zip zap promos

I am continiously pestered with the zipzappromos. please help me in getting rid of the zipzappromos popups.

 

Hi vikram

Post a hijackthis log and someone here will be glad to help:
http://www.windowsbbs.com/showpost.php?p=159220&postcount=3

Also one from this tool, save it to your desktop then Unzip open the folder and run SCAN.BAT a text will open, post back with the results please.

Link removed becouse there will be improvments

 

hijackthis log and scan results

Hi there,

the following is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:41:43 PM, on 22/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\WINDOWS\shch.exe
C:\WINDOWS\svchst.exe
C:\WINDOWS\ccApp.exe
C:\Program Files\TimeSink\AdGateway\TsAdBot.exe
C:\windows\system32\xjteqplc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HistoryKill\histkill.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\as\HijackThis.exe

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [Quicktime] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\ccApp.exe /i
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TsAdBot.exe "
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitexie32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [UdpServices] "C:\Documents and Settings\Office\Desktop\3\BossWatcherInst\BWServer.exe"
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Free Download Manager.lnk = C:\Program Files\Free Download Manager\fdm.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Hijacked Internet access by New.Net
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103519051765
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058_XP.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A604C5E2-6F63-4F6E-84BF-E086BD0C14C4}: NameServer = 61.1.128.65 61.1.128.5
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

and the scan results:

»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccRegVfy SZ "C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe "
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Resume copy SZ copyfstq.exe /startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HueyToolbar SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updater SZ C:\\Program Files\\Common files\\updater\\wupdater.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\New.net Startup SZ rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{0228e555-4f9c-4e35-a3ec-b109a192b4c2} SZ C:\\Program Files\\Google\\Gmail Notifier\\G001-1.0.24.0\\gnotify.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Quicktime SZ C:\\WINDOWS\\shch.exe /i
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SheduIer SZ C:\\WINDOWS\\svchst.exe /i
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NeroCheck SZ C:\\WINDOWS\\ccApp.exe /i
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TimeSink Ad Client SZ "C:\\Program Files\\TimeSink\\AdGateway\\TsAdBot.exe "

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xjteqplc SZ c:\\windows\\system32\\xjteqplc.exe -start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\etbrun SZ C:\\windows\\system32\\elitexie32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ NONE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL\Installed SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI\Installed SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI\NoChange SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS\Installed SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ NONE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ NONE




HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe SZ C:\\WINDOWS\\system32\\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\HistoryKill SZ C:\\Program Files\\HistoryKill\\histkill.exe /startup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager SZ C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Google Desktop Search SZ "C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe" /startup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\UdpServices SZ "C:\\Documents and Settings\\Office\\Desktop\\3\\BossWatcherInst\\BWServer.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MoneyAgent SZ C:\\Program Files\\Microsoft Money\\System\\Money Express.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\eZmmod SZ C:\\PROGRA~1\\ezula\\mmod.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Instant Access SZ rundll32.exe EGDACCESS_1058.dll,InstantAccess

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ NONE

____________________________________________________________

I hope the above is correct info. you required. Please Do let me know if you need any other info. Waiting for your further response.

Vikram.

 

Hello

Set windows to show hidden extensions file's and folder's.
click for> instructions<.



It's recommended to uninstall NewDotNet.While off line,, Go to Control Panel add/remove programs and remove it. If you can't find it there go here and follow procedure number 4:
http://www.newdotnet.com/#remove
Restart the PC when is is finished
delete the NewDotNet folder in program files


Download this reg (fixme.reg) file to C:\ it will be easyer to find when in safe mode >
dont use it yet.
http://forums.net-integration.net/index.php?act=Attach&type=post&id=139779



Download Pocket Killbox ver 2.0.0.76
http://www.downloads.subratam.org/KillBox.exe
to a convenient location. I suggest C:\

Please copy this to a text for later referance

Reboot into safe mode
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Click Start, click Run, type msconfig in the Open box, and then click OK.
click the boot.ini tab > Tick [X]/Safeboot, apply > OK restart windows.
then choose safe.

Run fixme.reg by double clicking it and answer yes to the prompts, you should recieve a sucessful message is so delete fixme.reg as its not needed any longer.

Start KillBox.exe.
place a check next to "Delete on Reboot "
Copy then Paste (not type or browse) this file and path into the top "Full Path of File to Delete" box.

c:\windows\system32\xjteqplc.exe

Click the "Delete File" button which looks like a stop sign.
Click "Yes" the first promt
Click "No" at the second
Repeat those same steps for each of these files one at a time.

C:\WINDOWS\Downlo~1\EGDACCESS.inf
C:\WINDOWS\system32\EGDACCESS_1057.dll
C:\WINDOWS\shch.exe
C:\WINDOWS\svchst.exe
C:\WINDOWS\ccApp.exe


Exit Killbox

Start Hijackthis and place a check next to these items,
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binari...ESS_1057_XP.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binari...ESS_1058_XP.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binari...slv32_EN_XP.cab
====================================
Hit fix checked and close Hijackthis.



Find and delete (ONLY THESE EXACT) files and folder's (If present)

Delete C:\windows\system32\elit????32.exe <these file's
Delete "C:\Windows\system32\Kalv???32.exe <these file's
(where ??? indicates random characters).
be carefull, if any doubt leave them alone.
Delete C:\windows\EliteToolBar
Delete C:\WINDOWS\EliteSideBar
Delete C:\windows\EliteBar
C:\PROGRAM FILES\ezula and TimeSink
C:\Program Files\Common files\updater < delete

Other files to look for and delete > silent.exe, protector.exe, silent_install.exe

While still in safe mode do a full system scan with your antivirus program, when thats finished do the same with antispyware programs > SpyBot and Ad-Aware if you have them, do you ?



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Restart back to normal By unchecking [ ]/safeboot in msconfig
hit apply then OK and let windows restart
When windows is restarted place a check in the
[X] dont show this message or launch the system configurations utlity when windows starts.

Once back post a fresh hijackthis log

 

hi Jones,

have completed all the steps u instructed and the following is the fresh hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 9:55:16 AM, on 23/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HistoryKill\histkill.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\as\HijackThis.exe

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\ccApp.exe /i
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [UdpServices] "C:\Documents and Settings\Office\Desktop\3\BossWatcherInst\BWServer.exe"
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Free Download Manager.lnk = C:\Program Files\Free Download Manager\fdm.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103519051765
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

_______________________________________________

Hey is this over, am not getting the zipzap popups since 5 minites.....and also i am not getting any ads from ad1..search miracle.....Great....

Are there any further steps to be carried over.???....

 

Hi
"Run fixme.reg by double clicking it and answer yes to the prompts, you should recieve a sucessful message is so delete fixme.reg as its not needed any longer. "

Did you recieve a successfull message ?

Have Hijackthis fix these items >
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\ccApp.exe /i

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess
=================
Restart your PC

Install SpywareBlaster 3.3 (By JavaCool): http://www.javacoolsoftware.com/spywareblaster.html


Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
If any problems feel free to ask


Run SCAN.BAT once more and post that text please

 

Scan.bat log

hi jone,

Thanks a lot for ur help. You have relieved from an irritating stuff..

»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccRegVfy SZ "C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe "
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Resume copy SZ copyfstq.exe /startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HueyToolbar SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{0228e555-4f9c-4e35-a3ec-b109a192b4c2} SZ C:\\Program Files\\Google\\Gmail Notifier\\G001-1.0.24.0\\gnotify.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ NONE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL\Installed SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI\Installed SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI\NoChange SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS\Installed SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ NONE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ NONE




HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe SZ C:\\WINDOWS\\system32\\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\HistoryKill SZ C:\\Program Files\\HistoryKill\\histkill.exe /startup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager SZ C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Google Desktop Search SZ "C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe" /startup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\UdpServices SZ "C:\\Documents and Settings\\Office\\Desktop\\3\\BossWatcherInst\\BWServer.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MoneyAgent SZ C:\\Program Files\\Microsoft Money\\System\\Money Express.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ NONE

 

Looks fine

You might want to consider an alternative to historykill
Ive notice other craps advertize it, not a good sign.

Any idea what this is ?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HueyToolbar SZ

Edit:

send me this folder please
C:\Program Files\Huey\
Send to filesubmitATnet-integration.net
Replace AT with @ and include a link back to this thread.