Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

random IE window pop ups[CLOSED]

Started by keisukey , May 02 2005 12:24 AM

  • This topic is locked This topic is locked

#1
keisukey
Posted 02 May 2005 - 12:24 AM

keisukey

    Member

  • Member
  • PipPip
  • 24 posts
at random times when i'm using the computer or just leaving it on-- sometimes
twice an hour, sometimes every other day-- a few IE windows pop up directing me
to [bleep] sites. couple of weeks ago, I started to use mozilla as the default browser, but nevertheless, some IE windows pop up. back then about a month when i still used IE, along with the pop up windows, i'd get this error message:

microsoft visual C++ runtime library
Runtime Error!
Program: C:\Docume~1\(My user name)\LOCALS~1\Temp\onjg.dat
abnormal program termination

a different *.dat file (like oanj.dat) is created every time this error message pops up--
i've deleted everything in my TEMP folder, but new *.dat files keep on
appearing.
i've read that this often has to do with aol, but i don't have aol; i use
sbcyahoo dsl.
My virus scans, and ad-aware, spybot, and cw shredder scans haven’t been able to detect the malware. I’ve also repaired xp using the installation cd (without formatting the hd), but that doesn’t seem to help. I've restricted these sites under the security tab in the IE options, but it's not helping.
it's really embarrassing, and i cant seem to solve it. anybody know how to
resolve this? Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 1:14:27 AM, on 5/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\PROGRA~1\ETRUST~1\VetTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ProtoWall\ProtoWall.exe
C:\Documents and Settings\Keisuke\Desktop\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\AdobeAcrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SUN Microsystems Consistency checker monitor - {CF64272B-114B-4157-AD8F-1C6235C3B5FF} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: SUN Microsystems Consistency checker monitor - {CF64272B-114B-4157-AD8F-1C6235C3B5FF} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...a0e1e/enter.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {6EBF8F70-4BE2-5A7F-26AB-560818411196} - http://209.8.161.54/1/rdgUS1022.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://www.globalpho...ionale_ver4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://toolbar.azese...l/azesearch.cab
O16 - DPF: {E76AAE10-AF57-4AEA-B33D-C3EDFA414DAE} (S2MPlayer Control) - http://www.sanstream...2/S2MPlayer.cab
O21 - SSODL: vXAArGf - {E090E0C6-4A3A-4A6C-829D-EE6CB9DE7335} - C:\WINDOWS\System32\kyl.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\eTrust EZ Antivirus\VetMsg.exe


Edited by thatman, 03 May 2005 - 03:58 AM.

  • 0

Advertisements

#2
Guest_thatman_*
Posted 02 May 2005 - 04:22 AM

Guest_thatman_*
  • Guest
Hi keisukey

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Using Windows add remove program file's uninstall the following:
C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...a0e1e/enter.cab
O16 - DPF: {6EBF8F70-4BE2-5A7F-26AB-560818411196} - http://209.8.161.54/1/rdgUS1022.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://www.globalpho...ionale_ver4.CAB
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://toolbar.azese...l/azesearch.cab
O16 - DPF: {E76AAE10-AF57-4AEA-B33D-C3EDFA414DAE} (S2MPlayer Control) - http://www.sanstream...2/S2MPlayer.cab
O21 - SSODL: vXAArGf - {E090E0C6-4A3A-4A6C-829D-EE6CB9DE7335} - C:\WINDOWS\System32\kyl.dll
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\WildTangent\<--Delete the whole folder
C:\WINDOWS\System32\kyl.dll<--Delete this file's
Exit Explorer.

Reboot as normal.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
keisukey
Posted 03 May 2005 - 12:39 AM

keisukey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
hmmm, i don't think the folder C:\Program Files\WildTangent\ exists. what should i do?
  • 0

#4
Guest_thatman_*
Posted 03 May 2005 - 04:03 AM

Guest_thatman_*
  • Guest
Hi keisukey

Please continue with the fix:

Your HJT.Log show this O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Kc :tazz:
  • 0

#5
keisukey
Posted 09 May 2005 - 02:12 AM

keisukey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
i am still having the same problem about the pop up windows.
another symptom i've noticed was that upon rebooting or shutting down my computer, sometimes, a Windows Explorer window of MY DOCUMENTS with the FOLDERS toolbar on the left will pop up right before Windows shuts down.

Logfile of HijackThis v1.99.1
Scan saved at 12:19:39 AM, on 5/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SPYWAR~1\SPYWAR~1.EXE
C:\Program Files\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\PROGRA~1\ETRUST~1\VetTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ProtoWall\ProtoWall.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Keisuke\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\AdobeAcrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: SUN Microsystems Consistency checker monitor - {CF64272B-114B-4157-AD8F-1C6235C3B5FF} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: SUN Microsystems Consistency checker monitor - {CF64272B-114B-4157-AD8F-1C6235C3B5FF} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O21 - SSODL: vXAArGf - {E090E0C6-4A3A-4A6C-829D-EE6CB9DE7335} - C:\WINDOWS\System32\kyl.dll (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\eTrust EZ Antivirus\VetMsg.exe



panda scan log:

Incident                      Status                        Location                                                                                                                                                                                                                                                       

Spyware:Spyware/New.net      No disinfected                C:\WINDOWS\NDNuninstall*.exe                                                                                                                                                                                                                                   
Adware:Adware/NavHelper      No disinfected                C:\Program Files\Ares                                                                                                                                                                                                                                         
Adware:Adware/ExactSearch    No disinfected                Windows Registry                                                                                                                                                                                                                                               
Spyware:Spyware/YourSiteBar  No disinfected                C:\WINDOWS\Downloaded Program Files\YSBactivex.???                                                                                                                                                                                                             
Spyware:Spyware/Petro-Line    No disinfected                C:\WINDOWS\Downloaded Program Files\inst2.dll                                                                                                                                                                                                                 
Adware:Adware/AzeSearch      No disinfected                C:\WINDOWS\System32\azesearch.ocx                                                                                                                                                                                                                             
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\Keisuke\Desktop\hijackthis\backups\backup-20050504-234529-297.dll                                                                                                                                                                   
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\Keisuke\Desktop\hijackthis\backups\backup-20050504-234529-297.inf                                                                                                                                                                   
Spyware:Spyware/ISTbar        No disinfected                C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp                                                                                                                                                                                                             
Spyware:Spyware/Petro-Line    No disinfected                C:\WINDOWS\Downloaded Program Files\inst2.dll                                                                                                                                                                                                                 
Spyware:Spyware/YourSiteBar  No disinfected                C:\WINDOWS\Downloaded Program Files\YSBactivex.dll                                                                                                                                                                                                             
Spyware:Spyware/YourSiteBar  No disinfected                C:\WINDOWS\Downloaded Program Files\ysbactivex.inf                                                                                                                                                                                                             
Spyware:Spyware/New.net      No disinfected                C:\WINDOWS\NDNuninstall6_38.exe                                                                                                                                                                                                                               
Adware:Adware/AzeSearch      No disinfected                C:\WINDOWS\system32\azesearch.ocx                                                                                                                                                                                                                             
Virus:Trj/Agent.RQ            Disinfected                  C:\WINDOWS\system32\fxiegwfr.exe                                                                                                                                                                                                                               
Virus:Application/Restart    No disinfected                C:\WINDOWS\system32\Tools\Restart.exe                                                                                                                                                                                                                         


  • 0

#6
Guest_thatman_*
Posted 09 May 2005 - 03:57 AM

Guest_thatman_*
  • Guest
Hi keisukey

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Lets see if this will finds any hidden Trojan’s http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate tne run a full scan save the log when the scan has finnished.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!
http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Reboot when prompted to let it clean out the remaining files.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O9 - Extra button: SUN Microsystems Consistency checker monitor - {CF64272B-114B-4157-AD8F-1C6235C3B5FF} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: SUN Microsystems Consistency checker monitor - {CF64272B-114B-4157-AD8F-1C6235C3B5FF} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O21 - SSODL: vXAArGf - {E090E0C6-4A3A-4A6C-829D-EE6CB9DE7335} - C:\WINDOWS\System32\kyl.dll (file missing)
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

C:\Program Files\Ares<--Delete the whole folder

If you were unable to find any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot.
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
C:\WINDOWS\System32\kyl.dll
C:\WINDOWS\NDNuninstall*.exe
C:\WINDOWS\Downloaded Program Files\YSBactivex.exe
C:\WINDOWS\Downloaded Program Files\inst2.dll
C:\WINDOWS\System32\azesearch.ocx
C:\Documents and Settings\Keisuke\Desktop\hijackthis\backups\backup-20050504-234529-297.dll
C:\Documents and Settings\Keisuke\Desktop\hijackthis\backups\backup-20050504-234529-297.inf
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp
C:\WINDOWS\Downloaded Program Files\inst2.dll
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
C:\WINDOWS\Downloaded Program Files\ysbactivex.inf
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\system32\azesearch.ocx
C:\WINDOWS\system32\fxiegwfr.exe
C:\WINDOWS\system32\Tools\Restart.exe

Reboot as normal

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#7
Guest_thatman_*
Posted 20 May 2005 - 07:59 AM

Guest_thatman_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP