Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

zepfya

53 Posts

16143

January 5th, 2005 09:00

Hello i really need help cannot stop popups.

I just dont know what to do anymore, i dont want to format cause i just did it a little while ago. I downloaded adaware,spyboy,spywareblaster, other popup stoppers, but the popups wont stop just no matter what i do they wont stop , please can someone tell me whats going on?

jamez kann

2 Intern

 • 

860 Posts

January 5th, 2005 10:00

Hi

click on the link "Essential spyware removal steps and other hijackthis help forums" below run Online anti-virus scans .Update all the programs ie spybot http://www.safer-networking.org/en/howto/update.html ,AND adaware http://www.colby-sawyer.edu/information/technology/updates/ad-awareusage.html and install the vx2 plugin also run cwshredder and the clean up programs mentioned there then repost your log.

zepfya

53 Posts

January 5th, 2005 10:00

This is my log file from hijackthis . I deleted netshare and ouchvideo what am i missing?
 
 
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\pchealth\Service.exe
C:\WINDOWS\system32\NetShare.exe
C:\WINDOWS\pchealth\MSTCS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\dllcache\Remote.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\yyquyu.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\secure.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\xykpsfly\lygssms.exe
C:\WINDOWS\System32\lhqtblcc\kiujdnxd.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\msfcz.exe
C:\docume~1\oleg\locals~1\temp\180ax.exe
C:\PROGRA~1\COMMON~1\AOL\110076~1\EE\AOLHOS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mp4pagnt.exe
C:\PROGRA~1\COMMON~1\AOL\110076~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\oleg\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sfucd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\sfucd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sfucd.dll/sp.html#28129
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100761999\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\secure.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [lygssms] C:\WINDOWS\System32\xykpsfly\lygssms.exe
O4 - HKLM\..\Run: [kiujdnxd] C:\WINDOWS\System32\lhqtblcc\kiujdnxd.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [xFEW3th] msfcz.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [180ax] c:\docume~1\oleg\locals~1\temp\180ax.exe
O4 - HKLM\..\Run: [ozmxyt] C:\WINDOWS\ozmxyt.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide
O4 - HKCU\..\Run: [gox6RjNFi] mp4pagnt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PD - {BB74DE8F-4D62-4D6A-865A-9A2E4C65D9F9} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range:  (HKLM)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104132058421
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CE185270-53A5-11D9-9669-0800200C9A66} - http://www.ouchvideo.com/mmviewer_ic2.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: MSTCS - Unknown - C:\WINDOWS\pchealth\Service.exe /name:"MSTCS" /start:"C:\WINDOWS\pchealth\MSTCS.EXE (file missing)
O23 - Service: NetShare - Unknown - C:\WINDOWS\system32\NetShare.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\system32\dllcache\Remote.exe
O23 - Service: TskHlp - Unknown - C:\WINDOWS\pchealth\taskmgr.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

zepfya

53 Posts

January 6th, 2005 05:00

Hey again thanks for responding i did everything you said but still getting popups =(.
Heres the new log.
 
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
C:\WINDOWS\System32\secure.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\msfcz.exe
C:\PROGRA~1\COMMON~1\AOL\110076~1\EE\AOLHOS~1.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\system32\mp4pagnt.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\yyfgyg.exe
C:\PROGRA~1\COMMON~1\AOL\110076~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\dllcache\Remote.exe
C:\WINDOWS\pchealth\taskmgr.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Mythic\Atlantis\game.dll
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\oleg\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100761999\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\secure.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [xFEW3th] msfcz.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide
O4 - HKCU\..\Run: [gox6RjNFi] mp4pagnt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PD - {BB74DE8F-4D62-4D6A-865A-9A2E4C65D9F9} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104132058421
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: MSTCS - Unknown - C:\WINDOWS\pchealth\Service.exe /name:"MSTCS" /start:"C:\WINDOWS\pchealth\MSTCS.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\system32\dllcache\Remote.exe
O23 - Service: TskHlp - Unknown - C:\WINDOWS\pchealth\taskmgr.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
 

zepfya

53 Posts

January 6th, 2005 08:00

/bump

Midnight Star

4.8K Posts

January 6th, 2005 13:00

zepfya,

This one will take us awhile. I'm looking at it now, so sit tight - i'll be back shortly.

Mike.

Midnight Star

4.8K Posts

January 6th, 2005 13:00

zepfya,

Let's see if we can try and fix this; it might get a little complicated, so, if you have questions at any time, just post back.

First, let start off by looking where no-hijack has looked before:

1.  Downolad Dllcompare, and Killbox to your desktop.

2.  click "Run locate.com".

     When the scan is complete, you will see: Completed the scan, Click Compare to Continue

3. click "Compare".

    In a few minutes it be Completed


4. click "Make a Log of what was Found".

5. Post that back as a reply to this post.

Remember, don't reboot your computer until we're completely done with this fix - this thing is worse than a room full of "replicators" ... :)

Mike.

zepfya

53 Posts

January 6th, 2005 20:00

Hello again thanks for replying here is the log.
 
