teddy Posted April 28, 2005 Posted April 28, 2005 So here's the stuff. Already had a pop-up come while I was getting to msfn.org. I've run AdAware, SpyBot, SpyBlaster (although it seemed to be a protective thing? did i miss a scan part of it?), CWShredder, CCleanup, NAV 2004 with updates (before, and I'll let it run again when I leave the office), and Hijack This (obviously). This computer is a mess.In other news, I deleted all forms of the C:\windows\XXX.exe and System32\XXX.exe twice already today (in the registry, and in Hijack This both). Some recent activity has put "Danger: Spyware!" on the background (and not letting me change it, at least not in the normal fashion. an ad for "Smart Security") and even removed most of the icons. The icons still appear in c:\..Doc&Set\...\Desktop though. Craziness. I'll be crawling back here to work on it more in the morning. Yuck!Logfile of HijackThis v1.99.1Scan saved at 5:23:31 PM, on 4/28/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ZCfgSvc.exeC:\WINDOWS\System32\1XConfig.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeC:\WINDOWS\Lfo.exec:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\Program Files\America Online 9.0\aoltray.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\RegSrvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\wanmpsvc.exeC:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\tmp9.tmpC:\WINDOWS\System32\open32.exeC:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\temp25.exeC:\WINDOWS\System32\wbem\wmiapsrv.exeC:\Documents and Settings\Christopher\Application Data\eetu.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\Christopher\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybizR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htmR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybizR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybizR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybizR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {B73F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\pifn.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {E437B5F3-5F14-56CC-49FE-05E2EA5376B2} - C:\WINDOWS\System32\xfr.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [security iGuard] C:\Program Files\Security iGuard\Security iGuard.exeO4 - HKLM\..\Run: [systemos Restart] Rundll32.exe pifn.dll, DllRegisterServerO4 - HKLM\..\Run: [Rra] C:\WINDOWS\Lfo.exeO4 - HKLM\..\Run: [iqd] C:\WINDOWS\Erd.exeO4 - HKLM\..\Run: [Mcg] C:\WINDOWS\System32\Ikj.exeO4 - HKLM\..\Run: [Noe] C:\WINDOWS\System32\Cha.exeO4 - HKLM\..\Run: [shell] open32.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Rra] C:\WINDOWS\Lfo.exeO4 - HKCU\..\Run: [iqd] C:\WINDOWS\Erd.exeO4 - HKCU\..\Run: [Mcg] C:\WINDOWS\System32\Ikj.exeO4 - HKCU\..\Run: [Noe] C:\WINDOWS\System32\Cha.exeO4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Christopher\Application Data\eetu.exeO4 - HKCU\..\Run: [xservice] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\temp25.exeO4 - Startup: winupdate00479110[1].exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Microsoft AntiSpyware helper - {9BC603C0-C00A-4910-9E57-65DBE757B270} - (no file) (HKCU)O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9BC603C0-C00A-4910-9E57-65DBE757B270} - (no file) (HKCU)O15 - Trusted Zone: *.blazefind.comO15 - Trusted Zone: *.clickspring.netO15 - Trusted Zone: *.flingstone.comO15 - Trusted Zone: *.horse-active.netO15 - Trusted Zone: *.mt-download.comO15 - Trusted Zone: *.my-internet.infoO15 - Trusted Zone: *.searchbarcash.comO15 - Trusted Zone: *.searchmiracle.comO15 - Trusted Zone: *.skoobidoo.comO15 - Trusted Zone: *.slotch.comO15 - Trusted Zone: *.slotchbar.comO15 - Trusted Zone: *.windupdates.comO15 - Trusted Zone: *.xxxtoolbar.comO15 - Trusted Zone: *.ysbweb.comO15 - Trusted Zone: *.blazefind.com (HKLM)O15 - Trusted Zone: *.clickspring.net (HKLM)O15 - Trusted Zone: *.flingstone.com (HKLM)O15 - Trusted Zone: *.horse-active.net (HKLM)O15 - Trusted Zone: *.mt-download.com (HKLM)O15 - Trusted Zone: *.my-internet.info (HKLM)O15 - Trusted Zone: *.searchbarcash.com (HKLM)O15 - Trusted Zone: *.searchmiracle.com (HKLM)O15 - Trusted Zone: *.skoobidoo.com (HKLM)O15 - Trusted Zone: *.slotch.com (HKLM)O15 - Trusted Zone: *.slotchbar.com (HKLM)O15 - Trusted Zone: *.windupdates.com (HKLM)O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)O15 - Trusted Zone: *.ysbweb.com (HKLM)O15 - Trusted IP range: 64.62.171.156O15 - Trusted IP range: 64.62.171.156 (HKLM)O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=4604O20 - Winlogon Notify: drct16 - drct16.dll (file missing)O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
