1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

ZipZap guidance Also :(

Discussion in 'Malware and Virus Removal Archive' started by jonnH, 2005/04/20.

Thread Status:
Not open for further replies.
  1. 2005/04/20
    jonnH

    jonnH Inactive Thread Starter

    Joined:
    2005/04/20
    Messages:
    6
    Likes Received:
    0
    Hi All
    Looks like im not alone with trying to get rid of the nasty ZipZap pop ups :(
    I have looked through some of the other posts. I have down loaded Hijack This and Kill box, all i need now is some one to tell me what to do.
    I did a system scan and created a log file. This is what i copied and pasted from the scan results that came up on note pad
    Logfile of HijackThis v1.99.1
    Scan saved at 1:56:58 PM, on 4/19/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\PROGRA~1\COMMON~1\AOL\110340~1\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\110340~1\EE\AOLServiceHost.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\sol.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Program Files\antispy\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe "
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103405553\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {505098FD-5D61-4BC2-9B82-F969D0E932A2} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1034_EN.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5981616E-409A-4A42-A3F3-C1891DEAFA6F}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Now... on some of the other post i saw a line that said scan results that looked like it was a registry scan. How do you do that? i'm lost there.
    Thanks for any help you may offer in advance
    Jonn
     
    jonnH,
    #1
  2. 2005/04/20
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    Welcome to the boards.
    The log looks clean to me. Only one thing does come to mind, but I believe you had a game of Solitaire going at the time.
    C:\WINDOWS\system32\sol.exe

    This scan is actually using a script [text] file to access the registry a different way.
    Get List Installed Programs, and post it's log on here.
     
    markp62,
    #2


  3. to hide this advert.

  4. 2005/04/22
    jonnH

    jonnH Inactive Thread Starter

    Joined:
    2005/04/20
    Messages:
    6
    Likes Received:
    0
    The Results aces High II
    Ad-Aware SE Personal
    Adobe Acrobat Reader 3.01
    Adobe Download Manager 2.0 (Remove Only) Ver: 2.0
    Adobe Photoshop Album 2.0 Starter Edition Ver: 2.00.100 Installed: 2/14/2005
    Adobe Reader 7.0 Ver: 7.0.0 Installed: 2/14/2005
    America Online (Choose which version to remove)
    AOL Coach Version 1.0(Build:20020823.1)
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Computer Check-Up
    AOL Connectivity Services
    AOL Spyware Protection Ver: 1.0.76
    AOL Toolbar
    AOL You've Got Pictures Screensaver
    BCM V.92 56K Modem
    CC_ccStart Ver: 2.0.0.635 Installed: 11/21/2004
    ccCommon Ver: 2.0.0.635 Installed: 11/21/2004
    Chameleon Mega Camera Driver
    ClueFinders 3rd Grade Adventures
    Dawn Of Aces 2.75
    Dell ResourceCD
    Disney's Mickey Mouse Preschool
    Easy CD Creator 5 Basic Ver: 5.2.0.61 Installed: 12/17/2004
    HijackThis 1.99.1 Ver: 1.99.1
    ijfdmtkrpu
    ItsDeductible Express Ver: 1.00.0000 Installed: 2/6/2005
    LiveReg (Symantec Corporation) Ver: 2.4.2.2295
    LiveUpdate 2.6 (Symantec Corporation) Ver: 2.6.14.0
    Microsoft Encarta Encyclopedia Standard 2002 Ver: 2002 Installed: 11/22/2004
    Microsoft Money 2002 Ver: 10.0.50 Installed: 11/22/2004
    Microsoft Money 2002 System Pack Ver: 10.0.80 Installed: 11/22/2004
    Microsoft Picture It! Photo 2002 Ver: 6.0.0.0000 Installed: 11/22/2004
    Microsoft Streets and Trips 2002 Ver: 9.00.17.0200 Installed: 11/22/2004
    Microsoft Word 2002 Ver: 10.0.2627.01 Installed: 11/22/2004
    Microsoft Works 2002 Setup Launcher
    Microsoft Works 6.0 Ver: 06.00.0000 Installed: 11/22/2004
    Microsoft Works Suite Add-in for Microsoft Word Ver: 2.0.0.0000 Installed: 11/22/2004
    MSRedist Ver: 1.0.0.0 Installed: 11/21/2004
    Multimedia Spanish
    Norton AntiVirus 2004 Ver: 10.00.00 Installed: 11/21/2004
    Norton AntiVirus 2004 (Symantec Corporation) Ver: 10.00.00
    Norton AntiVirus Parent MSI Ver: 10.0.0 Installed: 11/21/2004
    Norton AntiVirus SYMLT MSI Ver: 10.0.0 Installed: 11/21/2004
    Norton WMI Update Ver: 2005.1.2.20 Installed: 12/18/2004
    NVIDIA Display Driver
    Pure Networks Port Magic Ver: 1.2.1393.0
    QuickTime
    Reader Rabbit 1st Grade(R) Capers on Cloud Nine!(TM)
    Reader Rabbit's Preschool
    RealPlayer Basic
    Registry Mechanic Ver: 4.0
    Schoolhouse Rock Thinking Games
    Shockwave
    Shockwave Flash
    Spybot - Search & Destroy 1.3 Ver: 1.3
    SpywareBlaster v3.3 Ver: 3.3.0
    SST Programming Software
    Symantec Network Drivers Update Ver: 5.4.4.17 Installed: 4/4/2005
    Symantec Script Blocking Installer Ver: 1.0.0 Installed: 11/21/2004
    SymNet Ver: 4.7.1 Installed: 11/21/2004
    TurboTax Deluxe 2004
    USB Joy Stick
    Viewpoint Media Player
    Warbirds 277 R3
    WebFldrs XP Ver: 9.50.5318 Installed: 11/21/2004
    WexTech AnswerWorks Ver: 1.00.000
    Winamp (remove only)
    Windows Installer 3.1 (KB893803) Ver: 3.1
    Windows XP Hotfix - KB834707 Ver: 20040929.110854
    Windows XP Hotfix - KB867282 Ver: 20050127.090417
    Windows XP Hotfix - KB873333 Ver: 20050114.005213
    Windows XP Hotfix - KB873339 Ver: 20041117.092459
    Windows XP Hotfix - KB885250 Ver: 20050118.202711
    Windows XP Hotfix - KB885835 Ver: 20041027.181713
    Windows XP Hotfix - KB885836 Ver: 20041028.173203
    Windows XP Hotfix - KB885884 Ver: 20040924.025457
    Windows XP Hotfix - KB886185 Ver: 20041021.090540
    Windows XP Hotfix - KB887472 Ver: 20041014.162858
    Windows XP Hotfix - KB887742 Ver: 20041103.095002
    Windows XP Hotfix - KB888113 Ver: 20041116.131036
    Windows XP Hotfix - KB888302 Ver: 20041207.111426
    Windows XP Hotfix - KB890047 Ver: 20041221.124506
    Windows XP Hotfix - KB890175 Ver: 20041201.233338
    Windows XP Hotfix - KB890859 Ver: 1
    Windows XP Hotfix - KB890923 Ver: 1
    Windows XP Hotfix - KB891781 Ver: 20050110.165439
    Windows XP Hotfix - KB893066 Ver: 1
    Windows XP Hotfix - KB893086 Ver: 1
    Windows XP Service Pack 2 Ver: 20040803.231319
    Works Suite OS Pack Ver: 1.0.0.0000 Installed: 11/22/2004
    Works Synchronization Ver: 1.0.0.0000 Installed: 11/22/2004
    XoftSpy
    Hi I hope this is of some help
    thanks john
     
