ATMCLK.exe HIJACKTHIS

i went through all of the steps as listed in the official hijackthis thread.. steps 1-6 where you are supposed to download all the software and run them all... i had most of the softeware already, but i went over everything again and i updated everything, rebooted in safe mode and ran all of the malware blockers/ cleaners, rebooted into normal mode and ran hijackthis.

the problem i keep having is i keep checknig my systems task manager and the same two programs always seem to be there.. ATMCLK.exe and DCOMCFG.exe. i tried getting and using prevx1 but it didnt really work or help.. i think those two programs are the main source of my pop ups.. i do use mozilla firefox, so im not sure what to do.


the logfile i got from hijackthis is:

 

HijackThis not installed correctly. Save to your desktop, right-click Move_HijackThis. Double-click Move_HijackThis.vbs. This will move HijackThis to the required location.

You have an infection that is a little more serious, so we will deal with that first.

Follow the directions for the following:
SpywareQuake & SpyFalcon Removal Procedure
Running Ewido Anti-Malware

Post smitfiles.txt, the Ewido log and a fresh HijackThis log.

 

alright, i did all that stuff, but the "fixquake.reg" didnt go into the registry



and thank you for the help so far

 

ill download those, or, redownload some.. hijackthis seemed to work, but ill reinstall it, and same with the others..

and i did delete atmclk.exe, but thats the thing that keeps coming back on my computer.


ill repost when i do the steps again

 

i found and deleted twain32 and atmclk the first time, and hpf8bc was never on my computer



and when i try to get bitdefender, it says i need to get a "volume license volume key" that is valid. i had no idea my VLK was invalid

 

im not sure why the registry patch did not work, but im going to redo all the steps and make sure it works

 

Let's start at the beginning.

At first you had HijackThis installed in a folder on your desktop. I gave you a link to a Visual Basic Script that when ran would move HijackThis to the proper location on your Hard Drive. The second time you ran HijackThis you ran it directly from the ZIP file. Neither method is correct.

As chaslang pointed out you did not follow our standard cleaning procedures before posting. We ask that you do this for a very good reason.

You have 2 infections that are visible in your HijackThis log; a SpywareQuake/SpywareFalcon infection and a Wareout infection. The wareout infection is the more serious of the 2 infections.

I gave you instructions for removing SpywareQuake it is the easier of the 2 infections to remove.

Do the following:

DO NOT skip any steps.

Follow our standard cleaning procedures. There are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

In addition to the above; follow the directions for the following:
SpywareQuake & SpyFalcon Removal Procedure
Running Ewido Anti-Malware

Post the following logs as attachments: (Will take 2 posts)
- Online BitDefender Scan Log
- Online Panda ActiveScan Log
- smitfiles.txt
- Ewido AntiMalware Scan Log
- HijackThis Log.

HijackThis is the last item to be run. DO NOT run HijackThis before you complete all the other scans and the SpywareQuake fix. Ewido AntiMalware is to be ran after the SpywareQuake fix and before HijackThis.

After we have removed the SpywareQuake/SpywareFalcon infection we will work on removing Wareout.

 

okay, just back from vacation, sorry about that.


i started over from the begining and i encountered a problem. the "READ & RUN ME FIRST Before Asking for Support" page tells me to download a bunch of programs and install them.

i got them all, and they all work except for "Microsoft Windows Defender 1051 (Beta 2)". when i install it, it comes up with an error message and cancels out of the installation. the message it gives is: "The computer has an invalid Volume License Product Key (VLK). To obtain a vaild key, please contact the computer manufacturer or the compant from which you purchased the computer."

i didnt know i had an invalid volume license product key

 

You are going to have to contact Microsoft. Apparently your copy of Windows is using an invalid VLK. This was common practice by many custom PC builders, not legal by any means. You will need to obtain a valid licence for your OS.

I will continue to help you remove the infection. After that you will receive no further assistance; until you have a legal copy of Windows on your computer.

Skip Windows Defender and use Counter Spy instead.

 

i went through all the steps, and followed everything


other than not being able to use Microsoft Windows Defender 1051 (Beta 2), everything seemed to work fine

all the log files are attached, there should be 6, altogether

 

and the other files:

 

Uninstall imesh.
iMesh is a peer-to-peer file sharing software. The software maintains a list of targeted sites and search terms. Once a match is found it will open a popup windows to display predetermined advertisement. It can cause browser crashes after monitored form submissions.

Follow these removal instruction to remove iMesh from your computer( Before proceeding, you should move any documents in iMesh folder that you wish to keep):

1. Click Start -> Settings -> Control Panel, and double-click Add or Remove Programs.
2. Scroll down the list till you find the iMesh entry. Then click Remove or Change/Remove. Follow the on screen instruction to finish the uninstallation automatically.
3. Open the Program Files directory and delete the iMesh folder along with all the files within it.
4. Open the Windows System32 directory and delete the imesh_cache folder along with all the files within it.
5. Return to Add or Remove Programs in the Control Panel and locate iMesh ads support.
6. Select iMesh ads support and click Change/Remove .
7. Since iMesh may be bundled with other adware, you may have to remove these adwares as well:

eZula TopText , New.Net , CommonName , FlashTrack

Using Add or Remove Programs in the Control Panel, Uninstall everything from Viewpoint.

Using Add or Remove Programs in the Control Panel, Uninstall Weatherbug, unless this is the paid version.

Using Add or Remove Programs in the Control Panel, Unistall My Search Bar. Could also be listed as My Way Speedbar or My Way Search Assistant.

Run the SpywareQuake & SpyFalcon Removal Procedure again. Your CounterSpy log indicates that you still have a Zlob infection.

Follow the procedure for Virtumonde aka Trojan Vundo Removal. Your CounterSpy log also show remanents of this infection.

Download
- Pocket Killbox

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.

On the page that opens, scroll down to Service ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the 'None of the above, just start the program' button at the bottom of the choices. At the lower right, click on the 'Config' button, and then the 'Misc tools' button ... select 'Delete an NT Service' ... copy/paste the following into the box that opens, and press 'OK':

Service

Download FixWareout by Lonny and save it to your Desktop.

• Please locate your download of FixWareout and INSTALL it.
• Be sure that Run fixit is checked.
• Click Finish to begin the fix.
• Follow the prompts and Reboot when asked to do so.
• Upon Reboot, follow the prompts and HijackThis should open.

Now scan and have HJT Fix the following:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

heres the newest logs:

 

Uninstall these versions of Java:

Scan with HijackThis and fix this line:

REBOOT

Post a fresh HijackThis log.

Who is your computer running?

 

i got rid of those two java programs

what do you mean by "who is your computer running?"

 

Sorry, typos. I mean how is your computer running?

 

my computer seems to be running fine

the initial problems of atmclk.exe and dcomfg.exe have both been removed, and that was my main concern, as for the other stuff, i had no idea my computer had "zlob infection" and extra java programs running. like most people, im not an expert at computers


thank you for all of your help, its really appreciated! =)

 

Lets flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.

 

alright, thanks again =)