Tarun Posted April 28, 2005 Posted April 28, 2005 Generated by Tarun's HijackThis Converter.Created registry value. Safe to remove:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybizR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htmR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybizR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybizChanged registry value. Safe to remove:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybizR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =Created extra registry value where only one should be. Safe to remove:R3 - Default URLSearchHook is missingEnumeration of existing IE's BHO's. Safe to remove:O2 - BHO: (no name) - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {B73F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\pifn.dllO2 - BHO: (no name) - {E437B5F3-5F14-56CC-49FE-05E2EA5376B2} - C:\WINDOWS\System32\xfr.dllEnumeration of existing IE's toolbars. Safe to remove:O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllEnumeration of suspicious auto-loading registry entries. Safe to remove:O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [security iGuard] C:\Program Files\Security iGuard\Security iGuard.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeDefinitely remove these. Virus/trojan related:O4 - HKLM\..\Run: [systemos Restart] Rundll32.exe pifn.dll, DllRegisterServerO4 - HKLM\..\Run: [Rra] C:\WINDOWS\Lfo.exeO4 - HKLM\..\Run: [iqd] C:\WINDOWS\Erd.exeO4 - HKLM\..\Run: [Mcg] C:\WINDOWS\System32\Ikj.exeO4 - HKLM\..\Run: [Noe] C:\WINDOWS\System32\Cha.exeO4 - HKLM\..\Run: [shell] open32.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Rra] C:\WINDOWS\Lfo.exeO4 - HKCU\..\Run: [iqd] C:\WINDOWS\Erd.exeO4 - HKCU\..\Run: [Mcg] C:\WINDOWS\System32\Ikj.exeO4 - HKCU\..\Run: [Noe] C:\WINDOWS\System32\Cha.exeO4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Christopher\Application Data\eetu.exeO4 - HKCU\..\Run: [xservice] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\temp25.exeO4 - Startup: winupdate00479110[1].exeExtra IE context menu items. Safe to remove:O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlExtra "Tools" menu items and buttons. Safe to remove:O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Microsoft AntiSpyware helper - {9BC603C0-C00A-4910-9E57-65DBE757B270} - (no file) (HKCU)O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9BC603C0-C00A-4910-9E57-65DBE757B270} - (no file) (HKCU)Trusted Zone Autoadd. Safe to remove:O15 - Trusted Zone: *.blazefind.comO15 - Trusted Zone: *.clickspring.netO15 - Trusted Zone: *.flingstone.comO15 - Trusted Zone: *.horse-active.netO15 - Trusted Zone: *.mt-download.comO15 - Trusted Zone: *.my-internet.infoO15 - Trusted Zone: *.searchbarcash.comO15 - Trusted Zone: *.searchmiracle.comO15 - Trusted Zone: *.skoobidoo.comO15 - Trusted Zone: *.slotch.comO15 - Trusted Zone: *.slotchbar.comO15 - Trusted Zone: *.windupdates.comO15 - Trusted Zone: *.xxxtoolbar.comO15 - Trusted Zone: *.ysbweb.comO15 - Trusted Zone: *.blazefind.com (HKLM)O15 - Trusted Zone: *.clickspring.net (HKLM)O15 - Trusted Zone: *.flingstone.com (HKLM)O15 - Trusted Zone: *.horse-active.net (HKLM)O15 - Trusted Zone: *.mt-download.com (HKLM)O15 - Trusted Zone: *.my-internet.info (HKLM)O15 - Trusted Zone: *.searchbarcash.com (HKLM)O15 - Trusted Zone: *.searchmiracle.com (HKLM)O15 - Trusted Zone: *.skoobidoo.com (HKLM)O15 - Trusted Zone: *.slotch.com (HKLM)O15 - Trusted Zone: *.slotchbar.com (HKLM)O15 - Trusted Zone: *.windupdates.com (HKLM)O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)O15 - Trusted Zone: *.ysbweb.com (HKLM)O15 - Trusted IP range: 64.62.171.156O15 - Trusted IP range: 64.62.171.156 (HKLM)Downloaded Program Files item. Safe to remove:O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=4604AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys. Safe to remove:O20 - Winlogon Notify: drct16 - drct16.dll (file missing)O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dllEnumeration of NT Services. Safe to remove:O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)---------------------------------------------------------------Disable System Restore.Right-click My Computer, and then click Properties.Click the System Restore tab.Check the "Turn off System Restore" or "Turn off System Restore on all drives".Reboot into Safe Mode (F8 at Windows splash screen) and run HijackThis to remove the entries above.Start > Run... > regsvr32 /u /s C:\Windows\System32\LgNotify.dllUpon reboot, re-enable System Restore if you use it.Since you use Quicktime, uninstall it and get yourself Quicktime Alternative as well.Also, uninstall Google Toolbar; especially if you use Firefox. If you don't use Firefox, get it here.After your system is fully clean, it is recommended to upgrade to XP SP2.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now