    jonnH,
    #3
  5. 2005/04/22
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    Yes, it is. There is one item I am sure you did not install.
    http://www.billsway.com/vbspage/
    Go to the above link, and get the Registry Search Tool. Do a search for "ijfdmtkrpu ", and post back the results along with a new HJT log.
    Download Reg Lite and Killbox, you are going to use them.
     
    markp62,
    #4
  6. 2005/04/23
    jonnH

    jonnH Inactive Thread Starter

    Joined:
    2005/04/20
    Messages:
    6
    Likes Received:
    0
    Ok i down loaded Reg Lite did a search for ijfdmtkrpu. here is the results of that search and the results of the hijackthis scan
    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "ijfdmtkrpu" 4/22/2005 12:46:16 PM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ijfdmtkrpu "= "c:\\windows\\system32\\ijfdmtkrpu.exe -start "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ijfdmtkrpu]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ijfdmtkrpu]
    "UninstallString "= "c:\\windows\\system32\\ijfdmtkrpu.exe -uninstall "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ijfdmtkrpu]
    "DisplayName "= "ijfdmtkrpu "

    [HKEY_USERS\S-1-5-21-602162358-1647877149-839522115-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\windows\\system32\\ijfdmtkrpu.exe "= "ijfdmtkrpu "

    Logfile of HijackThis v1.99.1
    Scan saved at 1:06:24 PM, on 4/22/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\PROGRA~1\COMMON~1\AOL\110340~1\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\110340~1\EE\AOLServiceHost.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\WINDOWS\System32\WScript.exe
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Program Files\antispy\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe "
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103405553\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {505098FD-5D61-4BC2-9B82-F969D0E932A2} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1034_EN.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5981616E-409A-4A42-A3F3-C1891DEAFA6F}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Hope this is all you asked for and i will be waiting for the next step
    thanks
    J
     
    jonnH,
    #5
  7. 2005/04/23
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    Disable System Restore, and reboot.

