Old 9th May 2005, 23:02   #1
pkpilgrim
Junior Member
 
Join Date: May 2005
Posts: 9
o_O

A couple days ago i encountered a problem with my Winamp - Out of know where it would just stop playing. After messing aorund with it and trying different songs I finally got it to work for another day or so. Last night winamp completely failed to work - and continues too today. as a choose a song to play, i double click (expecting winamp to open and play), it simply opens winamp(or doesn't and winamp just lags my computer) and doesn't play the song - all i see is 00:00 - Plz reply back on a thread or Littlegun2@hotmail.com if possible. I've uninstalled and re-installed many times - re-intsalled both 5.08 and .09 - both have the same problem. I cleaned my registry, run mcafee, norton, adware and spybot - nothing helps.
pkpilgrim is offline   Reply With Quote
Old 9th May 2005, 23:10   #2
jmatthews112
Major Dude
 
Join Date: Jun 2003
Posts: 1,661
Send a message via AIM to jmatthews112 Send a message via Yahoo to jmatthews112
Please provide us with the necessary information listed here.

Any third-party plugins?
jmatthews112 is offline   Reply With Quote
Old 9th May 2005, 23:11   #3
pkpilgrim
Junior Member
 
Join Date: May 2005
Posts: 9
not to my knowledge
pkpilgrim is offline   Reply With Quote
Old 9th May 2005, 23:33   #4
pkpilgrim
Junior Member
 
Join Date: May 2005
Posts: 9
radeon 9600, A7N8X-E deluxe(w/e soundcard is with that), 1 gig of kingston ram, athlon 2500+(1.83) processor.
pkpilgrim is offline   Reply With Quote
Old 10th May 2005, 00:51   #5
pkpilgrim
Junior Member
 
Join Date: May 2005
Posts: 9
bump.
pkpilgrim is offline   Reply With Quote
Old 10th May 2005, 19:25   #6
pkpilgrim
Junior Member
 
Join Date: May 2005
Posts: 9
bump2
pkpilgrim is offline   Reply With Quote
Old 10th May 2005, 20:33   #7
siebe83
Forum King
 
siebe83's Avatar
 
Join Date: Feb 2004
Posts: 9,226
When you reinstalled, did you do a clean install? If not, please do so.

After that, try the DirectSound output tweaks.

If no luck...
Which file format are your files in? Mp3/wma/ogg/wav/etc.
Does the problem occur with all files, or only some of them?

When you load the file through the Winamp interface (i.e. click Open button and select files > Open), does the same problem occur?

Include a HijackThis log in your reply.

Btw, on these forums it is common use not to bump your thread within a day. If you don't get a reply after one or two days feel free to bump your thread.

If you're bored go here or, if the boredom is more serious, here.
siebe83 is offline   Reply With Quote
Old 11th May 2005, 01:20   #8
pkpilgrim
Junior Member
 
Join Date: May 2005
Posts: 9
Absolutely no files work - no matter what format. To my knowledge there is absolutley NOTHING to do with winamp lefdt on my computer.
Attached Files
File Type: zip hijackthis.zip (3.9 KB, 98 views)
pkpilgrim is offline   Reply With Quote
Old 11th May 2005, 02:25   #9
DJ Egg
Techorator
Winamp & Shoutcast Team
 
Join Date: Jun 2000
Posts: 35,859
I'm posting a copy of your log here, so I can view/work with it more easily.

You've got some serious spyware/malware issues which need cleaning up.

