Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Mess of Problems

Started by dtunseen15 , Oct 26 2005 11:13 PM

Please log in to reply

#1
dtunseen15

Posted 26 October 2005 - 11:13 PM

New Member

Member
7 posts

My computer hasn't been acting right for months now but I've always decided not to do anything about it because it didn't prohibit my usage at all. But just recently it's gotten to the point where I can hardly run a program, let alone two at a time (at this moment I can only use Mozilla since it is up, I can't even click on anything on the bottom toolbar). I know there are at least a few different problems with my computer, as I have ran Ad-aware and Panda. Some include: Internet Optimizer, pokapoka78.exe, as well as others. I don't know much and for all I know they could all be connected.

Please help me get my computer back to normal.

I will post the HijackThis log in a moment after I restart my computer because I cannot access it right now.

#2
dtunseen15

Posted 26 October 2005 - 11:19 PM

New Member

Topic Starter
Member
7 posts

Logfile of HijackThis v1.99.1
Scan saved at 9:56:26 PM, on 10/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\o2a8yq59\o2a8yq59.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\etb\pokapoka78.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matt Ojala\Desktop\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aaawebfinder.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-0000-4895-8B5B-DB3397582705} - C:\Program Files\o2a8yq59\o2a8yq59.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Sound32] SndMon16.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [vBoORp] C:\WINDOWS\wqdaffh.exe
O4 - HKLM\..\Run: [vBoÈU5ºÃd+ú»o8üžõgFC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wqdaffh.exe
O4 - HKLM\..\Run: [Edkuiv] C:\Documents and Settings\Matt Ojala\Desktop\Vvizb.exe
O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aÆ+À¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wqdaffh.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitennt32.exe
O4 - HKLM\..\Run: [hO9NFx0Lc] C:\WINDOWS\crxib.exe
O4 - HKLM\..\Run: [h$vùõš/‚²‘ÆßfÏNb‰»C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\crxib.exe
O4 - HKLM\..\Run: [o2a8yq59] C:\Program Files\o2a8yq59\o2a8yq59.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\RunServices: [Windows Sound32] SndMon16.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Windows Sound32] SndMon16.exe
O4 - HKCU\..\Run: [kkff] C:\PROGRA~1\COMMON~1\kkff\kkffm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/o...e/bin/setup.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.co...base/mophun.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#3
rambro

Posted 30 October 2005 - 08:56 AM

Member 1K

Member
1,383 posts

Dear dtunseen15, :tazz:

Welcome to the Geeks to Go forums.

We are currently studying your log.

*************************************

Dear dtunseen15, can you please tell me what antivirus software you are using on your computer, for example (Norton Antivirus, McAfee Antivirus, or AVG Antivirus, etc.)?

If you do have antivirus software, can you tell me if the subscription on this software has expired?
************************************

You are currently running HijackThis from your desktop. Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted. Go to "My Computer", click on c:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or "HijackThis" and then please move the "HijackThis.exe" executable there.

Restart your computer and post a new HijackThis log.

#4
dtunseen15

Posted 30 October 2005 - 07:20 PM

New Member

Topic Starter
Member
7 posts

I do not run any anti-virus program. My cousin told me I didn't need one because I'm behind a router. He said I could just use the Panda one on their site.

#5
rambro

Posted 30 October 2005 - 08:18 PM

Member 1K

Member
1,383 posts

Dear dtunseen15, :tazz:

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

Please do the following:

You are currently running HijackThis from your desktop. Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted. Go to "My Computer", click on c:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or "HijackThis" and then please move the "HijackThis.exe" executable there.
***********************

Dear dtunseen15, you definitely need an antivirus software program on your computer. I will provide you will a few links to free antivirus software programs you can download and run.

I notice that you do not seem to be running antivirus software. AVG makes an excellent free antivirus client, as do AntiVir or avast!. I suggest you install and run one of these anitivirus software programs.

I want you, to install one of these free antivirus programs and run a scan on your computer system and clean anything it finds.
**********************

Dear dtunseen15, you have a great deal of malware on your computer, so lets try to work together to get rid of this malware. In other words, I would take the problems that you are having with your computer seriously. Thank you for your cooperation.

Restart your computer and post a new HijackThis log.

#6
dtunseen15

Posted 31 October 2005 - 12:42 AM

New Member

Topic Starter
Member
7 posts

Ok, I installed and ran AVG.

Here is a new logfile

Logfile of HijackThis v1.99.1
Scan saved at 10:39:23 PM, on 10/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\o2a8yq59\o2a8yq59.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\o2a8yq59\88992572.exe
C:\Program Files\o2a8yq59\o2a8yq59.exe
C:\Documents and Settings\Matt Ojala\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aaawebfinder.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-0000-4A19-AB9F-8275B6EED9D3} - C:\Program Files\o2a8yq59\o2a8yq59.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Sound32] SndMon16.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [vBoORp] C:\WINDOWS\wqdaffh.exe
O4 - HKLM\..\Run: [vBoÈU5ºÃd+ú»o8üžõgFC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wqdaffh.exe
O4 - HKLM\..\Run: [Edkuiv] C:\Documents and Settings\Matt Ojala\Desktop\Vvizb.exe
O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aÆ+À¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wqdaffh.exe
O4 - HKLM\..\Run: [hO9NFx0Lc] C:\WINDOWS\crxib.exe
O4 - HKLM\..\Run: [h$vùõš/‚²‘ÆßfÏNb‰»C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\crxib.exe
O4 - HKLM\..\Run: [o2a8yq59] C:\Program Files\o2a8yq59\o2a8yq59.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitennt32.exe
O4 - HKLM\..\RunServices: [Windows Sound32] SndMon16.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Windows Sound32] SndMon16.exe
O4 - HKCU\..\Run: [kkff] C:\PROGRA~1\COMMON~1\kkff\kkffm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/o...e/bin/setup.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.co...base/mophun.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#7
rambro

Posted 31 October 2005 - 07:49 AM

Member 1K

Member
1,383 posts

Dear dtunseen15, :tazz:

You are currently running HijackThis from your desktop. Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted. Go to "My Computer", click on c:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or "HijackThis" and then please move the "HijackThis.exe" executable there.
***********************

Please do a search (i.e using the Windows XP's Search Feature) on your computer for this file: SndMon16.exe. If you find this file please give me the "directory path/location" of this file.

See the following link as a reference: http://www.cyberwalk.../find-file.html.
***********************

Submit the file "SndMon16.exe" for an online scan at: http://virusscan.jotti.org/. Post the results of the scan in a reply to this post.

Double-click on My Computer and locate the file "SndMon16.exe". Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Company", "File Version", "Internal Name", "Language", "Original File name", "Product Name", and "Product Version", and please post whatever the text in the box immediately to the right says for each, in a reply to this post. Also on the "Version" tab, post back to me, what it says for "File Version", "Description" and "Copyright".

Please post the jotti online scan for the "SndMon16.exe" file, along with the "properties" of the "SndMon16.exe" file.

In addition, let me know in detail if you could find the file, SndMon16.exe on your computer. If you can find this file give me the "directory path/location" for this file.

Edited by rambro, 02 November 2005 - 02:38 AM.

#8
dtunseen15

Posted 02 November 2005 - 12:15 AM

New Member

Topic Starter
Member
7 posts

It didnt find anything when I searched for it, what should I do?

#9
rambro

Posted 02 November 2005 - 02:36 AM

Member 1K

Member
1,383 posts

Dear dtunseen15,

Make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Then do the last post.

#10
dtunseen15

Posted 02 November 2005 - 06:59 PM

New Member

Topic Starter
Member
7 posts

Man...this is frustrating...

I made all the changes you just mentioned and the search came up with nothing.

I don't know want to do.

Also, I think SndMon could mean sound monitor, but Im not sure.

#11
rambro

Posted 02 November 2005 - 07:21 PM

Member 1K

Member
1,383 posts

Dear dtunseen15, :tazz:

Ok, dtunseen15, don't worry about it, I want to get moving on your log.

A discussion before my next post

This next post is an important/critical one and a long one. Read through the next post a couple of times. Go through each of the steps in the next post.The next post is based on your first log, that is, before you downloaded and ran the antivirus software that I suggested (Good job by the way). If you can't find some of the "files" that I want you to delete don't worry to much about it, but make an effort to find these files. Again, try to take the initiative in carrying out the steps in the next post.

rambro

#12
rambro

Posted 02 November 2005 - 07:42 PM

Member 1K

Member
1,383 posts

Dear dtunseen15, :tazz:

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Your computer is infected with the Adware.Istbar, which is adware.

Adware.Istbar is an adware component, which does one or more of the following:

Installs an Internet Explorer toolbar
Acts as a Home page and search hijacker

This risk is often distributed with Adware.SideFind and Trojan.ISTsvc.

Please download and run the Symantec removal tool for the Adware.Istbar adware at the following link: http://securityrespo...are.istbar.html

Please restart your computer.
******************************

Please download LQfix.exe from one of the following locations:

http://www.downloads...m.org/LQfix.exe
http://miekiemoes.ge...tools/LQfix.exe

Save it to your desktop.

Double-Click LQfix.exe and click Next > Next > Install.
Leave the default settings, if you change them, the fix will Fail!
You need an active Internet connection, so make sure your connection is enabled.
Now make sure the "Launch LQfix" box is checked.
Click the Finish button, after clicking the Finish button the fix will start.
Follow the on-screen prompts.
Your system will reboot afterwards.
Please be patient after the reboot, there is a script running in the background that needs to complete.

*******************************

Your computer may have a CoolWebSearch Infection.
Please Download CoolWebShredder, Extract it and run the Program. Press the "Fix Button" Let it fix all variants.

Please restart your computer.
****************************

Please download and run a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe. Please restart your computer.

Please run the Housecall online virus scan located at: http://housecall.tre.../start_corp.asp. Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. When the scan is finished, please restart your computer.

Then please run the Panda scan here: http://www.pandasoft...n_principal.htm. Delete any viruses found, and restart your computer.
*******************************

Download, install, update, configure and run a scan with Ad-Aware SE at the following link: http://rstones12.gee...areSE_setup.htm

Restart your computer.
*************************

Dear dtunseen15, I would like you to add-on VX2 Cleaner to your Adware SE application. Here is how to do this:

How to use Lavasoft’s VX2 Cleaner add-on

Close Ad-Aware and Ad-Watch (if running)
Download the free VX2 Cleaner here
Install the VX2 Cleaner
Start Ad-Aware
Go to "Add-ons"
Select the VX2 Cleaner add-on and click "Run Tool"
If your computer isn’t infected, click "Close".

If your computer is infected

Select "Clean System"
Reboot your computer
Scan your computer with Ad-Aware
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer

See the following link: http://www.lavasoft....x2cleaner.shtml

Please restart your computer.
*******************************

Next, please download and run Spybot Search and Destroy 1.4 Here is a link to download Spybot S & R 1.4.
Here is a link on how to use How to use Spybot S & D.

Please reboot your computer.
***************************

Click Start then Control Panel then Add and Remove Programs. Look for the following installed program/programs and if they are listed click on each one and then click on the Remove or Change button and if asked select "Yes" or "Ok" to remove:

Elite Toolbar and/or EliteBar
ISTbar
POP! (Note: See the following link: http://www.pchell.co...pleonpage.shtml )

Optional programs you can uninstall, through the Add/Remove program:

WildTangent is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs , AIM and P2P. It collects personal information from customers when they buy one of their products (such as name, contact information and payment and billing information and system information) and sends that info back to wildtangent. Most security experts regard this as spyware. If you installed this and want to keep be aware of this. If you didn’t install this software remove it through add/remove programs.

Uninstall the following program/programs through Add/Remove programs:

WildTangent
****************

(Note: Their is a Symantec removal tool for the "Adware.NetOptimizer" adware at the following link: http://sarc.com/avce...toptimizer.html )

Internet Optimizer is advertised as software to improve internet connections, it hogs system resources and may hijack error pages.

Uninstall the following program/programs through Add/Remove programs:

Internet Optimizer

Please restart your computer.
*****************************

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aaawebfinder.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {00000000-0000-4895-8B5B-DB3397582705} - C:\Program Files\o2a8yq59\o2a8yq59.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll

O4 - HKLM\..\Run: [Windows Sound32] SndMon16.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" (POP! - see the following link: http://www.pchell.co...leonpage.shtml)
O4 - HKLM\..\Run: [vBoORp] C:\WINDOWS\wqdaffh.exe
O4 - HKLM\..\Run: [vBoÈU5ºÃd+ú»o8üžõgFC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wqdaffh.exe
O4 - HKLM\..\Run: [Edkuiv] C:\Documents and Settings\Matt Ojala\Desktop\Vvizb.exe
O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aÆ+À¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wqdaffh.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitennt32.exe
O4 - HKLM\..\Run: [hO9NFx0Lc] C:\WINDOWS\crxib.exe
O4 - HKLM\..\Run: [h$vùõš/‚²‘ÆßfÏNb‰»C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\crxib.exe
O4 - HKLM\..\Run: [o2a8yq59] C:\Program Files\o2a8yq59\o2a8yq59.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\RunServices: [Windows Sound32] SndMon16.exe
O4 - HKCU\..\Run: [Windows Sound32] SndMon16.exe
O4 - HKCU\..\Run: [kkff] C:\PROGRA~1\COMMON~1\kkff\kkffm.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab

Optional Fixes

I highly recommend you to fix these items:

If you choose to remove WildTangent, put a check next to the following entry as well:

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

If you choose to remove Internet Optimizer, put a check next to the following entry as well:

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Please reboot your computer into Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site: http://www.pchell.co.../safemode.shtml

Next, make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Delete the following file/files marked in blue (if they exist):

C:\WINDOWS\wsem303.dll
C:\WINDOWS\wqdaffh.exe
C:\Documents and Settings\Matt Ojala\Desktop\Vvizb.exe
C:\windows\system32\elitennt32.exe
C:\WINDOWS\crxib.exe
C:\windows\system32\SndMon16.exe

Delete the following folder/folders marked in blue (if they exist):

C:\Program Files\o2a8yq59
C:\WINDOWS\etb
C:\Program Files\o2a8yq59
C:\Program Files\AutoUpdate
C:\Program Files\ISTsvc

Optional folder/folders marked in blue to be deleted (if they exist):

If you uninstalled WildTangent you need to remove the next folder also:

C:\Program Files\WildTangent

If you uninstalled Internet Optimizer you need to remove the next folder also:

C:\Program Files\Internet Optimizer

Finally, clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Restart your computer in normal mode, and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps.

Edited by rambro, 02 November 2005 - 07:51 PM.