Problems with registry

Welcome to Majorgeeks!

You need to uninstall Viewpoint Manager as indicated in step 0 of the READ & RUN ME.

Also look in C:\windows\system32 and tell me all the files you see that end with a .com extension. Sorting the folder view by type will make that easier. Tell me all filenames and the filesizes. DO NOT do anything other than telling me what you find. However, you can delete regedit.com if found since it is not valid. Only regedit.exe is valid.

 

Delete the below four files:
tracert.com 1KB
tasklist.com 1KB
ping.com 1KB
cmd.com 1KB

Tell me which Win Xp OS you have. Is it Home, Media, or XP Pro?
Now check if the below files exist and what their file sizes are. (Just check for them! These are valid files!)
cmd.exe
ping.exe
tasklist.exe
tracert.exe

Exit ALL browers and delete the below:
C:\Documents and Settings\Doug\Local Settings\Temp <--- delete all files and subfolders in this Temp folder.
C:\Documents and Settings\Raff\Local Settings\Temporary Internet Files\Content.IE5\M013TCBN\sp2-adtegrity-728[1].swf


Question: Did you install the below:
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll

Also do you know what the below service is for:
O23 - Service: WPEServ - Unknown owner - C:\Program Files\Common Files\WPE\wpeserv.exe



Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {B2B9F4C9-C584-F56F-421D-B2F284CD689F} - blank (file missing)
O2 - BHO: (no name) - {B8D60EBB-5565-4392-957B-7164BA087AD4} - blank (file missing)
O3 - Toolbar: Instant Bu&zz - {7475D3FD-5D85-49DB-8B9B-6968467B2D80} - blank (file missing)
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - blank (file missing)
After clicking Fix, exit HJT.

How are things working now?

 

It's not part of Home!

It is still in your log! Thus it still seems to be installed.

That is why I asked you what it is. Locate it and right click on it and see if you can get any Properties and Version info.

I don't know wha you mean. Are you saying regedit minimizes every 5 minutes?

I don't follow what you are trying to tell me.

 

That's not how you get Properties and Version information. HijackThis has nothing to do with this.

Locate C:\Program Files\Common Files\WPE\wpeserv.exe using Windows Explorer and then right click on it and select Properties. Now see if there is a Version tab in the window. If so, select the Version tab and on the next window select each of the listed Item names (one at a time) to get more info about the file. The most important Item is the company name. If there is no Version tab, tell me that too.

Let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

You never complete the steps from the Read Me properly!!!!
Your Ad-Aware Version has not been used for more than a year! Please uninstall your outdated Ad-Aware 6 and download, install, and update the proper version from the link given in the READ & RUN ME!

Use the below online file scanner to check out the C:\Program Files\Common Files\WPE\wpeserv.exe file!

http://virusscan.jotti.org/

Let me know what it finds.


Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: (no name) - {B2B9F4C9-C584-F56F-421D-B2F284CD689F} - blank (file missing)
O2 - BHO: (no name) - {B8D60EBB-5565-4392-957B-7164BA087AD4} - blank (file missing)
O3 - Toolbar: ToolbarBrowser - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O3 - Toolbar: Instant Bu&zz - {7475D3FD-5D85-49DB-8B9B-6968467B2D80} - blank (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - blank (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\TRELLIAN <-- the whole folder
C:\Program Files\Instant Buzz <-- the whole folder

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.