1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Virus problems [HJT log]

Discussion in 'Malware and Virus Removal Archive' started by abnewallo, 2005/10/01.

  1. 2005/10/01
    abnewallo Lifetime Subscription

    abnewallo Well-Known Member Thread Starter

    Joined:
    2005/02/28
    Messages:
    89
    Likes Received:
    0
    I have run Kaspersky in safe mode and it found some Trojan.dropper instances that have been deleted.

    I am unbale to run anything in normal mode, since the system is just hanging all the time.

    I have not been able to run List Programs in safe mode; it returns with a "VB Script" error.

    I am sending the file from a run of HijackThis in safe mode.
     
    abnewallo,
    #1
  2. 2005/10/01
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    abnewallo

    Usual practice is to post the HJT log into a post here - I have done it for you.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:48:26 PM, on 10/1/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Downloads\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Panicware BHO Class - {00000000-6C30-11D8-9363-000AE6309658} - C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PWIBHO.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - [SABInprocServer32] (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {15B62447-CDD0-9427-D0F8-C369468CD4ED} - (no file)
    O2 - BHO: (no name) - {172EF3C1-0217-4DC4-2A87-401FE12A9BFA} - (no file)
    O2 - BHO: (no name) - {259B1441-E094-A31F-FDCD-F44404CDF9AE} - (no file)
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: (no name) - {825AD351-2689-635D-E6CB-617D97CD58F5} - (no file)
    O2 - BHO: (no name) - {8ABD9E70-3DFC-7E25-9D29-7F2C72D903A6} - C:\WINDOWS\system32\dardjec.dll (file missing)
    O2 - BHO: (no name) - {A0746078-9CA4-8628-95AB-87D3EDC523A7} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {B75E7715-D398-C545-FDD6-952292A265A7} - (no file)
    O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - [SABInprocServer32] (file missing)
    O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
    O2 - BHO: (no name) - {D9BAEA49-50DB-0F72-DB63-0AC54C0E47B6} - C:\WINDOWS\system32\wmayswj.dll
    O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
    O3 - Toolbar: Pop-Up Stopper Anti-Spyware Toolbar - {E4CAA75E-9B5F-45EB-8E4E-8B743B44F171} - C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PWITB.DLL
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
    O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124330461\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [wpimeygsh] c:\windows\system32\wpimeygsh.exe -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll "
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
    O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1044_ES_XP.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c6.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/FunBuddyIconsFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127248387497
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1045_EN_XP.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_ES_XP.cab
    O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rockstar.messenger.msn.com/rockstar.cab
    O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_XP.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/heavyweapon/popcaploader_v7.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_ASPIV4_XP.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Pop-Up Stopper Anti-Spyware Service (PWISVC) - Panicware, Inc. - C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PWISVC.EXE
    O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2005/10/01
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    use HJT again and check these items, then press the Fix button:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    check this too unless you want this search bar:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - [SABInprocServer32] (file missing)
    O2 - BHO: (no name) - {15B62447-CDD0-9427-D0F8-C369468CD4ED} - (no file)
    O2 - BHO: (no name) - {172EF3C1-0217-4DC4-2A87-401FE12A9BFA} - (no file)
    O2 - BHO: (no name) - {259B1441-E094-A31F-FDCD-F44404CDF9AE} - (no file)
    O2 - BHO: (no name) - {825AD351-2689-635D-E6CB-617D97CD58F5} - (no file)
    O2 - BHO: (no name) - {8ABD9E70-3DFC-7E25-9D29-7F2C72D903A6} - C:\WINDOWS\system32\dardjec.dll (file missing)
    O2 - BHO: (no name) - {A0746078-9CA4-8628-95AB-87D3EDC523A7} - (no file)
    O2 - BHO: (no name) - {B75E7715-D398-C545-FDD6-952292A265A7} - (no file)
    O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - [SABInprocServer32] (file missing)
    O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
    O2 - BHO: (no name) - {D9BAEA49-50DB-0F72-DB63-0AC54C0E47B6} - C:\WINDOWS\system32\wmayswj.dll
    O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
    O4 - HKLM\..\Run: [wpimeygsh] c:\windows\system32\wpimeygsh.exe -start
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll "
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c6.cab

    next, delete all files & folders in c:/docs & settings/your_account/local settings/temp

    delete all temp internet files too
     
    TonyT,
    #3
  5. 2005/10/02
    oshwyn5

    oshwyn5 Inactive

    Joined:
    2005/08/25
    Messages:
    736
    Likes Received:
    0
    Here is my take on this one.

    First go to add/ remove programs.