    Open the Killbox, and copy/paste this line into where it says File to be Deleted.
    Then click on Delete on Reboot, and click on the red circle with the X. Select no when prompted to reboot and exit Killbox.
    Open Reglite and copy/paste this line into the Address line. Please note that "CurrentVersion" is one word, this forum does this for some reason.
    Right click on 'ijfdmtkrpu' in the lower right and Delete.
    Then put this into the Address line.
    Right click on 'ijfdmtkrpu' in the lower left (folders) and delete.
    Exit Reglite, just close the nag window that may appear, and open HijackThis.
    Remove these.

    O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binari...ESS_1057_XP.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binari...net32_EN_XP.cab
    O16 - DPF: {505098FD-5D61-4BC2-9B82-F969D0E932A2} - http://akamai.downloadv3.com/binari...UTH_1034_EN.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binari...netslv32_EN.cab

    Exit HijackThis.
    Do a search on your hard drive for any file with "EGDAccess" in the name and delete. Be sure you have Windows Explorer's Folder Options to show all files, as they may be marked as Hidden. Then reboot the computer.
    You can then enable System Restore after windows starts up. If everything went right, you should be clean.
     
    markp62,
    #6
  8. 2005/04/24
    jonnH

    jonnH Inactive Thread Starter

    Joined:
    2005/04/20
    Messages:
    6
    Likes Received:
    0
    Mark
    at the top of your last post you have a link for disable system restore. That lionk takes me to a synmantec web page were it says the requested page can not be found. Do you mean disable windows system restore? i dont want to guess on this so i will wait for a reply before going ahead.
    thanks
    John
     
    jonnH,
    #7
  9. 2005/04/24
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    Windows System Restore is what I mean. It needs to be done as that file will reappear if it isn't.
    That link just worked for me, hmmm. It has me wondering if you were blocked from getting there.
     
    markp62,
    #8
  10. 2005/04/26
    jonnH

    jonnH Inactive Thread Starter

    Joined:
    2005/04/20
    Messages:
    6
    Likes Received:
    0
    ark
    i disabled system restote, and i did what you said to do with killboxi copyed and pastedc:\windows\system32\ijfdmtkrpu.exe onto it and set it up todelete on reboot. I then opened Reglite and copy/pasted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

    onto the address line making sure to have curr entversion as one word. i hit the go button next to the address line and a bunch of lines of information came up on the screen to the right. But there was no "ijfdmtkrpu" present. Did i do some thing wrong? I Did just rerun a registery search and did comme up with these results
    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "ijfdmtkrpu" 4/25/2005 1:38:21 PM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ijfdmtkrpu "= "c:\\windows\\system32\\ijfdmtkrpu.exe -start "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ijfdmtkrpu]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ijfdmtkrpu]
    "UninstallString "= "c:\\windows\\system32\\ijfdmtkrpu.exe -uninstall "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ijfdmtkrpu]
    "DisplayName "= "ijfdmtkrpu "

    [HKEY_USERS\S-1-5-21-602162358-1647877149-839522115-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\windows\\system32\\ijfdmtkrpu.exe "= "ijfdmtkrpu "

    Have any ideas? Maybe i didnt use the reglite correctly?
    Jonn
     
    jonnH,
    #9
  11. 2005/04/26
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    Maybe not, we could try it this way. Copy/paste the following lines exactly as the are into Notepad. Make sure "CurrentVersion" appears as I have it in this sentence.
    Then put the cursor right after the last ] and press Enter. Then Save As "remove.reg ", with the quotation marks. Then double click the file, you will be asked if you want to merge this information into the registry, yes you do. Then you will get a confirmation on this. If this goes right, those entries will be gone.
     
    markp62,
    #10
  12. 2005/04/27
    jonnH

    jonnH Inactive Thread Starter

    Joined:
    2005/04/20
    Messages:
    6
    Likes Received:
    0
    Mark
    i copy and paste the 2 lines you have given me to note pad. I then put the cursor on the address line on registar lite go up to Edit and click on paste and i am asked if i want to "copy key \\[\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] to ? " when i click yes i get an "error performing copy" message I am not asked nor is anything said about the "ijfdmtkrpu "=- line that you also included i have reinstalled reglite. i dont know what the peoblem is. can i just type it in like it is ? can we use the regedit in winXP?
    sorry for all these problems, sure wish we couls just get this cleared up.
    thanks for sticking with me on this
    J
     
    jonnH,
    #11
  13. 2005/04/28
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    My last post did not include Reglite at all, and yes we could use Regedit in Xp.
    Start\Run, type in Regedit, and press Enter.
    In the left pane of Regedit, navigate to this Key (folder).
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Then look in the right pane, and right click on "ijfdmtkrpu" and then delete.
    Then go to this Key.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ijfdmtkrpu
    Then right click on "ijfdmtkrpu" in the left pane of regedit and select Delete.
     
    markp62,
    #12
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...