MIGHTYMAX Uninstal required - Gladiator Security Forum

Forum Rules

Greetings,

Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum

Failure to follow these instructions will only result in delays of the cleaning and removal process.

If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.

Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.

Thank You

MIGHTYMAX Uninstal required

Options

Boz View Member Profile	Mar 4 2006, 06:40 AM Post #1
New Member Group: Member Posts: 9 Joined: 4-March 06 Member No.: 17942	I have had the misfortune of downloading PC MightyMax V9 and now that I wish to delete it from my system. The trouble is when I go to add/remove programmes - uninstal this MightyMax tries to install using windows installer. I am at a loss and a getting rather annoyed with the ambulance on my start-up bar continually telling me I have 362 fatal faults and need to purchase the software. Any ideas?

Bobbi Flekman View Member Profile	Mar 4 2006, 11:58 AM Post #2
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Boz, Download HijackThis. http://www.bleepingcomputer.com/files/hijackthis.php http://209.133.47.12/~merijn/files/HijackThis.exe http://www.downloads.subratam.org/hijackthis.zip If you are on Windows XP, extract the file. Do not just doubleclick on it! This opens HijackThis in a temporary folder. This would interfere with the possibility to make back-ups. Unzip to a folder other than your Desktop or the Temp folder. Then, doubleclick HijackThis.exe, and click "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy and paste its contents in this thread. Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results. --------------------

Boz View Member Profile	Mar 5 2006, 09:47 AM Post #3
New Member Group: Member Posts: 9 Joined: 4-March 06 Member No.: 17942	Bobbi, I have followed your instructions, downloaded 'HijackThis', scanned and saved the log. I have attached the log to this reply as an attachment 'hijackthislog' and for the 'belt & braces' also copied it below. All this is gobbledegook to me. What happens now? Best regards ... Alan Logfile of HijackThis v1.99.1 Scan saved at 9:42:07 AM, on 3/5/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\BT BROADBAND 205\HELP\SMARTBRIDGE\BTHELPNOTIFIER.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\TRUEASSISTANT\TRUEASSISTANT.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE C:\PROGRAM FILES\BT BROADBAND 205\HELP\BIN\MPBTN.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\MSOFFICE\WINWORD\WINWORD.EXE C:\WINDOWS\TEMP\TD_0008.DIR\HIJACKTHIS.EXE C:\WINDOWS\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.pcworld.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;<local> R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL F1 - win.ini: run=hpfsched O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIEBHO.DLL O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\HELP\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\SYSTEM\Restore\StateMgr.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE O4 - Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 205\Help\bin\matcli.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm498YYGB O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http:\\www.pcworld.co.uk O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1921423b297451...ip/RdxIE601.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=759e3645064a...aploader_v6.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

Bobbi Flekman View Member Profile	Mar 5 2006, 10:10 AM Post #4
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Alan, Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups. If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder. How do you make a permanent folder: Click "My Computer", then "C:\" and then on "Program Files". In the menu bar, "File"->"New"->"Folder". That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis". Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there. Please create a list of programs that can be removed using Add/Remove Programs Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List". Save the log to a convenient location, and copy it into this thread. --------------------

Boz View Member Profile	Mar 5 2006, 10:55 AM Post #5
New Member Group: Member Posts: 9 Joined: 4-March 06 Member No.: 17942	Bobbi, Having followed your directions the uninstall list is attached and copied.... Enjoy. Boz ACDSee for PENTAX Adaptec Easy CD Creator 4 Adobe Acrobat 4.0, 5.0 Adobe ActiveShare 1.3.1 Adobe Premiere 6.0 Advanced RealMedia Export Plug-in for Premiere 6.0 Broadband Desktop Help BT Voyager 205 ADSL Router BT Yahoo! Applications BT Yahoo! TrueSwitch Wizard Canon PhotoRecord Canon Utilities PhotoStitch 3.1 Canon Utilities ZoomBrowser EX Creative Jukebox Driver Creative MediaSource Creative Removable Disk Manager Creative System Information Creative Zen Micro Google Toolbar for Internet Explorer HijackThis 1.99.1 HP DeskJet 840C Series (Remove only) HP PrecisionScan LTX Internet Explorer Q905915 KeyMaestro Multimedia Driver V1.02.00 KODAK Picture CD LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) Macromedia Flash Player 8 Macromedia Shockwave Player Microsoft AutoRoute 2002 Microsoft Excel 2000 SR-1 Microsoft FrontPage 2000 SR-1 Microsoft Image Composer 1.5 Microsoft Office Professional Microsoft Picture It! Photo Creativity 2001 Microsoft Picture It! Print Studio 2001 Microsoft VGX Q833989 Microsoft Web Publishing Wizard 1.6 Microsoft Works 4.0 Microsoft Works 6.0 MouseWare 9.11 MSN Explorer MSN Messenger 6.2 MSN Toolbar My Web Search (Popular Screensavers) Norton AntiVirus 2005 (Symantec Corporation) NVIDIA Windows 95/98/ME Display Drivers Outlook Express Q837009 Paint Shop Pro 7 PC MightyMax v9 PowerDVD Presto! Image Folio 4.2 Presto! Video Works 4.5 QuickTime RealPlayer Sound Blaster AudioPCI Theme Hospital Trivial Pursuit Millennium Edition Who Wants To Be A Millionaire Windows Millennium Edition KB891711 Update Windows Millennium Edition Q823559 Update Attached File(s) uninstall_list.txt ( 1.63K ) Number of downloads: 171

Bobbi Flekman View Member Profile	Mar 6 2006, 12:34 PM Post #6
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Boz, Open "Add/Remove Programs" in the Control Panel. Select the following items: My Web Search (Popular Screensavers) and click "Remove" for each of them. If one of the uninstallers wants to download stuff or needs an Internet connection, skip that one and report them to me. After that restart your computer and post a fresh log from HijackThis. --------------------

Boz View Member Profile	Mar 6 2006, 05:27 PM Post #7
New Member Group: Member Posts: 9 Joined: 4-March 06 Member No.: 17942	Bobbi, Right I think I have done that, didn't want the popular screen savers anyway. Interestingly the annoying ambulance on my startup bar has disappeared! Logfile of HiJackThis copied below and attached. Happy hunting ... Boz Logfile of HijackThis v1.99.1 Scan saved at 17:24:01 PM, on 3/6/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\BT BROADBAND 205\HELP\SMARTBRIDGE\BTHELPNOTIFIER.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\TRUEASSISTANT\TRUEASSISTANT.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE C:\PROGRAM FILES\BT BROADBAND 205\HELP\BIN\MPBTN.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE C:\WINDOWS\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.pcworld.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;<local> F1 - win.ini: run=hpfsched O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIEBHO.DLL O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\HELP\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [StateMgr] C:\WINDOWS\SYSTEM\Restore\StateMgr.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet O4 - Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 205\Help\bin\matcli.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm498YYGB O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http:\\www.pcworld.co.uk O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1921423b297451...ip/RdxIE601.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=759e3645064a...aploader_v6.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab Attached File(s)* hijackthislog2_word.txt ( 9.31K ) Number of downloads: 139

Bobbi Flekman View Member Profile	Mar 7 2006, 11:50 AM Post #8
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Boz, Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups. If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder. How do you make a permanent folder: Click "My Computer", then "C:\" and then on "Program Files". In the menu bar, "File"->"New"->"Folder". That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis". Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there. Run HijackThis, click on "Scan" and check the boxes next to all these items. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm498YYGB O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1921423b297451...ip/RdxIE601.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=759e3645064a...aploader_v6.cab Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread. --------------------

Boz View Member Profile	Mar 10 2006, 04:56 PM Post #9
New Member Group: Member Posts: 9 Joined: 4-March 06 Member No.: 17942	Hi Bobbi, I have done as requested and here is the result ... and attached. Best of luck ... Boz. Logfile of HijackThis v1.99.1 Scan saved at 16:55:25 PM, on 3/10/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\BT BROADBAND 205\HELP\SMARTBRIDGE\BTHELPNOTIFIER.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\TRUEASSISTANT\TRUEASSISTANT.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE C:\PROGRAM FILES\BT BROADBAND 205\HELP\BIN\MPBTN.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\HPZSTATX.EXE C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.pcworld.co.uk R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;<local> F1 - win.ini: run=hpfsched O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIEBHO.DLL O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\HELP\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\SYSTEM\Restore\StateMgr.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet O4 - Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 205\Help\bin\matcli.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http:\\www.pcworld.co.uk O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

Bobbi Flekman View Member Profile	Mar 10 2006, 05:55 PM Post #10
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Boz, QUOTE C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE You are still running from a temporary location! Please create a list of programs that can be removed using Add/Remove Programs Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List". Save the log to a convenient location, and copy it into this thread. Run HijackThis, click on "Scan" and check the boxes next to all these items. O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread. --------------------

Boz View Member Profile	Mar 11 2006, 10:52 AM Post #11
New Member Group: Member Posts: 9 Joined: 4-March 06 Member No.: 17942	Hi Bobbi, I had a look around and found a shortcut to 'HijackThis' in a temporary file so I have moved it to join the rest in C:\Program Files\HijackThis. I have attached the Uninstall 'Save List' and, below is the new log ... Look forward to hearing from you again ... Boz Logfile of HijackThis v1.99.1 Scan saved at 10:42:16 AM, on 3/11/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\BT BROADBAND 205\HELP\SMARTBRIDGE\BTHELPNOTIFIER.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE C:\PROGRAM FILES\TRUEASSISTANT\TRUEASSISTANT.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE C:\PROGRAM FILES\BT BROADBAND 205\HELP\BIN\MPBTN.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.pcworld.co.uk R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;<local> F1 - win.ini: run=hpfsched O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIEBHO.DLL O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\HELP\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [StateMgr] C:\WINDOWS\SYSTEM\Restore\StateMgr.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet O4 - Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 205\Help\bin\matcli.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http:\\www.pcworld.co.uk O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab Attached File(s)* uninstall_list060311_Word..txt ( 1.6K ) Number of downloads: 145

Bobbi Flekman View Member Profile	Mar 12 2006, 09:13 AM Post #12
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Boz, Open "Add/Remove Programs" in the Control Panel. Select the following items: PC MightyMax v9 and click "Remove" for each of them. If one of the uninstallers wants to download stuff or needs an Internet connection, skip that one and report them to me. QUOTE I had a look around and found a shortcut to 'HijackThis' in a temporary file so I have moved it to join the rest in C:\Program Files\HijackThis. Well, you're still from a temp location. Please delete them and only use the one in C:\Program Files\HijackThis. The log looks clean. So after this PC Mighty Max should be out of your system as well. Still any problems? --------------------

Boz View Member Profile	Mar 12 2006, 12:31 PM Post #13
New Member Group: Member Posts: 9 Joined: 4-March 06 Member No.: 17942	Hi Bobbi, I did what you asked, went to add/remove programs in the control panel, seleceted PC MightyMax v9 then clicked on the remove button. It then did what it was doing originally - A Windows Installer opened which read: 'The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternative path to a folder containing the installation package 'PC MightyMax v 9.msi' in the box below.' It then offers me the 'drop down' menu to browse. This is the original problem in that I had no way of uninstalling it, as far as I could see anyway. As for the quote, hum sorry, it seemed quite sensible when I wrote it, I don't think I have a defence, but if other laugh as much as I did we can count it as a success. Yours ... Boz.

Bobbi Flekman View Member Profile	Mar 12 2006, 01:52 PM Post #14
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hey Boz, then we'll try to get to MightyMax. Launch Notepad, and copy/paste the box below into a new text file. Save it as Options.txt on your Desktop. QUOTE RegSearch Options File [Search] MightyMax Mighty Max [Exclude] [Options] Filter=KVDLUI Download Registry Search and extract it. Doubleclick the icon to run and click on "Import...". Select the file you created above. Click "OK" and Registry Search will search the Registry and report what it finds. Post that here. --------------------

Boz View Member Profile	Mar 12 2006, 09:46 PM Post #15
New Member Group: Member Posts: 9 Joined: 4-March 06 Member No.: 17942	Hi Bobbi, That was fun, enjoyed that. Below is the fruits of it ... look forward to seeing what you make of it Boz REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.0.1 ; Results at 3/12/2006 21:40:23 for strings: ; 'mightymax' ; 'mighty max' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Applications\pcmm.exe\shell] "FriendlyCache"="PC MightyMax will Scan, Diagnose, and Repair Windows and other Software problems with your computer." [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94D5AF0F-E6EE-4A75-BE31-9C9C9A87AD45}] "Comments"="PC MightyMax will Scan, Diagnose, and Repair Windows and other Software problems with your computer." ; Contents of value: ; http://www.pcmightymax.net/ "HelpLink"=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,70,63,6d,69,67,68,74,79,6d,\ 61,78,2e,6e,65,74,2f,00 "URLInfoAbout"="http://www.pcmightymax.net/" "DisplayName"="PC MightyMax v9" "DisplayIcon"="C:\\Program Files\\PC MightyMax\\pcmm.exe" "InstallLocation"="C:\\Program Files\\PC MightyMax\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\\Program Files\\PC MightyMax\\"="" "C:\\WINDOWS\\Start Menu\\Programs\\PC MightyMax\\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Components\4EA95F043A6ED3E469359C2B514C3A13] "F0FA5D49EE6E57A4EB13C9C9A978DA54"="C:\\Program Files\\PC MightyMax\\pcmm.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Components\AF20EA1A456C89149B85D42D2DD030C4] "F0FA5D49EE6E57A4EB13C9C9A978DA54"="C:\\Program Files\\PC MightyMax\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Components\6F668AE09D6D582448E5B11DFAFABBB5] "F0FA5D49EE6E57A4EB13C9C9A978DA54"="C:\\Program Files\\PC MightyMax\\rsrc32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Components\BF6E592E80BCF194FB693CFD316A3DCC] "F0FA5D49EE6E57A4EB13C9C9A978DA54"="C:\\Program Files\\PC MightyMax\\ExeAfter.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Components\54DE467509E8F284DB2F6A81EF007D68] "F0FA5D49EE6E57A4EB13C9C9A978DA54"="C:\\Program Files\\PC MightyMax\\rsrc16.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Components\4E64FB4530FE3AD45901D599CE166E7B] "F0FA5D49EE6E57A4EB13C9C9A978DA54"="C:\\Program Files\\PC MightyMax\\beep.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax] [HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax] "Installdir"="C:\\Program Files\\PC MightyMax\\" [HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\ActiveKey] [HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\LicensedTo] [HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\ResID] [HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\ShowIntro] [HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\ShowSM_Intro] [HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\VersionInfo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\] "i"="C:\\My Documents\\ALAN\\Downloads\\MightyMax refusal.doc" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\doc] "j"="C:\\My Documents\\ALAN\\Downloads\\MightyMax refusal.doc" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe] "d"="C:\\My Documents\\ALAN\\Downloads\\PCMightyMaxSetup.EXE" [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU] "001"="mightymax" [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU] "007"="mightymax" "010"="pcmightymax" [HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\F0FA5D49EE6E57A4EB13C9C9A978DA54] "ProductName"="PC MightyMax v9" [HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\F0FA5D49EE6E57A4EB13C9C9A978DA54\SourceList] "PackageName"="PC MightyMax v9.msi" [HKEY_USERS\.DEFAULT\Software\Microsoft\Open Find 95\Microsoft Word\Settings\Save As\File Name MRU] ; Contents of value: ; MightyMax refusal ; Third subject Logfile 060311 uni ; Logfile 060311 uninstall_list060311 Word. hijac ; uninstall_list060311 Word. hijackthislog2 word instructions Remove Error l ; hijackthislog2 word instructions Remove Error log 3rd Deacons floor work 3rd ADC ; instructions Remove Error log 3rd Deacons floor work 3rd ADC ; Remove Error log 3rd Deacons floor work 3rd ADC ; Error log 3rd Deacons floor work 3rd ADC ; 3rd Deacons floor work 3rd ADC ; 3rd ADC ; "Value"=hex(7):4d,69,67,68,74,79,4d,61,78,20,72,65,66,75,73,61,6c,00,54,68,69,\ 72,64,20,73,75,62,6a,65,63,74,00,4c,6f,67,66,69,6c,65,20,30,36,30,33,31,31,\ 00,75,6e,69,6e,73,74,61,6c,6c,5f,6c,69,73,74,30,36,30,33,31,31,20,57,6f,72,\ 64,2e,00,68,69,6a,61,63,6b,74,68,69,73,6c,6f,67,32,20,77,6f,72,64,00,69,6e,\ 73,74,72,75,63,74,69,6f,6e,73,00,52,65,6d,6f,76,65,00,45,72,72,6f,72,20,6c,\ 6f,67,00,33,72,64,20,44,65,61,63,6f,6e,73,20,66,6c,6f,6f,72,20,77,6f,72,6b,\ 00,33,72,64,20,41,44,43,00,00 [HKEY_USERS\.DEFAULT\Software\PC MightyMax] [HKEY_USERS\.DEFAULT\Software\PC MightyMax\Realtime] ; End Of The Log... Attached File(s)* RegSearch.txt ( 5.18K ) Number of downloads: 153

« Next Oldest · HELP! Think you are Infected? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: