• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
hobbyfarmer

wintoolsa

37 posts in this topic

i keep getting hijacked i try to get rid of wintools and it just keeps comming back im ready to shut computer off forever ive been trying everything in your faq for 2 days arrrrrgh.i need help . god knows what else is in there . thank you for any help you can offer. at end of my rope!

Share this post


Link to post
Share on other sites

ive tried adaware/ spybot / pc tune up/ norton system works/ a2 squared/ panda active scan/ive tried everything in Mikes faq page and i have Hijack This but not sure what to delete from it, also when i do delete some things from it they just come back.

Share this post


Link to post
Share on other sites

Post the log in here, and I'll have a look at it...

So you couldn't uninstall it? Or what? because your second post is difficult to understand...

 

Greetz...

Share this post


Link to post
Share on other sites

went to add remove programs and when went to uninstall i got the message [other adpowered software installed remove first. here is my log from hijack this.

Scan saved at 6:24:01 AM, on 5/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\WINDOWS\System32\wfxsnt40.exe

F:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe

F:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\Program Files\a2\a2guard.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

f:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\WINDOWS\WEBSHOTS.SCR

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

F:\program files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\devldr32.exe

F:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Outlook Express\Msimn.exe

C:\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50022

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50022

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50022

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [WFXSwtch] F:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] f:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CXMon] "f:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [AHQInit] f:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: Webshots.lnk = H:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Program Files\Accessories\cffrem.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/pwtay.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://my.uo.com/fonts/tdserver.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.exe

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab

O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7870.2038657407

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v49/swapit/swapit.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E154E3CC-0C3A-4101-91D8-6B4876F0FD64} (PrintScreen Class) - http://www.myemo.com/my_picture/Flash2Image.cab

O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Online-Registration Web Client V1.0) - http://www.creative.com/register/OCXs/CtORWebClient.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{979B97FC-DA90-42F9-AC64-3F6A8E042AAE}: NameServer = 209.226.175.223 198.235.216.134

Share this post


Link to post
Share on other sites

1. Go to safe mode (tapping f8 frequently during boot-up)

2. Press ctrl+alt+del and Kill running entries for Wintools.

3. Uninstall Wintools from Add/Remove. it will prompt for reboot. do that and reboot.

4. Run HijackThis and fix the Wintools entries and delete the folder if present.

5. Reboot and post fresh log

 

That should do..

Share this post


Link to post
Share on other sites

im computer illeterate there are 4 choices when i hit f8 for safe startup and i dont have a boot disk of any kind and im running windows xp pro

Share this post


Link to post
Share on other sites
1. Go to safe mode (tapping f8 frequently during boot-up)

 

You only need to select safe mode... Nothing else... No command prompt, no network capability, just plain safe mode... :)

 

 

2. Press ctrl+alt+del and Kill running entries for Wintools.

Press Ctrl+Alt+Del, a window will popup... Go to the process tab...

you will see a list with program entries on the left, all ending with .exe

Look for entrie(s) that are related to wintools... Rightclick it and choose "end process"

Close the window again...

 

3. Uninstall Wintools from Add/Remove. it will prompt for reboot. do that and reboot.

4. Run HijackThis and fix the Wintools entries and delete the folder if present.

All entries containing the word Wintools

5. Reboot and post fresh log

 

 

 

Greetz...

Edited by Quinstar

Share this post


Link to post
Share on other sites

sucsess got rid of wintools just 2 more items to get rid of [hunt bar user settings HKEY_USERS\S-1-5-18\SOFTWARE\BTLINK and user settings HKEY_USERS\.DEFAULT\Software\BTLINK] both are Registry keys. spy bot also finds [Avenue A,Inc] and DS0 Exploit]. when i run CSWhredder it finds C:\WINDOWS\UNINSTCC.EXE should i get rid of it .