    Locate wild tangent and uninstall it (Wild tangent installs a unique identifier number on your computer so that they can keep track of you on their servers; not a problem, except that other web sites can issue a call for this number and get it and use it to identify and track you)

    Read the instructions for removing sidesearch here
    http://www.2-spyware.com/remove-sidesearch.html
    Note they have a removal tool
    http://www.2-spyware.com/goout.php?id=5
    I suggest using it first.


    You have been infected with trojan adclicker-df
    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=135579

    O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - [SABInprocServer32] (file missing)
    I would suggest following their manual removal and repair instructions to make sure that it is removed and the damage reversed.
    Make sure to check for and remove all the files listed, as well as editing your registry to remove the entries that it has added.

    O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
    You have adware starware
    http://securityresponse.symantec.com/avcenter/venc/data/adware.starware.html
    Please follow the manual removal instructions from symantec.

    Uninstall the magic waterfall screensaver which is probably what gave you all this.

    Then run hijackthis , and with all other windows closed, choose scan only .
    Put a check by these and choose fix.
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie...//www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com(Redclient apps has an unsavory relationship with major advertisers and what is considered an unacceptable privacy policy.)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html (The side search bar)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - [SABInprocServer32] (file missing)
    O2 - BHO: (no name) - {15B62447-CDD0-9427-D0F8-C369468CD4ED} - (no file)
    O2 - BHO: (no name) - {172EF3C1-0217-4DC4-2A87-401FE12A9BFA} - (no file)
    O2 - BHO: (no name) - {259B1441-E094-A31F-FDCD-F44404CDF9AE} - (no file)
    O2 - BHO: (no name) - {825AD351-2689-635D-E6CB-617D97CD58F5} - (no file)
    O2 - BHO: (no name) - {A0746078-9CA4-8628-95AB-87D3EDC523A7} - (no file)
    O2 - BHO: (no name) - {B75E7715-D398-C545-FDD6-952292A265A7} - (no file)
    These five have unregistered clsids, that is a bad sign that no one will claim thm)
    O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - [SABInprocServer32] (file missing)
    O2 - BHO: (no name) - {8ABD9E70-3DFC-7E25-9D29-7F2C72D903A6} - C:\WINDOWS\system32\dardjec.dll (file missing)
    O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
    O2 - BHO: (no name) - {D9BAEA49-50DB-0F72-DB63-0AC54C0E47B6} - C:\WINDOWS\system32\wmayswj.dll
    O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
    O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
    (This free magic waterfall screensaver is probably what gave you all this.
    O4 - HKLM\..\Run: [wpimeygsh] c:\windows\system32\wpimeygsh.exe -start
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - http://akamai.downloadv3.com/binari..._1044_ES_XP.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c6.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...tup1.0.0.15.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlega...pGameLoader.dll
    O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binari..._1045_EN_XP.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...0/Installer.exe
    O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binari...svc32_ES_XP.cab
    O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://akamai.downloadv3.com/binari..._1046_EN_XP.cab
    O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binari...4_ASPIV4_XP.cab


    Please go to control panel/ folder options/ view
    set to show hidden and system files.
    Uncheck hide protected files
    Uncheck hide known file extensions.

    Delete these files if they remain (may have to either kill the associated process with task manager or
    Codestuf starter startup manager and process viewer
    C:\WINDOWS\system32\dardjec.dll
    C:\Program Files\Starware\bin\Starware.dll
    C:\WINDOWS\system32\wmayswj.dll
    c:\windows\system32\wpimeygsh.exe


    Delete these folders
    C:\Program Files\Starware
    C:\PROGRA~1\MAGICW~1
    C:\Program Files\WildTangent

    O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
    I also do not see why you want to run a registry check with this program every time you boot. I would disable this from within the programs own options.


    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file
    This is real player. If you uninstalled it, you can remove this entry with Hijackthis, otherwise, do not worry about the no name / no file



    Goto Start>Run>type in %temp% and select and delete EVERTHING that comes up.

    Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)
    [*]C:\Windows\Temp\
    [*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
    [*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
    [*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.
    [*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
    [*]Search all Favorites folders (see above will be under local settings for each profile) and delete any **** sites you find.
    [*]Empty your "Recycle Bin "
    It is normal to have a few files in the temp folders that will not delete; this is normal and expected.

    Reboot back to Normal mode.

    Turn off system restore. Go to control panel/ system / system restore =>stop using system restore do for all drives
    Restart computer and reverse this action
     
    oshwyn5,
    #4
  6. 2005/10/04
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    good instructions above.

    fyi:
    those dirs cannot be deleted from within windows unless explorer.exe is stopped, however, deleting the dirs will do no harm, they will all get recreated by windows at next logon or boot, except the local settings/temp dir, which must be manually recreated, or it will get recreated the next time an application needs to use that dir.
     
    TonyT,
    #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...