Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Adware Removal [resolved]

Started by Fluteloop , Aug 04 2005 07:14 PM

This topic is locked

#1
Fluteloop

Posted 04 August 2005 - 07:14 PM

New Member

Member
7 posts

Hello. For the past couple of weeks I keep getting pop-up windows from loadingwebsite and paypopup, and I found out it's adware, but Ad-Aware, AVG, Spyboy, Search and Destroy don't pick it up, so I was hoping maybe you guys can help. I will post my log. Thanks before hand.

#2
Fluteloop

Posted 04 August 2005 - 07:17 PM

New Member

Topic Starter
Member
7 posts

Logfile of HijackThis v1.99.1
Scan saved at 03:00:41, on 01/01/01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARCHIVOS DE PROGRAMA\IOLO\SYSTEM MECHANIC 4 PROFESSIONAL\SMNSTLWTCH.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\MIS DOCUMENTOS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbtqzbjzf...L0JAK8yt2y3.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mixmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telefonica.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 69.61.38.52 ie.search.msn.com
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B8719F2E-D323-A2DC-20E4-D3865BBFDBE3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\ARCHIVOS DE PROGRAMA\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {C84A0D22-651C-A1AC-D2C0-66516D2E9981} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab

#3
Fluteloop

Posted 05 August 2005 - 06:10 PM

New Member

Topic Starter
Member
7 posts

Hello. I posted here yesterday cuz I had a problem with adware that couldn't be resolved with Ad-Aware, Spybot and Search and Destroy, so I downloaded Hijack This to see if I could get some help here, but looks like my post got erased. WHy is that? The adware that keeps popping up is loadingwebsite and paypopup. Please can someone help me. Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 02:04:37, on 02/01/01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MIS DOCUMENTOS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbtqzbjzf...L0JAK8yt2y3.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mixmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telefonica.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 69.61.38.52 ie.search.msn.com
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B8719F2E-D323-A2DC-20E4-D3865BBFDBE3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\ARCHIVOS DE PROGRAMA\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {C84A0D22-651C-A1AC-D2C0-66516D2E9981} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab

Edited by Fluteloop, 05 August 2005 - 06:12 PM.

#4
g2i2r4

Posted 06 August 2005 - 04:59 AM

retired HiJack Helper

Retired Staff
5,080 posts

Welcome Fluteloop to Geeks to Go!

Your previous topic wasn't removed, I found it and merged it into this one.

Please download L2m9xfix.

Unzip it to the desktop and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbtqzbjzf...L0JAK8yt2y3.cgi

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {B8719F2E-D323-A2DC-20E4-D3865BBFDBE3} - (no file)

O3 - Toolbar: (no name) - {C84A0D22-651C-A1AC-D2C0-66516D2E9981} - (no file)

O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Then please reboot your computer to normal mode.

***

Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program.

***

Post back to this topic using the button 'add reply' with a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.

#5
Fluteloop

Posted 06 August 2005 - 10:16 AM

New Member

Topic Starter
Member
7 posts

Hi g2i2r4. Thanks for the help. I said my first post was erased, but then after posting the second post, I thought that maybe it was the fact that there are so many posts in this forum, that it gets lost in the shuffle. Anyway, here's the log from Runthis.bat.

Log of L2M9XFix v1

************

Running from directory:
C:\Mis documentos\Runthis\l2m9xfix

************

Files found:

C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WXVCORE.DLL
C:\WINDOWS\system\WXVCORE.DLL
C:\WINDOWS\system\WXVCORE.DLL
C:\WINDOWS\system\WXVCORE.DLL

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"

[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"

[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"

[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"

AND NOW HERE IS THE NEW LOG FROM HIJACK THIS.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mixmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telefonica.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.es/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\ARCHIVOS DE PROGRAMA\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab

Hope to hear from you soon, and thanks again.

#6
g2i2r4

Posted 06 August 2005 - 10:52 AM

retired HiJack Helper

Retired Staff
5,080 posts

The logs look clean. Is the computer running ok now?

#7
Fluteloop

Posted 06 August 2005 - 02:50 PM

New Member

Topic Starter
Member
7 posts

Yes looks like it. Although I have a little problem with the taskbar after I opened runthis.bat, gonna see if I can fix it myself, if not, I'll repost on the forum. THANK YOU SOOOOOOOOOOO MUCH. Not like adware is as dangerous as spyware, but still annoying. THAAAAAAAAANKS.

#8
g2i2r4

Posted 06 August 2005 - 03:29 PM

retired HiJack Helper

Retired Staff
5,080 posts

I'll keep the topic open for a while then.

#9
Fluteloop

Posted 06 August 2005 - 06:08 PM

New Member

Topic Starter
Member
7 posts

I got the taskbar problem fixed, so thanks alot, and you can close the topic if you'd like.

#10
g2i2r4

Posted 07 August 2005 - 04:08 AM

retired HiJack Helper

Retired Staff
5,080 posts

Please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
  - Change the Download signed ActiveX controls to Prompt
  - Change the Download unsigned ActiveX controls to Disable
  - Change the Initialize and script ActiveX controls not marked as safe to Disable
  - Change the Installation of desktop items to Prompt
  - Change the Launching programs and files in an IFRAME to Prompt
  - Change the Navigate sub-frames across different domains to Prompt
  - When all these settings have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.