Share this post


Link to post
Share on other sites

the last post i made all the problems are in registry keys. here is a fresh log.Logfile of HijackThis v1.97.7

Scan saved at 2:45:35 PM, on 5/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\WINDOWS\System32\wfxsnt40.exe

F:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

F:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\Program Files\a2\a2guard.exe

f:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\WEBSHOTS.SCR

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

F:\program files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

F:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [WFXSwtch] F:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] f:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CXMon] "f:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [AHQInit] f:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: Webshots.lnk = H:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Program Files\Accessories\cffrem.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/pwtay.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://my.uo.com/fonts/tdserver.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.exe

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab

O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7870.2038657407

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v49/swapit/swapit.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E154E3CC-0C3A-4101-91D8-6B4876F0FD64} (PrintScreen Class) - http://www.myemo.com/my_picture/Flash2Image.cab

O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Online-Registration Web Client V1.0) - http://www.creative.com/register/OCXs/CtORWebClient.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{979B97FC-DA90-42F9-AC64-3F6A8E042AAE}: NameServer = 209.226.175.223 198.235.216.134

Share this post


Link to post
Share on other sites

;) Maybe just dumb luck but I was able to get rid of wintools by deleting all

non-exe file first, i.e. *.cfg, *.wzg, *.dll --- then deleted the four *.exe files. Last to go was the WinTools folder.

 

Running *.exe files can't be deleted while these other files are present.

Share this post


Link to post
Share on other sites

Hi again...

 

 

Open HiJackThis and tick the next entries:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

 

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

 

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

 

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/pwtay.cab

 

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.exe

 

 

After this, you can also add the next entries... By fixing them you will shorten boot-up time and free up resources... By doing this you wil not harm your programs and they will still be able to start manually via the start-button...

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

 

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: PowerReg Scheduler V3.exe

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Program Files\Accessories\cffrem.exe

 

 

Now, close all programs and browsers, Including this browser and hit Fix in HiJackThis(Double check the entries you ticked before closing the browser...)

 

Reboot...

 

 

Now delete these files:

C:\WINDOWS\SYSTEM\blank.htm <--- Note: this isn't the System32-folder

C:\WINDOWS\alchem.exe

 

 

Now see if you get the same errors... about the reg-keys

Are you sure you hit fix and not scan with CWShredder?

 

Try those two in safe mode again if you get the errors...

 

If they still occur, note down all the info I can use to examen the problem...

Also post me a fresh log...

 

 

Good Luck...

Share this post


Link to post
Share on other sites

in spybot it cannot fix HuntBar user settings HKEY_USERS\S-1-5-18\software\BTLINK and user settings HKEY_USERS\.DEFAULT\Software\BTLINK I get message some problems couldnt be fixed; the reason could be that the associated files are still in use (in memory). this could be fixed after a restart. may spybot-S&D run on your next startup? i clicked yes and it still will not fix it. I CANNOT FIND THE FILES YOU POSTED ON MY COMPUTER. Logfile of HijackThis v1.97.7

Scan saved at 6:44:09 AM, on 5/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\WINDOWS\System32\wfxsnt40.exe

F:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

F:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\Program Files\a2\a2guard.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

f:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\WINDOWS\WEBSHOTS.SCR

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

F:\program files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

F:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\USER\Desktop\PC Tuneup\CWShredder.exe

C:\Hijack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [WFXSwtch] F:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] f:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CXMon] "f:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [AHQInit] f:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Startup: Webshots.lnk = H:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Program Files\Accessories\cffrem.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://my.uo.com/fonts/tdserver.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab

O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7870.2038657407

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v49/swapit/swapit.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E154E3CC-0C3A-4101-91D8-6B4876F0FD64} (PrintScreen Class) - http://www.myemo.com/my_picture/Flash2Image.cab

O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Online-Registration Web Client V1.0) - http://www.creative.com/register/OCXs/CtORWebClient.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{979B97FC-DA90-42F9-AC64-3F6A8E042AAE}: NameServer = 209.226.175.223 198.235.216.134

Share this post


Link to post
Share on other sites

Well, to be honest, I don't know if it has to fix C:\WINDOWS\UNINSTCC.EXE

And I can't find anything on the net about it...

So here's how we handle these things:

Look up the file UNINSTCC.EXE using explorer

So navigate to C:/WINDOWS/

Rightclick UNINSTCC.EXE and zip it...

Now email the zip-file to here

When you send the mail, be sure to add a link to this page...

OR copy this next line:

http://www.spywareinfoforum.com/index.php?sh...indpost&p=12935

 

And paste it into the email... That's a shortcut to our request to investigate it...

 

 

For the files you couldn't find, do this:

 

Click Start...

Open My Computer...

Select the Tools menu and click Folder Options...

Select the View Tab...

Under the Hidden files and folders heading select Show hidden files and folders...

Uncheck the Hide protected operating system files (recommended) option...

Click Yes to confirm...

Click OK...

 

Now look for these files and delete them:

C:\WINDOWS\SYSTEM\blank.htm <--- Note: this isn't the System32-folder

C:\WINDOWS\alchem.exe

If you still can't find them, don't worry, it's just for cleaning up, they are harmless at the moment...

 

For your huntbar problem...

Let's try this:

 

Go to start>run

Type cmd

Hit enter

A black box will popup

In my next lines [space] means hit the space bar once

be sure you add the " at the end of the lines

in the black box you'll see a prompt... type the next line:

 

cd[space]"%WinDir%\System"

 

Hit enter

Now type the next line:

 

regsvr32[space]/u[space]"\Program Files\Common Files\BTLINK\btlink.dll"

 

Hit enter

That should uninstall it...

Now, reboot

And delete the next folder:

c:/Program Files/Common Files/BTLINK/

 

and you can delete the next file:

c:/Windows/System32/btiein.dll

 

Now try running spybot again...

 

 

Tell me what problems you had if any occured...

 

 

 

Good Luck...

Edited by Quinstar

Share this post


Link to post
Share on other sites

Well, you can call it good enough, but for me you're not clean at all if you're still having troubles... :)

So if you're up to it, we'll be fixing for as long as it takes to get you fixed...

So if you're still interested, tell me absolutely everything about the problems you're still having, the full reg-key, the hunt-bar info's, everything... I'll get you some fixes to get rid of them...

Some infections are hard...

But I'm harder... :D

 

 

Greetz...

Edited by Quinstar

Share this post


Link to post
Share on other sites

spybot will not remove hunt bar reg keys but spybot will delete avenue a inc , ds0 exploit and mediaplex just to have them reinstall immediatly. avenue a is a tracking cookie. ds0 exploit are data source object exploit HKEY_USERS. mediaplex is a tracking cookie. huntbar is user settings HKEY_USERS\S-1-5-18\SOFTWARE\btlink and user settings HKEY_USERS\.DEFAULT\SOFTWARE\BTLINK

Share this post


Link to post
Share on other sites

Let's see....

I'm going to give you some instuctions again... Follow them closely... If they don't work, try them a second and a third time... If you still have a problem at the exact same time every time you try one procedure, tell it to me so I know what the problem exactly is...

 

First we'll give huntbar another go:

Go to your control panel and open the 'add/remove software' part...

Look for these entries:

'Internet 404' and 'Tools for Internet Explorer' and 'MSIETS'

If they are present, click them to uninstall... Be sure you are connected to the internet...

 

Afterwards, run adaware and spybot search&destroy again... Be sure you have downloaded the latest updates... Are you using spybot 1.3?

Reboot into safe mode and run them again...

 

Had you done these instuctions I gave you earlier?

For your huntbar problem...

Let's try this:

 

Go to start>run

Type cmd

Hit enter

A black box will popup

In my next lines [space] means hit the space bar once

be sure you add the " at the end of the lines

in the black box you'll see a prompt... type the next line:

 

cd[space]"%WinDir%\System"

 

Hit enter

Now type the next line:

 

regsvr32[space]/u[space]"\Program Files\Common Files\BTLINK\btlink.dll"

 

Hit enter

That should uninstall it...

Didn't they work? what went wrong?

 

Try this first... We'll see if any of it will work... :)

 

 

Greetz...

Share this post


Link to post
Share on other sites

those are not in add remove programs and the run instructions i get message specified file could not be found. i have spybot 1.3 and is fully updated. trying to figure out how to start in safemode without using f key be back with more info soon

Share this post


Link to post
Share on other sites

I don't get it...

Can you locate this folder?

c:\Program Files\Common Files\BTLINK\

Is it still present?

If so, try deleting it... If that isn't possible, try deleting it in safe mode...

 

Greetz...

Share this post


Link to post
Share on other sites

no, not the file, the folder :)

Can you locate a folder named BTlink in the c:/program files/common files-folder

 

Maybe you need to make hidden files and folders visible if you haven't done that yet:

 

Click Start...

Open My Computer...

Select the Tools menu and click Folder Options...

Select the View Tab...

Under the Hidden files and folders heading select Show hidden files and folders...

Uncheck the Hide protected operating system files (recommended) option...

Click Yes to confirm...

Click OK...

 

 

Good Luck...

Share this post


Link to post
Share on other sites

okay...

Let's try this...

Scan again with spybot... Look for any updates first if there are any...

Then give me all the info about huntbar...

A path would be nice to know what folder it could be in...

I can't tell that from the regkeys...

 

Greetz...

Share this post


Link to post
Share on other sites

I had this problem too. Hope this helps. Look in properties in the Wintools file and check the date and time it was created. This info helped to locate a file on my Hijackthis log as WintoolsB, it was the exact date and time, and under my daughter's name ( C:DOCUME~1\letters of her first name~1\LOCALS~1\Temp\WToolsB.dll ). This file is also shown on the Hijackthis log. I could not delete this file until I ran Hijackthis and fixed Wintools\WToolsA.exe and WinTools\WSup.exe. PLEASE DOUBLE CHECK- The date it was created and time matched on mine, unsure of yours. >> Remember to print and save your logs.

Share this post


Link to post
Share on other sites

Colum reminds me of a question I should have asked already...

Are you having multiple user-accounts?

If so, post me a log of all the accounts, and tell them if they have administrator rights or not...

Share this post


Link to post
Share on other sites

I am glad I was of at least a little help Quinstar. We all want to enjoy our computer system, but there is so much about them we should familiarize ourselves with. I am a novice and learned to pay attention to several things on a daily basis: 1.) Note if their are added files in C:/Program Files/Common Files/(e.g. Wintools), this is where the parasite usually sets up shop so to speak.> 2>Check C:/Windows/Downloaded Program Files, different items installed. I play on a gamesite regularly and the games are installed to avoid repetitive installation , there was one game I NEVER played and couldn't uninstall it. This was a Hijacker using my computer, I could not close windows that were open-had to minimize or restart-,nor print. 3.) There are several things to check on a regular basis and am still learning everyday. I am following your suggestions to hobbyfarmer, they help me too.

Share this post


Link to post
Share on other sites

have you read this?

okay...

Let's try this...

Scan again with spybot... Look for any updates first if there are any...

Then give me all the info about huntbar...

A path would be nice to know what folder it could be in...

I can't tell that from the regkeys...

 

Greetz...

Share this post


Link to post
Share on other sites

im done with this huntbar thing im just going to fdisk and reinstall windows. thanks for all the help but i cant find hunt bar anywhere except where i stated already and i tried everything you said to try and now we are just running in circles.

Share this post


Link to post
Share on other sites

I wouldn't ask things that I already know, therefore we are not running in circles...

If you think we are, then read more carefully...

 

We could try what Winhelp2002 says (thanks for the tip)

If you are familiar with registry editing, then navigate to these keys:

HKEY_USERS\S-1-5-18\SOFTWARE\btlink

HKEY_USERS\.DEFAULT\SOFTWARE\BTLINK

and perform the next actions for both:

Right-click BTLINK and choose Permissions. Edit the permissions such that the user of your choice has Full Control, and apply the changes. Then, while logged in with that user account, manually attempt to delete the BTLINK subkey from the registry by right-clicking BTLINK and choosing delete.

Or if you can't remove them manually, just change the permissions and scan with spybot to remove them...

 

If you need help on how to edit the registry, then reply in here again...

NOTE: editing the registry can be very harmfull if you edit the wrong keys... Therefore, handle with care and take precautions (registry-backup if needed)...

 

 

Greetz...

Edited by Quinstar

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0