I'll be back soon with the cleanup instructions

______________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 6:18:45 PM, on 5/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\System32\DVDRAMSV.exe
C:\WINDOWS.000\system32\gearsec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS.000\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\Explorer.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\windows.000\system32\ejmboh.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\windows.000\system32\calc.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\WINDOWS.000\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DrTemp\bho_prob.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ikevuhfbgrehdpshxe.com/o8KCVQ3D/CRH9FF2MlGP8WWEUe1pvItt5BJeuhYitH0miHKvRd387fGvb5aZ1Xgp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS.000\Nail.exe
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS.000\Pynix.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: OpenSite.CBrowserHelper - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - C:\Program Files\Open Site\opnste.dll (file missing)
O2 - BHO: (no name) - {4C460BE7-B004-9BA2-3506-24CAC63A1399} - (no file)
O2 - BHO: (no name) - {967223A4-7D25-5B4E-1A8C-377E9541222B} - C:\DOCUME~1\ADMINI~1\APPLIC~1\EXITOK~1\LOUD GREY.exe
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS.000\System32\nvms.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS.000\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS.000\System32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [ejmboh] c:\windows.000\system32\ejmboh.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS.000\farmmext.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DUPE ACTIVE] C:\DOCUME~1\ADMINI~1\APPLIC~1\oneknob\Five grid media.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.110:8041/Java/cs4ms090.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://eq2beta.station.sony.com/beta_reg/soesysinfo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/UCSearch.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4474/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: msgplusloader.dll, NVDESK32.DLL
O20 - Winlogon Notify: rundlIl32 - rundlIl32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.000\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.000\SYSTEM32\ati2sgag.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS.000\System32\DVDRAMSV.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS.000\system32\gearsec.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS.000\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
DJ Egg is offline   Reply With Quote
Old 11th May 2005, 03:01   #10
DJ Egg
Techorator
Winamp & Shoutcast Team
 
Join Date: Jun 2000
Posts: 35,859
You've got some serious spyware/malware on your system.

Please download the Aurora/BetterInternet Uninstaller
http://www.mypctuneup.com/evaluate.php

Don't run it just yet.
See my instructions below for when to run it.

Read the instructions first
(need to be online, and requires all windows to be closed first - but ignore the bit about turning off your firewall, heh)

This should hopefully automatically fix the following items from your HJT log:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS.000\Nail.exe

O4 - HKLM\..\Run: [ejmboh] c:\windows.000\system32\ejmboh.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS.000\svcproc.exe


Because these hijackers are also associated with DirectRevenue/BetterInternet marketing scum,
it might also auto fix these Transponder entries as well.

O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS.000\Pynix.dll

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DrTemp\bho_prob.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS.000\farmmext.exe

More info about these scumbags here:
http://www.doxdesk.com/parasite/Transponder.html
http://www3.ca.com/securityadvisor/p...x?id=453076992
http://www.webhelper4u.com <-- <3

_________________________________________________


Also download the following:

C2/Lop.com Uninstaller - http://www.thespykiller.co.uk/files/lopremover.exe

(in future, pay attention when installing things like MessengerPlus3,
there was an option in the installer not to install the bundled lop.com adware)

Ad-Aware SE - http://www.lavasoft.de/software/adaware/
Install Ad-Aware, but don't run the scan just yet.
You should get the detection updates during installation,
but if not, open Adaware, click "check for updates now" and then "connect".
Then close Adaware. We will run the actual scan later.

Microsoft AntiSpyware Beta - http://www.microsoft.com/athome/secu...e/default.mspx
Just download this, but don't install it just yet.

_____________________________________________________


Close all programs and close all browser/email/explorer windows

______________________________________________________


Open HijackThis

Click "Open the Misc Tools section", then click "Open Process Manager"

Hi-lite the following processes, and click "Kill process"

C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DrTemp\bho_prob.exe
C:\windows.000\system32\ejmboh.exe

Then click the "Back" button in the bottom right corner to return to the Scan screen. Run the HJT scan.

Place a checkmark next to the following items ONLY, and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ikevuhfbgrehdpshxe.com/o8KCVQ3D/CRH9FF2MlGP8WWEUe1pvItt5BJeuhYitH0miHKvRd387fGvb5aZ1Xgp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS.000\Pynix.dll

O2 - BHO: OpenSite.CBrowserHelper - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - C:\Program Files\Open Site\opnste.dll (file missing)

O2 - BHO: (no name) - {4C460BE7-B004-9BA2-3506-24CAC63A1399} - (no file)

O2 - BHO: (no name) - {967223A4-7D25-5B4E-1A8C-377E9541222B} - C:\DOCUME~1\ADMINI~1\APPLIC~1\EXITOK~1\LOUD GREY.exe

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS.000\System32\nvms.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS.000\System32\mscb.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS.000\System32\msbe.dll

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [ejmboh] c:\windows.000\system32\ejmboh.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS.000\farmmext.exe

O4 - HKCU\..\Run: [DUPE ACTIVE] C:\DOCUME~1\ADMINI~1\APPLIC~1\oneknob\Five grid media.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab

O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/UCSearch.CAB

O20 - Winlogon Notify: rundlIl32 - rundlIl32.dll (file missing)

____________________________________________


Close HJT


Run the Lop.com uninstaller

If prompted to reboot, don't.


