Windows system 32 - jtkjqrqadkksrss.exe & update.exe error

[Paula_Cheri]

Hi

I have three problems occuring, two when i turn the pc on:-

this error message comes up, c:\windows\system32\jtkjqrqadkksrss.exe (says in the box cant find). i click ok, then another box comes up saying ! could not load the above. I click ok on this and the same 1st message comes up again.
Then directly after those 4 error messages this error message appears "Updater.exe" comes up in a box and says it cant find this either.

I run the following:

windows xp home edition version 2002 + service pack 2
cpu AMD Sempron, 1600 MHz (8 x 200) 2800+
SIS 760, AMD Hammer (chipset
MB ID is SIS-760-6A717FKAC-00 (unknown name)
192 RAM
DVD/CD-ROM Drives
SIS Mirage Graphics

My third problem is I installed Galactic Battlegrounds Game, when I had mypc partioned half for my son and other half for me, and when i deleted the partition, it removed the game but i cant seem to re-install the game again, ive tried taking the last bit of the game program off but it wont allow me too. Any suggestions as my son loves the game and cant play it now.

How can i correct these error or clear them. Not really computer literate so dont know where to begin. Hope ive given you all the information you need.

Many Thanks Paula

 

[CCT]

In all liklihood you have some serious infections.

Go here, read, and follow the instructions:

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[kimsland]

That missing startup entry does look to be suspicious
You would be best to follow this guide:
Viruses/Spyware/Malware Preliminary Removal Instructions

To turn off any unwanted Windows startups, you could use this tool as well: http://www.mlin.net/StartupCPL.shtml

edit:

Doh!

 

[Paula_Cheri]

Struggling

I have looked at the malware removal file, and am struggling to find the bits i need to diable or turn off, i dont have a huge ammount of knoweldge on computers and dont know where the systems tray is or the tools bit ive looked but just cant find it! can someone help as i am trying hard to fix this problem.

Thanks

 

[CCT]

That's a LOT of Tutoring for an on-line help spot.

Did you buy that computer locally? Is the shop still there? Can you call and get a quote on a clean install of XP?

That's what I recommend.

Then, take a course on computer software maintenance - it's fun and useful.

 

[Paula_Cheri]

thanks

It was brought through a scheme at work i can get hold of the company and ask for the xp disk as ive just looked and dont have it? dont think i ever did lol i assume theyll give me a disk and i can do a clean install and then make sure i hjave everything i need to stop bugs etc.

Thank you for your help its very appreciated

:approve:

 

[Bobbye]

Regarding this:

struggling to find the bits i need to diable or turn off,

Which, if any of the following programs do you have:

* 1 Spybot S&D (Teatimer)
* 2 Ad-Aware Ad-Watch
* 3 Spywareguard
* 4 Windows Defender
* 5 TrojanHunter Guard
* 6 Disable SpySweeper
* 7 WinPatrol
* 8 CounterSpy
* 9 AVG Anti-Spyware (formerly ewido)
* 10 Spyware Doctor
* 11 Prevx
* 12 ProcessGuard
* 13 ZoneAlarm's OS Firewall
* 14 Ad-Aware 2007 Service

If worse come to worse, rather than do nothing because you don't know how to disable the programs, run the cleaning tools as mentioned and attach the logs. We can spot them there and have you remove them, then rerun HijackThis.

Problems:
1. As for jtkjqrqadkksrss.exe error, That is most certainly malware and you should NOT be checking OK.
2. update.exe is a process belonging to the Spyware Doctor Internet Security Product but malware can disguise as almost any process.
3. You might also want to check the system requirements for Galactic Battlegrounds Game and make sure you meet at least the minimum:
http://pc.gamezone.com/gamesell/p20922.htm

You tell us you have 192 RAM. That is way under the minimum you need for Windows XP- it should be at least 512MB. 192 is also an odd number for RAM chip. You would have to have 3 64MB chips to add up, or one 128MB chip and one 64MB chips. These are unusual configurations.

 

[kimsland]

192 RAM

Huh ! I missed that

Yes way under spec. I agree 512Meg is a must for Xp SP3 (even SP2)

 

[Paula_Cheri]

Hi Bobbye,

Ive just checked my view system files and its 704MB RAM.

Ive removed Adeware 6.0 for now im going to do all the cleaning checks now and then post logs, and await to see what you say. Thanks for helping me.

Paula

 

[Paula_Cheri]

Step No 5 removal of malware

Hi
I cant do step No 5 SuperAntiSpyware, when i try to open the program it comes up with an error message saying windows installer service could not be accessed. This can occur if you are running windows in safe mode, or if the windows installer is not correctly installed.
I am not running windows in safe mode. So where can i find and install windows installer? and then i can continue doing the other steps, im assuming you dont want me to miss any steps out.

Paula

 

[kimsland]

Download Windows Installer 4.5 Redistributable
Install
Then restart

Otherwise check here for more help on fixing Windows Installer: http://support.microsoft.com/kb/315346

 

[Paula_Cheri]

Hi
Ok, I have now done everything in the removal of malware, and have my 3 logs attached. Also while i was running step No 5 SuperAntiSpyware, AVAST came up with 3 warnings 1. Win32:Adan-055(Adw) 2. Win32:LockSky-EH(wrm)
3. Win32:Trojan-gen(other) and told me to move them to the chest which i did.

I await now on what im to do next, i have re-booted several times during the processes and the errors are still there.

Many thanks.

Paula

 

[Bobbye]

Part 1:
You are the second person in a very short time that has gotten badly infected from VideoEgg! Mbam took can of an enormous number of malware entries and SuperAntispyware found dozens more. I'm going to break up the cleaning because you have so many files that need to be removed. Start with this:

Backweb, suggest they only monitor keyboard / mouse activity, so they know when the computer is inactive, they claim they don't record key strokes. Any file that acesses the internet without your knowledge is consider dangerous. BackWeb is added automatically with some software programs: Logitech, Kodak, Western Digital. They refer to the programs as an 'updater'- however it is not something you want to run on the system.

Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below:
NOTE: I can't get all of the 018 entries to remove in ne post. Continue with the ones in Part 2.

O18 - Protocol: bw+0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Continue checking the entries in Part 2.

 

[Bobbye]

Part 2:
Continue checking for HijackThis to remove:

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6DA495AA-06D9-49AE-B9BC-5AF6DB6B9090} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Now close all windows other than HiJackThis, then click Fix Checked.Close HiJackThis and reboot into Safe Mode:

Turn off Logitech Desktop Messenger:
This program is not required to start automatically as you can run it when you need to.
It is advised that you disable it so that it does not take up necessary system resources.
Go to Start>All Programs>Logitech,click on Desktop Messenger.
There are two check boxes which are self descriptive> Disable both entries.

Start> Run> type in 'msconfig' without quotes> enter> Selective Startup> Startup tab> UNCHECK all entries EXCEPT for the antovirus program ALWILS/Avast. This includes the entry for BullGuard. You are running two AV programs> Apply> OK

The unchecking includes any entriy for BitComet, DAEMON Tools, XFire, Crucial, Evesham

When through click on Apply> Okay> Reboot
You will get a nag message that you can close after checking 'don't show this message again'. Stay in Selective Startup.

Come back for Part 3 after this is done. We have a lot of entries to clean out.

 

[Bobbye]

Part 3:
Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below:

C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe>> this is a Security suite w/With full antivirus, firewall, and backup protection,
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by evesham.com>>>>>Evesham Technology goes into liquidation 1/4/08
F3 - REG:win.ini: load=C:\WINDOWS\system32\jtkjqrqadk\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\jtkjqrqadk\csrss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Paula Cook\Desktop\ADDONS\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: csrss.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - AppInit_DLLs: pushow65.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard, Ltd. - C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe

Now close all windows other than HiJackThis, then click Fix Checked.. Close HiJackThis and reboot into Safe Mode:

Control Panel> Add/Remove Programs> Uninstall Adobe 6, BitComet, Bulguard, any entry for evesham, Crucial, ZoneIntro.

Start> Run> tyoe in 'services.msc' without quotes> find this Service> BullGuard LiveUpdate (BGLiveSvc) and right click on the Service> Properties> Change the Startup type to Disabled.

Right click on Start> Explore> Windows System 32> delete the following if present:

INSTCAT.DLL
TASKKILL.COM
ND2FNBAR.DLL
IAdHide.dll,
IAdHide3.dll,
dlgli.exe
tempiadhide3.dll

Reboot into Normal mode and run HijackThis again. Please attach the new log.

 

[Paula_Cheri]

Hi Bobbye

Ive run into a problem.... sorry, I removed all of 018 and went to start in safe mode to do the last part of part 2, and i cant get my pc to start up in safe mode, everytime i try any of the safe mode options it just comes up with loads of writing in black and white about partions etc and nothing else?
How do i get it to work, im assuming by pressing F8 when pc first start is what im supposed to be doing?

I await your reply before continuing the rest of the things i need to do

Paula

 

[kimsland]

I found this Xp SP2 Safe Mode Repair reg file, which should fix it

 

[Paula_Cheri]

I downloaded the file, werent sure what i had to do with it, as im not overly familiar with all this. and i tried safe mode again didnt work.

Paula

 

[kimsland]

Sorry

Download
Unzip
Right click on the downloaded reg file
Select Merge
ok (yes accept, or whatever it may ask)

Restart to Safe Mode, hitting F8 before Windows starts

 

[Bobbye]

loads of writing in black and white about partions etc and nothing else

Do you mean a black screen with white writing? IF this comes up right after the logo loads, it means the operating system isn't loading.

Let us know the status after you try the Safe Mode repair. Question: Do you have the CD for windows XP?

 

[Paula_Cheri]

Ok, I can get the safe mode repaire file down in is it rar.zip, i dont seem to be able to open it and extract the files, how do i do this?

Bobbye yes black screen white writing did come up. No I dont have a XP Disk but I can ring the firm up that I brought PC from and try and get one, are you thinking it would be easier to re-format the whole computer?

Paula

 

[kimsland]

ok I just downloaded it. It's just one zip file, and it worked for me.

Download
Unzip (I use Winrar as well )
Right click on the reg file (hopefully winrar doesn't think this file belongs to it, but it won't matter)
Select merge (this is in the right click menu, which comes with Windows)
Yes Accept (whatever it says)
Restart

 

[Paula_Cheri]

Ive treid opening it or unzipping it and it wont do it... is there some software that opens it maybe I havent got it?
But its definitely not opening or doing anything.

Paula

its worked ill now try and carry on from where i stopped lol dont know why it didnt work but has now thanks

Paula

 

[kimsland]

I have got a NEW link:

http://www.didierstevens.com/files/data/SafeBoot.zip

Doh! (just read your message above)

Edit:

When you complete the Safe Mode Removal (or whatever it was that you were doing in Safe Mode)
Please reply with the results

And then Bobbye (TechSpot Guru) can take it from there again

Let us know the status after you try the Safe Mode repair.

 

[Paula_Cheri]

Hi Kingsland

well i have tried both files and i still cant boot up in safe mode, am i sving the files in the right place does that make a difference or does it mean more things are wrong?

Paula