed! : C:\WINNT\system32\ycbel.dat
Removed! : C:\WINNT\system32\ydech.dat
Removed! : C:\WINNT\system32\yhnyo.dll
Removed! : C:\WINNT\system32\ylabo.dll
Removed! : C:\WINNT\system32\zflbz.dat
Removed! : C:\WINNT\system32\zmlnn.dat
Removed! : C:\WINNT\system32\zphux.dll
Removed! : C:\WINNT\system32\zwfvz.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed! : C:\WINNT\bwfikh.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!

[coachwife6]

Have you tried deleting those files in your favorites folder? Make sure you do that and then clean out your temp. folders. I have given you directions on how to do that previously.

Make sure system restore is still turned off and try the fix again following the exact order.

[mr joshua]

about buster wont let me update it?? i dont know why. is there somewhere i can just download the newer version?
thank you

[coachwife6]

Try uninstalling it and downloading the new version at the site.

[mr joshua]

hello it wont let me do step one

(1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
Remote Procedure Call (RPC) Helper


When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.)


i can go there, but it wount let me stop it. i mean stop s there, but it wont let me click on it???
any sugestions?
thanks

[coachwife6]

MJ: We will get this fixed. Let me see another log. I am going to see if one of the other experts can work on this. Maybe they can find another solution.

[maxf32]

hey, My name is cody, im having that drwtsn32.exe problem i cant open ANY folder at all without drwtsn32.exe popping up in my processes.. I couldnt tell if you were still working on the same problem or not. Was there a fix in this string of posts, did i not read it clearly . Lemme know, i appriciate it, ive been trying to get rid of this for a while.

[coachwife6]

Cody:

You need to start a new topic and we can look at your log.

[maxf32]

I actually just fixed it, taking the steps you told everyone else to take, thanks alot.. Im sure ill be back with more problems at some point. Take care.

Cody