Thread: A look at this please
View Single Post
  #2  
Old 02-02-2005, 05:41 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
For this one rescan again with hijack, insert a check nest to each of the following then close all other open windows and click "fix checked"

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll


O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll


O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [twrqr] C:\WINDOWS\twrqr.exe

O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe

O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [o3tP3nQ] ckc_fmt.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKCU\..\Run: [Z02FRhc3Q] cfglace.exe


O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD...bridge-c46.cab


O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe

O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe


Then reboot into safe mode http://www.spyware911.net/safemode.htm

Set the system to show hidden files and folders http://www.spyware911.net/showhiddenfiles.htm

pen windows explorer, find then delete"
C:\WINDOWS\zeta.exe
C:\Program Files\AutoUpdate
C:\Program Files\BullsEye Network
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\twrqr.exe
C:\Program Files\Internet Optimizer
C:\Program Files\Windows AdStatus

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin


Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn off System restore on all Drives.


Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Then run a full adaware scan