View Single Post
  #6  
Old June 18th, 2005, 01:10 PM
Acrobaze Acrobaze is offline
Malware Removal Team
 
Join Date: Nov 2003
O/S: Windows 10 Home
Location: France
Posts: 11,994
Ok. Then now, open the control panel -> add/remove programs
Uninstall : CtxPls , ISTsvc , Search Relevancy , YourSiteBar , Shopper Reports.

Reboot.

Close all browser windows, run only HijackThis and check :
(Some are perhaps uninstalled)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch

R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\APRPS\CXTPLS.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL

O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [y3yg0] C:\WVGVVFUP.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [t97h36l] SSULLREG.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\VSDBSY.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\VOAFMV.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...e/bridge-c8.cab

Click "Fix checked".

Boot in safe mode, make sure that you can see the hidden files and delete :
C:\PROGRAM FILES\ISTSVC\ <- the folder
C:\PROGRAM FILES\SIDEFIND\ <-the folder
C:\PROGRAM FILES\MEDIA ACCESS\ <-the folder
C:\WINDOWS\SYSTEM\MSXCT.EXE
c:\Program Files\AutoUpdate\ <-folder
C:\WINDOWS\SYSTEM\VSDBSY.exe
C:\WINDOWS\SYSTEM\VOAFMV.exe
C:\WINDOWS\SYSTEM\SSULLREG.EXE
Empty the recycle bin.

Reboot in normal mode.
To clean the remnants : Download "Ad-Aware SE" from:
HERE.
Install, update and run a full system scan. Select and delete everything it finds. Reboot again.

Post a new HijackThis log, please.
Reply With Quote