 
 
 
*    DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
C:\WINDOWS\SYSTEM32\e020la~1.dll   Mon Dec 27 2004   3:12:46p  ..S.R        222,718   217.50 K
C:\WINDOWS\SYSTEM32\fplo03~1.dll   Mon Dec 27 2004   4:01:24p  ..S.R        226,176   220.88 K
C:\WINDOWS\SYSTEM32\fpro03~1.dll   Thu Jan  6 2005   8:59:40a  ..S.R        225,843   220.55 K
C:\WINDOWS\SYSTEM32\irp6l5~1.dll   Thu Jan  6 2005   5:33:06a  ..S.R        222,590   217.37 K
C:\WINDOWS\SYSTEM32\mvr0l9~1.dll   Tue Dec 28 2004   3:35:00a  ..S.R        226,096   220.80 K
________________________________________________
1,214 items found:  1,214 files (5 H/S), 0 directories.
Total of file sizes:  268,892,283 bytes    256.43 M
Administrator Account =  True
--------------------End log---------------------

Midnight Star

4.8K Posts

January 6th, 2005 21:00

Now, let's run  KillBox, then:

-----

1.  check(tick) "Replace on reboot"

2.  enter C:\WINDOWS\SYSTEM32\e020la~1.dll , in "Full Path of File to Delete".

3.  check(tick) "Use Dummy".

4.  click the red-x, just right of where you entered the file to delete.

5.  Confirm that you want to replace the 'bad' file with the 'dummy'.

6.  When prompted to "Reboot Now", select "No".

7. Now repease steps #1 - #6 for the following files:

C:\WINDOWS\SYSTEM32\fplo03~1.dll
C:\WINDOWS\SYSTEM32\fpro03~1.dll
C:\WINDOWS\SYSTEM32\irp6l5~1.dll
C:\WINDOWS\SYSTEM32\mvr0l9~1.dll

C:\Windows\System32\Guard.tmp

After entering the last file, when prompted to "Reboot Now", select "Yes".

-----

You can copy/paste these file name(s) to save on typing.

Now, let's go back and run DLLCompare again, just like we did in the previous post, and post back the results.

Be sure not to reboot your computer while we're working on this, otherwise we'll have a whole new set of program(s) to check for - this thing has a habit of changing the above names on reboot ...

Mike.

zepfya

53 Posts

January 6th, 2005 22:00

Hey again thanks for replying here is the new log.
 
*    DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
C:\WINDOWS\SYSTEM32\e020la~1.dll   Mon Dec 27 2004   3:12:46p  ..S.R        222,718   217.50 K
________________________________________________
1,212 items found:  1,212 files (1 H/S), 0 directories.
Total of file sizes:  267,769,156 bytes    255.36 M
Administrator Account =  True

zepfya

53 Posts

January 6th, 2005 22:00

Hey thanks again. Heres the log file shows no files. Does that mean my popups are fixed or what? lol
 
*    DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
O^E says: "There were no files found :)"
________________________________________________
1,212 items found:  1,212 files, 0 directories.
Total of file sizes:  267,546,494 bytes    255.15 M
Administrator Account =  True

Midnight Star

4.8K Posts

January 6th, 2005 22:00

zepfya,
 
Your more than welcome...
 
-
 
Now, let's run  KillBox again, then:

-----

1.  check(tick) "Replace on reboot"

2.  enter C:\WINDOWS\SYSTEM32\e020la~1.dll , in "Full Path of File to Delete".

3.  check(tick) "Use Dummy".

4.  click the red-x, just right of where you entered the file to delete.

5.  Confirm that you want to replace the 'bad' file with the 'dummy'.

6.  When prompted to "Reboot Now", select "No".

7. Now repease steps #1 - #6 for the following files:

C:\Windows\System32\Guard.tmp

After entering the last file, when prompted to "Reboot Now", select "Yes".

-----

You can copy/paste these file name(s) to save on typing.

Now, let's go back and run DLLCompare again, just like we did in the previous post, and post back the results - remember not to reboot.

Mike.

Midnight Star

4.8K Posts

January 6th, 2005 22:00

zepfya,

We're almost there, just a few more steps to go ...  :)

 
Ok, now we need to fix some of the damage that garbage did to your system and do one more thing:
 
 -

Run Killbox again, but this time just copy/paste the following names, one at a time, in the file name to delete field:

  •  C:\Windows\System32\Guard.tmp
  •  C:\RECYCLER\Desktop.ini

then click the red-x to delete these files.

Download and run VX2Finder, then: 

1.  Click "Restore Policy"

2. Click "User Agent$"

From a command line, run "regedit" then go to the following registry key:

  1.  HKEY_LOCAL_MACHINE
  2. SOFTWARE
  3. Microsoft
  4. Windows NT
  5. CurrentVersion
  6. Winlogon
  7. Notify

Look for an entry that says:

DLLName="c:\\windows..."

It's have a randomly named file where the "..." is. Post back the name of that file and close the registry editor, without changing any of the data.

Let me know when your done with that, and post back a new log - let's see if anything is left.

-
 
Mike.
 

zepfya

53 Posts

January 7th, 2005 00:00

Hello for some reason it wont let me click user agent$

zepfya

53 Posts

January 7th, 2005 00:00

Nevermind i found the file.  C:\windows\system32\fpro0393e.dll

New log.
 

*    DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found :)"
________________________________________________

1,212 items found:  1,212 files, 0 directories.
Total of file sizes:  267,546,494 bytes    255.15 M

Administrator Account =  True

 

zepfya

53 Posts

January 7th, 2005 00:00

Hmm for some reason i cant find or figure out that file you said in the registry sorry.

Was this post helpful?

View All

No Events found!

Top