Run the Aurora/BetterInternet Uninstaller

Follow the prompts.

Reboot.

____________________________________________


To make sure you can view hidden and system files,
Go to: Control Panel > Folder Options > View tab:
Checkmark "show hidden files"
Uncheck "hide extensions for known file types"
Uncheck "Hide protected operating system files"
OK everything and close Folder Options.


Empty all Temp folders (delete all files & subfolders within, but do not delete the actual Temp folders):

C:\Documents and Settings\(profile)\Local Settings\Temp\
C:\Windows\Temp\
C:\Temp\ (if it exists)


Locate and delete the following files (if they still exist):
C:\WINDOWS.000\farmmext.exe
c:\windows.000\system32\ejmboh.exe

Locate and delete the following folders (if they still exist):
C:\Program Files\ISTbar
C:\Program Files\Media Access
C:\Documents and Settings\Administrator\Application Data\oneknob



Go to: Control Panel > Internet Options:
General tab > Temporary Internet Files > Delete Files:
Checkmark "Delete all offline content"
Click OK

Go to the "Programs" tab, then click the "Reset Web Settings" button.
Click Apply.
Note: You then might need to reset your desired home page c/o General tab

Go to the "Security" tab
Click on "Internet Zone" and then click "Default Level"

Click Apply, then click OK to close Internet Options.



Empty the Recycle Bin



Disable System Restore
Control Panel > System > System Restore tab:
Checkmark "Turn off system restore"
Click Apply/OK
(You can re-enable system restore once your system is confirmed clean).


______________________________________________


Run Ad-Aware SE scan
In the main Ad-Aware window, click "Start"
Checkmark "do a full system scan"
Uncheck "search for negligible risk entries"
Click "Next" to start the scan.
Checkmark all results, and click "Next" to fix.


Install Microsoft AntiSpyware
Get the latest detection updates
Run the scan


Good luck
DJ Egg is offline   Reply With Quote
Old 11th May 2005, 12:49   #11
pkpilgrim
Junior Member
 
Join Date: May 2005
Posts: 9
Thank u very much for the help Dj Egg. This is the "HiJack This" Log after following your instructions.
Attached Files
File Type: zip hijackthis.zip (2.8 KB, 96 views)
pkpilgrim is offline   Reply With Quote
Old 11th May 2005, 16:35   #12
DJ Egg
Techorator
Winamp & Shoutcast Team
 
Join Date: Jun 2000
Posts: 35,859
Yes, that's much much better

There's just this one entry left to fix:

O2 - BHO: OpenSite.CBrowserHelper - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - C:\Program Files\Open Site\opnste.dll (file missing)

More info:
http://castlecops.com/clsid-202.html
http://sarc.com/avcenter/venc/data/adware.opensite.html
http://www.pestpatrol.com/pestinfo/o/opensite.asp


How's your system running now, btw? Any better?
DJ Egg is offline   Reply With Quote
Old 11th May 2005, 17:46   #13
pkpilgrim
Junior Member
 
Join Date: May 2005
Posts: 9
Yes runs much better, thnx again . By the way - what kind of tunes u Dj with ? Mix/produce? I personally mix Techno/Trance and occasionally produce. If u wanna get together sometime n spin some stuff hit me up at littlegun2@hotmail.com
pkpilgrim is offline   Reply With Quote
Old 11th May 2005, 17:49   #14
pkpilgrim
Junior Member
 
Join Date: May 2005
Posts: 9
Got winamp to work now btw - Woot :P
pkpilgrim is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump