ambience
@cable.rogers
| reply to CalamityJane
Re: Do you trust the uninstaller?
Ok, so I used the fix, and it cleaned the problems, but when I rebooted in normal windows, the problems came right back. Those registry keys it deleted returned and i have system restore turned off. I'm still unable to see Device manager or my network adapters.
here's my log ----
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\x AMBIENCE x\Desktop\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45]
@="vzx658AHIIHIIJI8Zw\\bhBcHIIHXKIrdiioInF9Az3ONIy8:Cz89IvAv8:y\\zJ9F9"
"Device"="\\\\.\\rEbgGMuH"
"DriverPath"="C:\\WINNT\\System32\\drivers\\ataridge.sys"
"DriverName"="aecport"
"HideUninstallerName"="C:\\Program Files\\Abcrixxx\\dmlphost.exe"
"UninstallerPath"="C:\\WINNT\\System32\\minvdmod.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{EFA0C85E-FA86-4516-BE63-1BD72C253A34}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINNT\\System32\\atrctrac.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xeaafef2-cba3-7c9a-0cb5-ccb96dcaee12}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Abcrixxx\\srrdocvw.exe"
************
Removing hidden service:
Service aecport removed.
Removing hidden folder:
Deletion of folder Abcrixxx succeeded!
Deleting files:
Deletion of file C:\WINNT\System32\drivers\ataridge.sys succeeded!
Deletion of file C:\WINNT\System32\ddrtopen.exe succeeded!
Deletion of file C:\WINNT\System32\atrctrac.dll succeeded!
Deletion of file C:\WINNT\System32\minvdmod.exe succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\CsXhrAvFfS45]
[-HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EFA0C85E-FA86-4516-BE63-1BD72C253A34}]
Done!
Finished! |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| said by ambience :
Ok, so I used the fix, and it cleaned the problems, but when I rebooted in normal windows, the problems came right back. Those registry keys it deleted returned and i have system restore turned off. I'm still unable to see Device manager or my network adapters.
That's a first! It is possible you have some securtiy program settings that are blocking the changes? Are you running Adaware with Adwatch enabled?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
ambience
@cable.rogers
| I do have adaware installed, but AdWatch is turned off.
HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45 keeps returning even after deleting that key in safe mode. I ran the fix again in safe mode and it couldn't find anything this time.
Also after looking through my system and googled some files, I seem to have RtKit files on my system, that too will not go away after being picked up by spybot, the spf.sys are all over my computer, deleting the registry keys LEGACY_NPF seem to have no effect as directed by some sites. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| said by ambience :
I do have adaware installed, but AdWatch is turned off. Just turning it off is sometimes not enough. It adds them back when you re-enable it on reboot.
Make sure you have disabled Adwatch in this manner:
This to Disable AdWatch
Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.
quote:
HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45 keeps returning even after deleting that key in safe mode. I ran the fix again in safe mode and it couldn't find anything this time.
So you are saying the AproposFix log now comes up clean?
quote:
Also after looking through my system and googled some files, I seem to have RtKit files on my system, that too will not go away after being picked up by spybot, the spf.sys are all over my computer, deleting the registry keys LEGACY_NPF seem to have no effect as directed by some sites.
quote:
Those two files I do not see in the log. Possibly you have something else on the system besides this pest? If so, AproposFix will not address those. Go through these steps and post a new topic. We'll see if we can help.
»Security »I think my computer is infected or hijacked. What should I do?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
ambience
@cable.rogers
| ok, I don't have ad-watch on because my version of adaware doesn't have it hehe. I do have spysweeper installed, I've noticed sometimes it blocks things.
The log below is what I get when I scanned again. Still no device manager
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\x AMBIENCE x\Desktop\aproposfix
************
Registry entries found:
************
No service found!
Removing hidden folder:
No folder found!
Deleting files:
Backing up files:
Done!
Removing registry entries:
REGEDIT4
Done!
Finished! |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| ambience,
That log is clean so we've exhausted that. For remaining issues you'll need to go here:
»Security »I think my computer is infected or hijacked. What should I do?
and then post a new topic. |
|
