Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

BookedSpace or Comparishopper?

Started by samuelsfamily , Sep 04 2005 09:35 AM

Please log in to reply

#16
loophole

Posted 10 September 2005 - 03:46 PM

Malware Expert

Retired Staff
9,798 posts

Here we go :tazz:

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

FwBarTemp
Aprps

Now open pocketkillbox Select the option "Delete on reboot".
Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:
Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'
The entire list should now be in the "Full Path of File to Delete"
field.To check, click on the dropdown-arrow next to that field.
If you expand it, these lines should all be there

C:\WINDOWS\SYSTEM\hcawect.exe
C:\WINDOWS\SYSTEM\hiijyea.sys
C:\WINDOWS\SYSTEM\bpfbbd.exe
C:\WINDOWS\SYSTEM\bpfbbf.exe
C:\WINDOWS\SYSTEM\VVSNInst.exe
C:\WINDOWS\SYSTEM\adstartup.exe
C:\WINDOWS\SYSTEM\modgxyz.exe
C:\WINDOWS\SYSTEM\p4ghe7o2.dll
C:\WINDOWS\TEMP\wrapperouter.exe
C:\WINDOWS\TEMP\180SAAX.cab[clientax.inf
C:\WINDOWS\TEMP\clientax.inf
C:\WINDOWS\TEMP\iF2F2.TMP
C:\WINDOWS\TEMP\ckz.tmp17b8f\Setup.exe
C:\WINDOWS\TEMP\uninstall.exe
C:\WINDOWS\TEMP\ckz.tmp52eb87\SilentInstallW32.exe
C:\WINDOWS\Desktop\backups\backup-20050904-224620-901.dll
C:\WINDOWS\fkqoonjb.exe
C:\Program Files\FwBarTemp
C:\Program Files\Aprps

Then press the red button with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot, click YES.When it asks if you would like to Reboot now, click YES.

Post a new hijack log and tell me how your system is running now.

Thanks

Edited by loophole, 10 September 2005 - 03:46 PM.

#17
samuelsfamily

Posted 11 September 2005 - 11:35 AM

Member

Topic Starter
Member
20 posts

my computer seems to be running better, so far so good! :tazz:

I hope it stays that way...........

Here is the new Hijack this -

Logfile of HijackThis v1.99.1
Scan saved at 11:30:14 AM, on 9/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PERSONAL MONEY TREE\PERSONALMONEYTREE.EXE
C:\PROGRAM FILES\EFAX MESSENGER 3.5\J2GDLLCMD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\EFAX MESSENGER 3.5\J2GTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SAMSUNG\DIGIMAX VIEWER 1.0\DIGIMAXVIEWER.EXE
C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\SYSTEM\guarnset.exe
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKLM\..\Run: [p76X36W] GSMONCE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ConquerCam] C:\PROGRAM FILES\CONQUERCAM\CONQUERCAM.EXE /tray
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Digimax Viewer 1.0.lnk = C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq...D_v4_Member.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3C200107-2959-4C6E-91B8-F6D911B398A8} (Driver_Detective_v43_Members.DD_v43) - http://www.drivershq...v43_Members.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

THANKS!!

#18
loophole

Posted 11 September 2005 - 11:47 AM

Malware Expert

Retired Staff
9,798 posts

Few more things to get, but first can you do this

Can you do a search for this file 3dfxCmn.dll and this one GSMONCE.EXE and tell me where they are located i.e.
C:\WINDOWS\GSMONCE.EXE or C:\WINDOWS\SYSTEM\GSMONCE.EXE

#19
samuelsfamily

Posted 11 September 2005 - 01:32 PM

Member

Topic Starter
Member
20 posts

When I searched for 3dfxCmn.dll it said it was in C:\WINDOWS\SYSTEM folder and when I searched for GSMONCE.EXE it didn't find it. ( said there where no items to display)

#20
loophole

Posted 11 September 2005 - 01:39 PM

Malware Expert

Retired Staff
9,798 posts

Thanks

Please go here: Jotti

Click the "browse" button and locate this file:

C:\Windows\System\3dfxCmn.dll

Click "Open", then click the "Submit" button. Copy the results and paste them here.

#21
samuelsfamily

Posted 11 September 2005 - 02:03 PM

Member

Topic Starter
Member
20 posts

File: 3dfxCmn.dll
Status:
OK
MD5 bc3be69fef3d5c399d515b60ef111b76
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

#22
loophole

Posted 11 September 2005 - 02:15 PM

Malware Expert

Retired Staff
9,798 posts

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\SYSTEM\guarnset.exe
O4 - HKLM\..\Run: [p76X36W] GSMONCE.EXE

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Open HiJackThis. It should open to a "New users quickstart" menu
Click "Open the Misc Tools section"
Click "Delete a file on reboot..."
In the "Enter file to delete on reboot..." window, navigate to:

C:\WINDOWS\SYSTEM

And select the file

guarnset.exe

Then click Open. After you click Open, HiJackThis will ask you if you want to restart your computer now. You do, so click Yes.

Post a new hijack log and tell me how your system is running now.

Thanks :tazz:

#23
samuelsfamily

Posted 12 September 2005 - 06:41 PM

Member

Topic Starter
Member
20 posts

My computer seems to be okay, no more pop ups and the comparishopper isn't at the bottom of desktop any more. THANKS for helping!!!

Here is the new Hijack this -

Logfile of HijackThis v1.99.1
Scan saved at 6:46:09 PM, on 9/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PERSONAL MONEY TREE\PERSONALMONEYTREE.EXE
C:\PROGRAM FILES\EFAX MESSENGER 3.5\J2GDLLCMD.EXE
C:\PROGRAM FILES\EFAX MESSENGER 3.5\J2GTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SAMSUNG\DIGIMAX VIEWER 1.0\DIGIMAXVIEWER.EXE
C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ConquerCam] C:\PROGRAM FILES\CONQUERCAM\CONQUERCAM.EXE /tray
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Digimax Viewer 1.0.lnk = C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq...D_v4_Member.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3C200107-2959-4C6E-91B8-F6D911B398A8} (Driver_Detective_v43_Members.DD_v43) - http://www.drivershq...v43_Members.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

#24
loophole

Posted 13 September 2005 - 12:09 AM

Malware Expert

Retired Staff
9,798 posts

Congratulations

your system is clean :tazz:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.

And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

#25
samuelsfamily

Posted 13 September 2005 - 04:41 PM

Member

Topic Starter
Member
20 posts

Thanks again! I already have Ad-Aware,AVG and use Firefox...... they still allowed quite a bit into my computer. Anyway, I will check out the other programs since it seems as though you can't have enough protection.
:tazz:

#26
loophole

Posted 13 September 2005 - 06:45 PM

Malware Expert

Retired Staff
9,798 posts

Good luck to you :tazz:

#27
samuelsfamily

Posted 15 September 2005 - 08:48 PM

Member

Topic Starter
Member
20 posts

CompariShopper is back!!!!!

#28
loophole

Posted 16 September 2005 - 06:51 PM

Malware Expert

Retired Staff
9,798 posts

grrrrr Please Post a new hijack log and the log below

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Thanks

#29
samuelsfamily

Posted 17 September 2005 - 08:45 PM

Member

Topic Starter
Member
20 posts

Here is the uninstall list -

3dfx Tools
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
AVG Free Edition
CAM UnZip 4.0
Chinese (Simplified) Language Support
Data Entry Test 2004 Version 5.0.1
Digimax Viewer 1.0
Display Utility
Drivers (Remove only)
eFax Messenger 3.5
EVEREST Home Edition v1.51
Gateway Multi-function Keyboard
Greetings Workshop
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 1
Jasc Paint Shop Pro 9
LiveUpdate
MGI PhotoSuite III SE (Remove Only)
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Outlook Express 6
Mozilla Firefox (1.0.4)
Panda ActiveScan
Pan-European Language Support
Personal Money Tree
PET
QuickAnswers
Realtek RTL8139 Diagnostics Program
RelevantKnowledge
RTLSetup
Samsung Digimax 201
Select CashBack
Share My Picture
SoundMAX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.4
Turbo Lister
USB PC Camera Plus
Windows AFA Internet Enhancement
Windows Media Player 7.1
WinZip

And the Hijack this -
Logfile of HijackThis v1.99.1
Scan saved at 8:48:19 PM, on 9/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PERSONAL MONEY TREE\PERSONALMONEYTREE.EXE
C:\PROGRAM FILES\EFAX MESSENGER 3.5\J2GDLLCMD.EXE
C:\PROGRAM FILES\EFAX MESSENGER 3.5\J2GTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SAMSUNG\DIGIMAX VIEWER 1.0\DIGIMAXVIEWER.EXE
C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ConquerCam] C:\PROGRAM FILES\CONQUERCAM\CONQUERCAM.EXE /tray
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Digimax Viewer 1.0.lnk = C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq...D_v4_Member.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3C200107-2959-4C6E-91B8-F6D911B398A8} (Driver_Detective_v43_Members.DD_v43) - http://www.drivershq...v43_Members.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

The CompariShopper comes on about every other time I boot my computer. Sorry to bother you, but I am very grateful for your time! :tazz:

#30
loophole

Posted 17 September 2005 - 10:53 PM

Malware Expert

Retired Staff
9,798 posts

Ok lets try this :tazz:

Please uninstall the following (click start >>>control panel >>> add/remove programs)

Select CashBack
RelevantKnowledge

Using windows explorer( right click start, left click explore)
Search for and delete these files and folders
C:\PROGRAM FILES\Select CashBack
C:\PROGRAM FILES\RelevantKnowledge

If the above wont delete in normal mode try in safe mode

Rebooot and tell me if its gone now

Thanks