Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member gummygod's Avatar
    Join Date
    Jul 2005
    Posts
    17
    Points
    0

    Default pop ups w/o internet browser open

    I have been having pop ups just pop up with out a browser open. I forgot to take a screenshot of the popup but it had a small upper bar with a single button; a 'x' to close it. Im running windows XP (on this partition anyways) and have a road runner internet connection thats constantly connected. Im not sure if this is related, but, when i restart windows a window pops up trying to close a program called "ShellIconHiddenWindow" which Im pretty sure shouldnt be running :wink: . Im not sure where the popups come from but heres my log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:40:51 PM, on 8/3/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\IA\command.exe
    C:\WINNT\System32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
    C:\WINNT\System32\CTHELPER.EXE
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINNT\System32\wdfmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ipwins\ipwins.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\System32\ctfmon.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Audible\Bin\adhelper.exe
    C:\Program Files\Norton AntiVirus\NAVCOMUI.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\System32\tetew.exe
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,eyaihpx.exe
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\adhelper.exe
    O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\System32\dmonwv.dll
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\System32\dmonwv.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets...LStreaming.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://eport1.aurora.org/iNotes6W.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ric...GameLoader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\IA\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    Thank you for any help, and this should be my last time needing help because im switching to ubuntu, a linux distro.

  2. #2
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    I take this is the same PC we (Steamwiz) worked on less than 1 month ago (I just locked that topic)

    He cleaned it for you -

    This log has several problems, possible Qoologic, L2M,adaware, trojan.

    Follow all the directions here and post another log. Save the Pandasoft scan log, on things Panda finds and cannot fix. These need to be a NEW scans:

    http://www.help2go.com/component/opt...wtopic/t,9709/

    Thank you for any help, and this should be my last time needing help because im switching to ubuntu, a linux distro
    Don't blame MS or IE for your problems, you probably did it to your self.

    BG

  3. #3
    Member gummygod's Avatar
    Join Date
    Jul 2005
    Posts
    17
    Points
    0

    Default

    sorry about that, i forgot to do this before i went on vacation.
    and thanks steamwiz for helping me last time.

    im running all these scans but it takes forever (what i was fearing when i just posted my log). i hope i can finish this today but well see.

    Don't blame MS or IE for your problems, you probably did it to your self.
    yes, someone caused these problems; either me or someone else who used this computer. but i will be using a spyware-free OS from now on, so the other people using this computer can deal with spyware theirselves. microsoft only has this bad spyware problem because its so popular.



    anyways, ill post the pandasoft and hijack this logs in a day or 2.

  4. #4
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    but i will be using a spyware-free OS from now on,.....
    Please let me know when you find one as I want to invest in it their stock.

    Need to remember that most computer problems are caused by what is setting in front of the screen, i.e. the user

    Not trying to be "smart" here, but the vast majority of problems are created by the user. Granted M$ is full of holes/problems. BUT an up to date OP system, good A/V, firewall and run all things we recommend will go a very long way in protecting you. They have kept me out of trouble for 3 years now.

    BG

  5. #5
    Member gummygod's Avatar
    Join Date
    Jul 2005
    Posts
    17
    Points
    0

    Default

    well that took longer than id hope, and it did not go smoothly.

    panda scan went ok, heres the list of what it couldnt handle:


    Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt
    Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\LocalService\Cookies\system@statcounter[1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o6p452rs.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o6p452rs.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o6p452rs.default\cookies.txt[.target.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[statse.webtrendslive.com/S0014-01-1-17-218931-48461]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.atdmt.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.2o7.net/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.zedo.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[server.iad.liveperson.net/hc/51408128]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.revenue.net/]
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.com.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.ehg-sonycomputer.hitbox.com/]
    Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[.mp3search.ru/]
    Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wp47qycg.ANDREW\cookies.txt[counter.hitslink.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zqxuzwn1.baader\cookies.txt[.com.com/]
    Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31f03b99-70e86701.zip[javainstaller/InstallerApplet.class]
    Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31f05170-63e10add.zip[javainstaller/InstallerApplet.class]
    Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31f05171-704e0106.zip[javainstaller/InstallerApplet.class]
    Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-3e668018.zip[javainstaller/InstallerApplet.class]
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[1].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[3].txt
    Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[10].txt
    Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[1].txt
    Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[3].txt
    Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[5].txt
    Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[6].txt
    Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[8].txt
    Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[9].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@banner[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
    Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Owner\Cookies\owner@btg.btgrab[2].txt
    Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt
    Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Owner\Cookies\owner@cassava[1].txt
    Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Owner\Cookies\owner@cliks[1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[2].txt
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ct.360i[1].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Cookies\owner@did-it[2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
    Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dlm.dlmax[1].txt
    Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Owner\Cookies\owner@errorguard[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[1].txt
    Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Owner\Cookies\owner@kount[2].txt
    Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[1].txt
    Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@rightmedia[2].txt
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@rn11[1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt
    Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@targetsaver[2].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\owner@target[1].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Cookies\owner@webpower[1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[2].txt
    Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.seeq[1].txt
    Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www47.buydomains[1].txt
    Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www48.seeq[1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\Spyware prevention\Process.exe
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[1].txt
    Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\f17208140.exe
    Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\f21575250.exe
    Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\nsb2.tmp\nsProcess.dll
    Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\nsc3.tmp\nsProcess.dll
    Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\tp7543.exe
    Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe
    Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\kzzq\kzzqd\kzzqc.dll
    Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\kzzq\kzzqm.exe
    Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\kzzq\kzzqp.exe
    Adware:Adware/MyBHOSpy Not disinfected C:\Program Files\hijack this\backups\backup-20050710-132818-898.dll
    Adware:Adware/MaxFiles Not disinfected C:\Program Files\ipwins\ipwins.exe
    Adware:Adware/Maxifiles Not disinfected


    sorry i think i may have chopped off part of that last one.

    then when i tried to run housecall, it would never load, even if i left it there for an hr.

    then i got some updates, upgraded to sp2 and installed windows defender: that all went well.

    i ran spybot, it found a bunch of items and it couldnt remove them all so i set to scan on reboot. it still couldnt remove 2 main items with about 20 things under them.

    then adaware went the worst, when i ran it this happened everytime:


    it can run but just for 60 seconds before it restarts and i dont think it could remove anything or another error popped up

    i did another hijack this scan and put it in the dective, it fixed a bunch of things. now i realized i havent had a pop up since i restarted 10 mins ago, that seems good, but heres my new log anyways:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:10:41 PM, on 8/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
    C:\WINNT\system32\CTHELPER.EXE
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINNT\thiselt.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\WINNT\CCZoop05.exe
    C:\WINNT\system32\vp1i4.exe
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\System32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\wdfmgr.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
    C:\Program Files\Audible\Bin\adhelper.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINNT\System32\alg.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    F2 - REG:system.ini: Shell=Explorer.exe,
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,eyaihpx.exe
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Vdrw Class - {8711CF54-E9C5-4DB4-9B9F-7D67393CC771} - C:\WINNT\system32\vf1v62x.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [pop06apelt] C:\WINNT\thiselt.exe
    O4 - HKLM\..\Run: [wGzyM6F48] C:\WINNT\system32\apbzk.exe
    O4 - HKLM\..\Run: [epy9J] "C:\WINNT\system32\l3jdfs.exe"
    O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\CCZoop05.exe
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [yinsx] C:\WINNT\System32\dtcawk.exe reg_run
    O4 - HKCU\..\Run: [kzzq] C:\PROGRA~1\COMMON~1\kzzq\kzzqm.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\adhelper.exe
    O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.mmohsix.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets...LStreaming.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://eport1.aurora.org/iNotes6W.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ric...GameLoader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1154733102390
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
    O18 - Filter: text/html - {D5BA18F2-FF61-465F-831D-A6850B94FC01} - C:\WINNT\system32\vf1v62x.dll
    O20 - AppInit_DLLs: repairs303169590.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe


    well thats everything, thanks for your time and effort i appreciate it.

  6. #6
    Member gummygod's Avatar
    Join Date
    Jul 2005
    Posts
    17
    Points
    0

    Default

    uh, i couldnt help but notice that post is no longer there. i followed the directions but i didnt notice anything different, although surfsidekick is gone, still get popups tho.

  7. #7
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Sorry but I lost the link I was going to use, so I deleted the post. We will do a couple other fixes:

    Please down load this program:

    http://www.atribune.org/content/view/28/

    Please download Look2Me-Destroyer.exe to your desktop.

    Close all windows before continuing.

    Double-click Look2Me-Destroyer.exe to run it.

    Put a check next to Run this program as a task.

    You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK

    When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.

    Once it's done scanning, click the Remove L2M button.

    You will receive a Done Scanning message, click OK.

    When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    Your computer will then shutdown.

    Turn your computer back on.

    Download Qoofix.zip from :- http://www.malwarebytes.org/Qoofix.zip

    Unzip to C:\Qoofix

    Open the C:\Qoofix folder & double click on the file named Qoofix.exe
    select Begin Removal and the removal process will commence

    A reboot may be necessary if an infection is found

    Post the Qoofix results log located in the same folder as the Qoofix.
    Also want to see Look2Me-Destroyer.txt file along with a new HJT log.

    Also let us know if the pop ups still appear.

    BG

  8. #8
    Member gummygod's Avatar
    Join Date
    Jul 2005
    Posts
    17
    Points
    0

    Default

    look2me and Qoofix ran. Qoofix didnt find anything. i dont know about look2me, there was nothing in that big box, but im not sure if it found anything. i seem to still get the occasional pop up 'served by uskyonline' i believe. and i still get a warning telling me it is trying to close 'ShellIconHiddenWindow' when i restart. heres the new hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:34:17 PM, on 8/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
    C:\WINNT\system32\CTHELPER.EXE
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINNT\thiselt.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\WINNT\system32\vp1i4.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    C:\WINNT\System32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Audible\Bin\adhelper.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINNT\System32\msiexec.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Vdrw Class - {8711CF54-E9C5-4DB4-9B9F-7D67393CC771} - C:\WINNT\system32\vf1v62x.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [pop06apelt] C:\WINNT\thiselt.exe
    O4 - HKLM\..\Run: [wGzyM6F48] C:\WINNT\system32\apbzk.exe
    O4 - HKLM\..\Run: [epy9J] "C:\WINNT\system32\l3jdfs.exe"
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Owner\Desktop\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [kzzq] C:\PROGRA~1\COMMON~1\kzzq\kzzqm.exe
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\adhelper.exe
    O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.mmohsix.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets...LStreaming.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://eport1.aurora.org/iNotes6W.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ric...GameLoader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1154733102390
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
    O18 - Filter: text/html - {D5BA18F2-FF61-465F-831D-A6850B94FC01} - C:\WINNT\system32\vf1v62x.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

  9. #9
    Member gummygod's Avatar
    Join Date
    Jul 2005
    Posts
    17
    Points
    0

    Default

    whoops, heres the look2me log:


    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 8/16/2006 6:21:03 PM


    Attempting to delete infected files...

    Making registry repairs.


    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded

  10. #10
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Well the fixes did what I wanted/expected to do.

    Re boot the PC in the safe mode by tapping F8 during start up. Select safe mode.

    Run the HJT program again and check the following files to have HJT fix:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

    R3 - Default URLSearchHook is missing

    O2 - BHO: Vdrw Class - {8711CF54-E9C5-4DB4-9B9F-7D67393CC771} - C:\WINNT\system32\vf1v62x.dll

    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

    O4 - HKLM\..\Run: [pop06apelt] C:\WINNT\thiselt.exe

    O4 - HKLM\..\Run: [wGzyM6F48] C:\WINNT\system32\apbzk.exe

    O4 - HKLM\..\Run: [epy9J] "C:\WINNT\system32\l3jdfs.exe"

    O4 - HKCU\..\Run: [kzzq] C:\PROGRA~1\COMMON~1\kzzq\kzzqm.exe

    O15 - Trusted Zone: *.elitemediagroup.net

    O15 - Trusted Zone: *.media-motor.net

    O15 - Trusted Zone: *.mmohsix.com

    O18 - Filter: text/html - {D5BA18F2-FF61-465F-831D-A6850B94FC01} - C:\WINNT\system32\vf1v62x.dll


    Press the fixed check button. Close the HJT program.

    Still in the safe mode find and delete the following if found:

    C:\WINNT\system32\vf1v62x.dll...file

    C:\WINNT\thiselt.exe...file

    C:\WINNT\system32\apbzk.exe...file

    C:\WINNT\system32\l3jdfs.exe...file

    C:\PROGRA~1\COMMON~1\kzzq...FOLDER
    (Can't given the exact name on the first 6 letters)

    Re boot the PC in the normal mode

    Next :

    Download CCleaner from :-

    http://www.filehippo.com/download_ccleaner/ (click the download tab)

    doubleclick the ccsetup.exe file and install the program...

    At the Cclean setup screen &Install opitions Uncheck the Add Ccleaner Yahoo ! Tool bar unless you want it

    After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Make sure the "windows" tab is selected

    Under "internet explorer" tick...

    Temporary internet files
    Cookies* > see Note below
    History
    Recently typed URL's
    (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
    Delete index.dat files
    Last download location
    Autocomplete form history


    under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

    Other explorer MRU's
    (leave this unticked if you DON'T want to clear lists such as the start\run list)

    under "System"

    Tick ALL these ...


    under "Advanced"

    no need to tick any of these (but you can if you want, and realise what they do)


    Applications tab...

    These will mostly clean out old log files for these applications...

    Clean:- (if you use them)

    Firefox/Mozilla (optional - leave the cookies - see note)
    Opera
    Sun Java
    ZoneAlarm

    ...
    Personally I clean everything in the applications tab... but you tick what you want...

    Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your passward when you next visit that site) ... click options > cookies > then keep the cookies you want.

    click "analyse" if you want to see a list of what is going to be removed, before it is removed.

    Or

    click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

    "This process will permanently delete files from your system. Are you sure you wish to proceed?"

    click OK.

    Next:

    Download and install the trial version of Ewido Anti-Spyware here……

    www.ewido.net/en/download

    The program should launch automatically after installation. If not then double-click the desktop icon.

    Deactivate the Resident Shield
    > Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
    > To do this, click "Change State" to the right of the Resident Shield option in the main window.
    > You will clearly see the status change to Inactive if you have done this correctly.

    Update Ewido's Definitions
    > Ewido automatically updates the spyware definitions if you are connected to the net during installation.
    > As a precaution, click the "Update" icon from the main menu.
    > Then click the "Start Update" button.
    > When you receive the "Update successful" prompt, close Ewido.

    -->>Note: If you have any problems with the updater you can update Ewido manually here:

    http://download.ewido.net/ewido-signatures-current.exe


    Reboot into Safe Mode.

    Scanning with Ewido
    > Open Ewido Anti-Spyware and click the "Scanner" icon from the main menu.
    > Click "Complete System Scan" to start scanning.
    > When scanning completes, click "Recommended action" beneath the results window and select Quarantine.
    > Then click the "Apply all actions" button to quarantine everything detected.
    > Then click Save report > Save report as and save the Report-Scan.txt to your desktop.

    Post the results of the Report-Scan.txt in your next post here along with a New HJT log.

    BG

Page 1 of 2 12 LastLast