Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Help! Lots of pop-ups! [RESOLVED]


  • This topic is locked This topic is locked

#1
franklinagf

franklinagf

    Member

  • Member
  • PipPip
  • 34 posts
Hello,

I've run Ad-Aware, Spybot and the AVG Free Scan and they found nothing. I also ran CleanUp, but I am still getting pop-ups from loadingwebsite, party poker, american singles, ads2.revenue + more!

Any help would be greatly appreciated!

Thanks,
Angela


Logfile of HijackThis v1.99.1
Scan saved at 1:08:39 AM, on 7/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMPAQ KNOWLEDGE CENTER\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe" -start
O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [tsvcin] C:\N20050308.EXE
O4 - HKLM\..\Run: [uzylkv] C:\WINDOWS\uzylkv.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Reoe] C:\WINDOWS\Application Data\tbar.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .pps: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .ppt: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://cat.fnismls.c...rintControl.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

Advertisements


#2
franklinagf

franklinagf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I've tried everything from your other posts but still no fix!

When I download and try to run the l2mfix, I get a syntax error - cannot find file 'not.txt' (or one of its components). Check to ensure the path and filename are correct and that all required libraries are available.

Any suggestions?

Thanks,
Angela
  • 0

#3
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there franklinagf and welcome to GeekstoGo :tazz:

I am UKBiker and I will be helping you with this log. As it is some time since your original post, can you please do the following-

I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.


UKBiker
  • 0

#4
franklinagf

franklinagf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hello!

Thank you for your reply and assistance! Below is a new "normal" HiJack This log. I will change the settings as you suggested and post the other log next.

Again, thank you for your assistance!

Angela


Logfile of HijackThis v1.99.1
Scan saved at 10:18:55 AM, on 7/13/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .pps: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .ppt: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://cat.fnismls.c...rintControl.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab


Here's the Uninstall List:

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Arabic Language Support
AVG Free Edition
BroadJump Client Foundation
Carbon Copy 32
CleanUp!
Compaq Diagnostics for Windows
Compaq Hardware Discovery
Compaq IE5 Custom US v1.0.0.4
Compaq Knowledge Center
Compaq Wizard Host Online
DrawPlus 3.0
Easy Access Button Support
eTomi Pro(remove only)
FinePixViewer Ver.4.0
Form Viewer
FUJIFILM USB Driver
HijackThis 1.99.1
hp deskjet 3320 series (Remove only)
hp instant support
HyperLoad
Internet Explorer Q883939
J2SE Runtime Environment 5.0 Update 1
Jumpstart First Grade v1.4
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Excel Viewer 97
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Money 2000 Standard Edition
Microsoft Outlook Express 6
Microsoft VGX Q833989
Microsoft Web Publishing Wizard 1.52
Microsoft Word Viewer 97
Microsoft Works 2000
Microsoft XML Parser and SDK
MSN Internet Access 5.3
My DSC
Nero Suite
NetMeeting 3.01
Netscape Communicator 4.7
NVIDIA Windows 95/98*admin Display Drivers
Office Animation Runtime
Outlook Express Q823353
PCTEL Platinum V.90 Modem Drivers
PhotoJam 3
QuickTime
RealFA$T® Forms for North Carolina
RealPlayer Basic
REI Font Installer
Service Connection
Shockwave
SoundMAXWDM
SpongeBob Nick Clickable
Spybot - Search & Destroy 1.3
The Print Shop
Viewpoint Media Player
VX2 Cleaner plug-in for Ad-Aware SE
Windows Installer Clean Up
Windows Millennium Edition KB891711 Update
Windows Millennium Edition Q823559 Update
WMP7 Customizations
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! Toolbar

Edited by franklinagf, 13 July 2005 - 08:30 AM.

  • 0

#5
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there franklinagf ;)

Ok then, this is a strange one for sure, your log looks clean to me but you are still getting problems with popups and redirects. I will need some more info on this problem.

You look to have some items disabled via msconfig. I need to see the log with nothing disabled. So please reconfigure your settings. reboot into Normal Mode.
Then rescan with HJT and post me the new log. I do not need the uninstall list again tho. :tazz:

I see that you have e Tomi pro installed, can you tell me please what you have downloaded with it?

I would also be gratefull if you could tell me what tools you have used in trying to fix this yourself so far.

UKBiker

Edited by ukbiker, 13 July 2005 - 03:52 PM.

  • 0

#6
franklinagf

franklinagf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hey again!

The only thing that has been downloaded with e Tomi pro is music. I already deleted everything that was downloaded from there! (And told my daughter not to download anything else until we could figure this out!) I also downloaded the iPix picture thing today(looking @ hotels for vacation!)

I have used Spybot, Ad-Aware SE, CleanUp, and I downloaded the AVG Free Edition. I downloaded the other thing I mentioned earlier but it would not work because of a missing file or something, so I think I deleted all of that as well.

I just scanned with Spybot and Ad-Aware and both found several things! I fixed those, then did the HiJack This scan. Let me know if you need me to post the scan logs from Spybot and Ad-Aware, I've saved them just in case!

Below is the new HJT log with original configuration and in Normal Mode. The main thing I was disabling is BearShare, which is somthing else my oldest daugther downloaded! I also deleted everything (music files) that she had downloaded using this! Hope you can find something that I've overlooked!

Don't know if this will make any difference but thought I should make you aware....this is a Compaq computer but my twins fried the original motherboard so it now has a HP motherboard!

Thanks,
Angela

Logfile of HijackThis v1.99.1
Scan saved at 7:16:40 PM, on 7/13/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMPAQ KNOWLEDGE CENTER\BIN\MPBTN.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .pps: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .ppt: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://cat.fnismls.c...rintControl.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

Edited by franklinagf, 13 July 2005 - 05:42 PM.

  • 0

#7
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

Ok then, well in summary, you have some apps installed that I would remove ASAP, eTomi and Bearshare for instance, but the log now is clean whereas the original log you posted was indeed dirty. ;) Dont worry though, we will get this sorted out :tazz:

I am going to get some fresh eyes to have a look at this one, I must be missing something, but in the meantime, would you please do the following for me -
1. Update AVG and Adaware to their newest definition files.
2. Reboot into safe mode.
3. Run AVG and Adaware as full system scans, have them fix whatever they find, save any logs produced
4. Reboot into Normal mode and let me know how you got on please

UKBiker,
  • 0

#8
franklinagf

franklinagf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Updated AVG and Ad-aware & scanned in safe mode; neither found anything! I'll post the logs below and a new HJT log.

Thanks again for your assistance!
Angela


Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, July 14, 2005 9:36:25 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R53 07.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):14 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R53 07.07.2005
Internal build : 62
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 488774 Bytes
Total size : 1479419 Bytes
Signature data size : 1447409 Bytes
Reference data size : 31498 Bytes
Signatures total : 41230
CSI Fingerprints total : 943
CSI data size : 32889 Bytes
Target categories : 15
Target families : 704


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:6 %
Total physical memory:63968 kb
Available physical memory:2380 kb
Total page file size:2033180 kb
Available on page file:1975820 kb
Total virtual memory:2093056 kb
Available virtual memory:2044928 kb
OS:Microsoft Windows Millennium Edition

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-14-2005 9:36:25 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293869535
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294932799
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294955099
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:4 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294837107
Threads : 14
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:5 [RUNDLL32.EXE]
ModuleName : C:\WINDOWS\RUNDLL32.EXE
Command Line : rundll32.exe
ProcessID : 4294773347
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:6 [STMGR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
Command Line : C:\WINDOWS\System\Restore\StMgr.exe
ProcessID : 4294852999
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe

#:7 [AVGWB.DAT]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGWB.DAT
Command Line : "C:\PROGRAM FILES\GRISOFT\AVG FREE\avgwb.dat"
ProcessID : 4294707795
Threads : 3
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Basic Interface
InternalName : avgwb
LegalCopyright : Copyright c 2005, GRISOFT, s.r.o.
OriginalFilename : AVGWB.EXE

#:8 [AVGAMSVR.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
Command Line : "C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" -Embedding
ProcessID : 4294829591
Threads : 5
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright c 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:9 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294813711
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright c Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
79 entries scanned.
New critical objects:0
Objects found so far: 14




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14

9:47:04 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:39.450
Objects scanned:70308
Objects identified:0
Objects ignored:0
New critical objects:0




AVG log:
"Partition table (MBR)","ok","Quick checked"
"Boot sector of disk C:","ok","Quick checked"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load","","Scanned"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit","","Scanned"
"System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","","Scanned"
"System registry exefile\shell\open\command","","Scanned"
"System registry scrfile\shell\open\command","","Scanned"
"System registry scrfile\shell\config\command","","Scanned"
"System registry batfile\shell\open\command","","Scanned"
"System registry cmdfile\shell\open\command","","Scanned"
"System registry comfile\shell\open\command","","Scanned"
"System registry piffile\shell\open\command","","Scanned"
"System registry giffile\shell\open\command","","Scanned"
"System registry htmlfile\shell\open\command","","Scanned"
"System registry htafile\shell\open\command","","Scanned"
"System registry jpegfile\shell\open\command","","Scanned"
"System registry txtfile\shell\open\command","","Scanned"
"System registry regfile\shell\open\command","","Scanned"
"System registry cplfile\shell\cplopen\command","","Scanned"
"System registry Word.Document.8\shell\open\command","","Scanned"
"System registry WordPad.Document.1\shell\open\command","","Scanned"
"C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe","ok","Quick checked"
"C:\PROGRA~1\ACCESS~1\WORDPAD.EXE","ok","Quick checked"
"C:\PROGRA~1\GRISOFT\AVGFRE~1\avgamsvr.exe","ok","Quick checked"
"C:\PROGRA~1\GRISOFT\AVGFRE~1\avgcc.exe","ok","Quick checked"
"C:\PROGRA~1\GRISOFT\AVGFRE~1\avgemc.exe","ok","Quick checked"
"C:\PROGRA~1\INTERN~1\IEXPLORE.EXE","ok","Quick checked"
"C:\Program Files\BroadJump\Client Foundation\CFD.exe","ok","Quick checked"
"C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe","ok","Quick checked"
"C:\Program Files\Compaq\Easy Access Button Support\EAClean.exe","ok","Quick checked"
"C:\Program Files\Microsoft Money\System\Money Express.exe","ok","Quick checked"
"C:\Program Files\Motive\motmon.exe","ok","Quick checked"
"C:\Program Files\REGSHAVE\REGSHAVE.EXE","ok","Quick checked"
"C:\Program Files\WordView\WORDVIEW.EXE","ok","Quick checked"
"C:\Program Files\Yahoo!\Messenger\YPager.exe","ok","Quick checked"
"C:\WINDOWS\PCHealth\Support\PCHSCHD.EXE","ok","Quick checked"
"C:\WINDOWS\REGEDIT.EXE","ok","Quick checked"
"C:\WINDOWS\RUNDLL32.EXE","ok","Quick checked"
"C:\WINDOWS\SCANREGW.EXE","ok","Quick checked"
"C:\WINDOWS\SYSTEM\HIDSERV.EXE","ok","Quick checked"
"C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE","ok","Quick checked"
"C:\WINDOWS\SYSTEM\MSHTA.EXE","ok","Quick checked"
"C:\WINDOWS\SYSTEM\MSTASK.EXE","ok","Quick checked"
"C:\WINDOWS\SYSTEM\PRINTRAY.EXE","ok","Quick checked"
"C:\WINDOWS\SYSTEM\SHELL32.DLL","ok","Quick checked"
"C:\WINDOWS\SYSTEM\STIMON.EXE","ok","Quick checked"
"C:\WINDOWS\SYSTEM\SYSTRAY.EXE","ok","Quick checked"
"C:\WINDOWS\SYSTEM\hpztsb07.exe","ok","Quick checked"
"C:\WINDOWS\System\Restore\STATEMGR.EXE","ok","Quick checked"
"C:\WINDOWS\TASKMON.EXE","ok","Quick checked"
"c:\compaq\CPQInet\CPQInet.exe","ok","Quick checked"
"c:\cpqs\bwtools\SCCenter.exe","ok","Quick checked"
"C:\WINDOWS\SYSTEM\kernel32.dll","ok","Quick checked"
"C:\WINDOWS\SYSTEM\wsock32.dll","ok","Quick checked"
"C:\WINDOWS\SYSTEM\user32.dll","ok","Quick checked"
"C:\WINDOWS\SYSTEM\shell32.dll","ok","Quick checked"




Logfile of HijackThis v1.99.1
Scan saved at 10:34:34 AM, on 7/14/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .pps: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .ppt: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://cat.fnismls.c...rintControl.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

Edited by franklinagf, 14 July 2005 - 09:39 AM.

  • 0

#9
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya

Well this is a strange one for sure :tazz:
Are you still getting popups?

I am going to ask one of my colleagues who uses ME himself to have a look at this, but in the meantime, please run this online scan for me -

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

Good luck

(a puzzled)UKBiker
  • 0

#10
franklinagf

franklinagf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi!
Yes, still getting pop-ups! Just while logging in here got the following pop-ups:

www.smileycentral.com/?partner=ZNxuklol

Closed that and got a page titled Fun Web Products

Closed that and got https://autoloansetc...&OVMTC=standard

Before I got that one closed I got http://www.loadingwe...rmal/yyy65.html

Closed it and got http://64.192.130.14...7upV2?query=ron

Just got http://ads2.revenue...._SITE_ID=13960

When I close it I get a box with vb script: Advertisement - Registry Cleaner
Warning: You have not completed the scan. If your computer has errors in the registry database, it could cause unpredictable or erratic behavior, freezes, or crashes. Would you like to scan for and correct any registry problems now?

I clicked NO and got another pop-up....http://adopt.hotbar.com/tpad.jsp?l=8034&sz=pop&rnd=4625

.........and still coming!!!

Run the Trend Micro scan and below is the log.

As much time as I've spent trying to fix this, I probably could have worked and made enough money to buy a new computer! But I still wouldn't be satisfied until I found what is causing it!

Thanks again for your help!


Heres the log:

Started Scanning
Files and Directories
Programs in Memory
Internet URL Shortcuts
Internet Cookies
Found 'partypoker.com' in 'Internet Explorer Cache'
Found 'zedo.com' in 'Internet Explorer Cache'
Found 'edge.ru4.com' in 'Internet Explorer Cache'
Found 'partypoker.touchclarity.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'revenue.net' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning
  • 0

Advertisements


#11
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya franklinagf ;)

Ok, good news ;) and really good news, :help: :help: the good news is that One of my colleagues has identified the infection, the rally good news is that we can fix it, though it may take a few tries to get it all.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Please run this online scan, when it is complete, it will produce a log, please copy and paste that log in your next reply
http://www.pandasoft...n_principal.htm

Good Luck :tazz:

UKBiker
  • 0

#12
franklinagf

franklinagf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
YEAH!!

I ran the Panda Online Scan and was really shocked! It found almost 200 files that are infected! Why are the other scans not picking these up? Anyway, below is the scan log.

Thanks,
Angela


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AKI_3DAE.DLL
Adware:adware/ncase No disinfected C:\WINDOWS\SYSTEM\saie_kyf.dat
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\POLALL1R.INF
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Spyware:spyware/betterinet No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TMU
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RUNMSC.LOADER.1
Adware:adware/wupd No disinfected HKEY_CLASSES_ROOT\CLSID\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MTCN30.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CURVIDDC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CDETCFG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IE50_QCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OFE2NLS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SSI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SDLWAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MZXML3.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VAR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MYNSSPC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CSMOCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXCPXL32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OREPRO32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VEB32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VHMDBG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JWSH400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SRDOCVW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OIECLI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IZHLPAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SKLWOA.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IDAGING.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DCCPCSVC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDWMDM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QNDIT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NIWRSCS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SSELL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LJ32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NWWRSTR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LCCADEL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CTSWPP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SHRAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MVRSERV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UJDM32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\KTUSER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HZSETUP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MEJTER40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RBAUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MYIEFTP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NGWRSJA.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\KBRNEL32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDIMG32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WSPDINFO.DLL
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\pnc25pmx.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NPWDEV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGISAM11.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UEER32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWDAMG9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\dtnwsock.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WIDMLOG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NSSHELL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lkgif11n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MADXMLC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\pdc25pmx.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IP_NDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WGLP32T.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DASENH.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKC42.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SBFOLDER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TNAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RFAPH.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MZVCIRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hbsetup.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ONECLI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RVPILIB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DBMSTOR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LACAJNLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NBSHELL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CBGWIZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DVNIM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\cwrtc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VBB32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IUDKCS32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\rjoc3260.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NLRSPL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HCINK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IM50_QCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QLSNAME.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wwvdmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\FQTIFF16.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WYNALIGN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wgpui.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CGUSALGO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AKI_3DAE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ID50_QC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DTDRAMP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WHNG32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\COUSALGO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NTRSFI.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\SATMAT.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\POLALL1R.INF
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\upd208.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav90E0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80E4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8102.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA1D2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA264.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA270.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB0F0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB121.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB122.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB271.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB272.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC122.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC124.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC173.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC174.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC205.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC211.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC212.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC213.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC220.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC221.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC230.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC240.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC2E3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC2E5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC2F0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC2F2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC2F4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC2F5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC300.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC302.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC303.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC306.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC311.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC312.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC314.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC324.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC372.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC374.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC380.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC381.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC383.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC385.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC390.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC3A5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC3B1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC3B2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC3B3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC3B5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD000.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD001.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD003.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD005.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD014.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD016.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD021.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD023.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD075.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD081.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD082.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD083.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD084.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD086.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD091.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD092.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD093.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD095.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0A0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0A1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0A2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0A4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0D4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0E0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0E1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0E2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0E4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0E5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0F0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0F2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0F3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0F4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD103.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD104.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD105.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD110.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD112.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD113.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD114.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD122.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD184.TMP
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe
  • 0

#13
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There franklinagf ;)

Great, at least we know what is going on now! ;)

Ok then, Lets make a start :tazz:

1) If you have not already done so, Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Please copy and paste these instructions into a text file and then save it to your desktop as you will need to access it in safe mode later in the fix.Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file that you created with these instructions in it, and copy the file names below to the clipboard by highlighting them all and pressing Control-C:

C:\WINDOWS\SYSTEM\AKI_3DAE.DLL
C:\WINDOWS\SYSTEM\saie_kyf.dat
C:\WINDOWS\INF\POLALL1R.INF
C:\WINDOWS\unstall.exe
C:\WINDOWS\SYSTEM\MTCN30.DLL
C:\WINDOWS\SYSTEM\CURVIDDC.DLL
C:\WINDOWS\SYSTEM\CDETCFG.DLL
C:\WINDOWS\SYSTEM\IE50_QCX.DLL
C:\WINDOWS\SYSTEM\OFE2NLS.DLL
C:\WINDOWS\SYSTEM\SSI.DLL
C:\WINDOWS\SYSTEM\SDLWAPI.DLL
C:\WINDOWS\SYSTEM\MZXML3.DLL
C:\WINDOWS\SYSTEM\VAR.DLL
C:\WINDOWS\SYSTEM\MYNSSPC.DLL
C:\WINDOWS\SYSTEM\CSMOCX.DLL
C:\WINDOWS\SYSTEM\MXCPXL32.DLL
C:\WINDOWS\SYSTEM\OREPRO32.DLL
C:\WINDOWS\SYSTEM\VEB32.DLL
C:\WINDOWS\SYSTEM\VHMDBG.DLL
C:\WINDOWS\SYSTEM\MXI.DLL
C:\WINDOWS\SYSTEM\JWSH400.DLL
C:\WINDOWS\SYSTEM\SRDOCVW.DLL
C:\WINDOWS\SYSTEM\OIECLI.DLL
C:\WINDOWS\SYSTEM\IZHLPAPI.DLL
C:\WINDOWS\SYSTEM\SKLWOA.DLL
C:\WINDOWS\SYSTEM\IDAGING.DLL
C:\WINDOWS\SYSTEM\DCCPCSVC.DLL
C:\WINDOWS\SYSTEM\MDWMDM.DLL
C:\WINDOWS\SYSTEM\QNDIT.DLL
C:\WINDOWS\SYSTEM\NIWRSCS.DLL
C:\WINDOWS\SYSTEM\SSELL.DLL
C:\WINDOWS\SYSTEM\LJ32.DLL
C:\WINDOWS\SYSTEM\NWWRSTR.DLL
C:\WINDOWS\SYSTEM\LCCADEL.DLL
C:\WINDOWS\SYSTEM\CTSWPP.DLL
C:\WINDOWS\SYSTEM\SHRAPI.DLL
C:\WINDOWS\SYSTEM\MVRSERV.DLL
C:\WINDOWS\SYSTEM\UJDM32.DLL
C:\WINDOWS\SYSTEM\KTUSER.DLL
C:\WINDOWS\SYSTEM\HZSETUP.DLL
C:\WINDOWS\SYSTEM\MEJTER40.DLL
C:\WINDOWS\SYSTEM\RBAUI.DLL
C:\WINDOWS\SYSTEM\MYIEFTP.DLL
C:\WINDOWS\SYSTEM\NGWRSJA.DLL
C:\WINDOWS\SYSTEM\KBRNEL32.DLL
C:\WINDOWS\SYSTEM\MDIMG32.DLL
C:\WINDOWS\SYSTEM\WSPDINFO.DLL
C:\WINDOWS\SYSTEM\QBUninstaller.exe
C:\WINDOWS\SYSTEM\pnc25pmx.dll
C:\WINDOWS\SYSTEM\NPWDEV.DLL
C:\WINDOWS\SYSTEM\MGISAM11.DLL
C:\WINDOWS\SYSTEM\UEER32.DLL
C:\WINDOWS\SYSTEM\MWDAMG9X.DLL
C:\WINDOWS\SYSTEM\dtnwsock.dll
C:\WINDOWS\SYSTEM\WIDMLOG.DLL
C:\WINDOWS\SYSTEM\NSSHELL.DLL
C:\WINDOWS\SYSTEM\lkgif11n.dll
C:\WINDOWS\SYSTEM\MADXMLC.DLL
C:\WINDOWS\SYSTEM\pdc25pmx.dll
C:\WINDOWS\SYSTEM\IP_NDI.DLL
C:\WINDOWS\SYSTEM\WGLP32T.DLL
C:\WINDOWS\SYSTEM\DASENH.DLL
C:\WINDOWS\SYSTEM\MKC42.DLL
C:\WINDOWS\SYSTEM\SBFOLDER.DLL
C:\WINDOWS\SYSTEM\TNAPI.DLL
C:\WINDOWS\SYSTEM\RFAPH.DLL
C:\WINDOWS\SYSTEM\MZVCIRT.DLL
C:\WINDOWS\SYSTEM\hbsetup.dll
C:\WINDOWS\SYSTEM\ONECLI.DLL
C:\WINDOWS\SYSTEM\RVPILIB.DLL
C:\WINDOWS\SYSTEM\DBMSTOR.DLL
C:\WINDOWS\SYSTEM\LACAJNLL.DLL
C:\WINDOWS\SYSTEM\NBSHELL.DLL
C:\WINDOWS\SYSTEM\CBGWIZ.DLL
C:\WINDOWS\SYSTEM\DVNIM.DLL
C:\WINDOWS\SYSTEM\cwrtc.dll
C:\WINDOWS\SYSTEM\VBB32.DLL
C:\WINDOWS\SYSTEM\IUDKCS32.DLL
C:\WINDOWS\SYSTEM\rjoc3260.dll
C:\WINDOWS\SYSTEM\NLRSPL.DLL
C:\WINDOWS\SYSTEM\HCINK.DLL
C:\WINDOWS\SYSTEM\IM50_QCX.DLL
C:\WINDOWS\SYSTEM\QLSNAME.DLL
C:\WINDOWS\SYSTEM\wwvdmod.dll
C:\WINDOWS\SYSTEM\FQTIFF16.dll
C:\WINDOWS\SYSTEM\WYNALIGN.DLL
C:\WINDOWS\SYSTEM\wgpui.dll
C:\WINDOWS\SYSTEM\CGUSALGO.DLL
C:\WINDOWS\SYSTEM\AKI_3DAE.DLL
C:\WINDOWS\SYSTEM\ID50_QC.DLL
C:\WINDOWS\SYSTEM\DTDRAMP.DLL
C:\WINDOWS\SYSTEM\WHNG32.DLL
C:\WINDOWS\SYSTEM\COUSALGO.DLL
C:\WINDOWS\SYSTEM\NTRSFI.dll
C:\WINDOWS\INF\SATMAT.INF
C:\WINDOWS\INF\POLALL1R.INF
C:\WINDOWS\TEMP\upd208.exe
C:\WINDOWS\TEMP\pav90E0.TMP
C:\WINDOWS\TEMP\pav80E4.TMP
C:\WINDOWS\TEMP\pav8102.TMP
C:\WINDOWS\TEMP\pavA1D2.TMP
C:\WINDOWS\TEMP\pavA264.TMP
C:\WINDOWS\TEMP\pavA270.TMP
C:\WINDOWS\TEMP\pavB0F0.TMP
C:\WINDOWS\TEMP\pavB121.TMP
C:\WINDOWS\TEMP\pavB122.TMP
C:\WINDOWS\TEMP\pavB271.TMP
C:\WINDOWS\TEMP\pavB272.TMP
C:\WINDOWS\TEMP\pavC122.TMP
C:\WINDOWS\TEMP\pavC124.TMP
C:\WINDOWS\TEMP\pavC173.TMP
C:\WINDOWS\TEMP\pavC174.TMP
C:\WINDOWS\TEMP\pavC205.TMP
C:\WINDOWS\TEMP\pavC211.TMP
C:\WINDOWS\TEMP\pavC212.TMP
C:\WINDOWS\TEMP\pavC213.TMP
C:\WINDOWS\TEMP\pavC220.TMP
C:\WINDOWS\TEMP\pavC221.TMP
C:\WINDOWS\TEMP\pavC230.TMP
C:\WINDOWS\TEMP\pavC240.TMP
C:\WINDOWS\TEMP\pavC2E3.TMP
C:\WINDOWS\TEMP\pavC2E5.TMP
C:\WINDOWS\TEMP\pavC2F0.TMP
C:\WINDOWS\TEMP\pavC2F2.TMP
C:\WINDOWS\TEMP\pavC2F4.TMP
C:\WINDOWS\TEMP\pavC2F5.TMP
C:\WINDOWS\TEMP\pavC300.TMP
C:\WINDOWS\TEMP\pavC302.TMP
C:\WINDOWS\TEMP\pavC303.TMP
C:\WINDOWS\TEMP\pavC306.TMP
C:\WINDOWS\TEMP\pavC311.TMP
C:\WINDOWS\TEMP\pavC312.TMP
C:\WINDOWS\TEMP\pavC314.TMP
C:\WINDOWS\TEMP\pavC324.TMP
C:\WINDOWS\TEMP\pavC372.TMP
C:\WINDOWS\TEMP\pavC374.TMP
C:\WINDOWS\TEMP\pavC380.TMP
C:\WINDOWS\TEMP\pavC381.TMP
C:\WINDOWS\TEMP\pavC383.TMP
C:\WINDOWS\TEMP\pavC385.TMP
C:\WINDOWS\TEMP\pavC390.TMP
C:\WINDOWS\TEMP\pavC3A5.TMP
C:\WINDOWS\TEMP\pavC3B1.TMP
C:\WINDOWS\TEMP\pavC3B2.TMP
C:\WINDOWS\TEMP\pavC3B3.TMP
C:\WINDOWS\TEMP\pavC3B5.TMP
C:\WINDOWS\TEMP\pavD000.TMP
C:\WINDOWS\TEMP\pavD001.TMP
C:\WINDOWS\TEMP\pavD003.TMP
C:\WINDOWS\TEMP\pavD005.TMP
C:\WINDOWS\TEMP\pavD014.TMP
C:\WINDOWS\TEMP\pavD016.TMP
C:\WINDOWS\TEMP\pavD021.TMP
C:\WINDOWS\TEMP\pavD023.TMP
C:\WINDOWS\TEMP\pavD075.TMP
C:\WINDOWS\TEMP\pavD081.TMP
C:\WINDOWS\TEMP\pavD082.TMP
C:\WINDOWS\TEMP\pavD083.TMP
C:\WINDOWS\TEMP\pavD084.TMP
C:\WINDOWS\TEMP\pavD086.TMP
C:\WINDOWS\TEMP\pavD091.TMP
C:\WINDOWS\TEMP\pavD092.TMP
C:\WINDOWS\TEMP\pavD093.TMP
C:\WINDOWS\TEMP\pavD095.TMP
C:\WINDOWS\TEMP\pavD0A0.TMP
C:\WINDOWS\TEMP\pavD0A1.TMP
C:\WINDOWS\TEMP\pavD0A2.TMP
C:\WINDOWS\TEMP\pavD0A4.TMP
C:\WINDOWS\TEMP\pavD0D4.TMP
C:\WINDOWS\TEMP\pavD0E0.TMP
C:\WINDOWS\TEMP\pavD0E1.TMP
C:\WINDOWS\TEMP\pavD0E2.TMP
C:\WINDOWS\TEMP\pavD0E4.TMP
C:\WINDOWS\TEMP\pavD0E5.TMP
C:\WINDOWS\TEMP\pavD0F0.TMP
C:\WINDOWS\TEMP\pavD0F2.TMP
C:\WINDOWS\TEMP\pavD0F3.TMP
C:\WINDOWS\TEMP\pavD0F4.TMP
C:\WINDOWS\TEMP\pavD103.TMP
C:\WINDOWS\TEMP\pavD104.TMP
C:\WINDOWS\TEMP\pavD105.TMP
C:\WINDOWS\TEMP\pavD110.TMP
C:\WINDOWS\TEMP\pavD112.TMP
C:\WINDOWS\TEMP\pavD113.TMP
C:\WINDOWS\TEMP\pavD114.TMP
C:\WINDOWS\TEMP\pavD122.TMP
C:\WINDOWS\TEMP\pavD184.TMP
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
C:\WINDOWS\unstall.exe
C:\WINDOWS\SYSTEM\guard.tmp


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

8) Please rerun the panda Active Scan again as you did before and post its new log here for me.

Good Luck

UKBiker

Edited by ukbiker, 17 July 2005 - 09:03 AM.

  • 0

#14
franklinagf

franklinagf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi!

I ran Killbox and inserted the files you listed. But now when I try to run the Panda scan it won't let me! It keeps giving me an error message!

Also got the following pop-ups while trying to run the Panda scan:

dirtyhippo.com
adfarm mediaplex (which redirected to a site that looks like Ebay)
party poker
winantiviruspro.com
loadingwebsite.com
and a pop-up that said Microsoft Visual C++ Runtime Library Buffer overrun detected Program: C:/Windows/Rundll32.exe


Also, it started downloading a file (yyy65) when loadingwebsite came up! I closed the Download box but I believe it still downloaded because it later popped up for me to open that file!

NOW WHAT?

Don't know if this has anything to do with it but yesterday my Ad-aware would not download the new definition file then it wouldn't run!

I wish these people that keep creating these programs would get a life and leave mine alone! :tazz:

Thanks for sticking with me in trying to figure this out!
Angela
  • 0

#15
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There franklinagf

What can I say, I am getting to really dislike this :tazz: ;) ;) :help: :help: piece of :help: :yeah: :yeah: malware!

Ok, I am calm now..........

Can you tell me what error message you got when you tried to run the Panda scan? Also did you get any error messages when you used Killbox to delete the files?

Dont let this get you down, we will beat this.

There is one last tool that I want to try before we go after this thing file by file. :tazz:

Please download WebRoot SpySweeper from HERE (It's a 2 week free trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directoy as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, reboot into Safe Mode, then reopen Spysweeper and click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish, then reboot into normal mode
  • Paste the contents of the session log you copied into your next reply.
Could you also provide me with a new, fresh HJT log please?

UKBiker
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP