Referring to http://www.2-spyware.com for advice on files to determine if they are spyware or not is very inaccurate. This site is quite possibly the most incorrect site I have seen on the internet to date. I'm not barking at you, not am I biting, but I'm just saying that you might consider using another website for your referrals.
PoohB,
You have some very nasty items installed on your computer. To be specific, About:Blank. I have yet to be trained on removing this, so I suggest that you post your log in a forum that specializes in removal of spyware. SpywareInfo Forums is where I am being trained now, and they provide very precise, and easy to follow instructions for removing this spyware - http://forums.spywareinfo.com/ - Register a name, and post in the first forum on the list. It will be entitled "Malware Removal". Someone should respond with a resolution within a few hours. If not, send me a PM at the SpywareInfo forum and I will send someone to your rescue. My screen name on SWI is "DemoniK".
Sorry about that previous post. I wasn't even done and I accidentally submitted the message. I wanted to re-write it but when its 12 at night I just fell asleep.
Please ignore the post. My apologizes for the jibberish.
Not sure of the situation at SWI, but believe that most of the anti-malware forums have stopped PM's for new posters (because of abuse) until they have passed the new member stage.
Post the link here as a reply, that will generate an auto email.
Good idea bro. I didn't even know they stopped PM's. I had seen a few people in BC say something about having the user send them a PM if their post wasn't responded to... I don't know. Maybe they did, maybe they didn't. I'll have to check on that.
Pooh-B...
Just incase you didn't catch what Chris said right off (I had trouble, but I'm still waking up), what he meant was to copy the link to your post in SWI, then paste it here. That will send me an email telling me that you've made a new post in this thread. From there, I'll subscribe to it at SWI.
Machado...
Welcome to the club man... I got to bed at 3am Central time. I figured that when I became so tired that I forgot how to spell "again", I better kill the day. lol. No apologizes needed. Everyone makes mistakes.
If you would like to try something here before going to another forum, here is an option for you.
One of the problems you have is the sp.html version of about:blank.
The fix I have proposed below is based on a post by ChrisRLG and is texruss's first suggested fix to try for this problem. I have added the adaware scan to their original instructions. It has some possibility of success because of modifications to cwshredder and adaware since the original release of sp.html.
Download and install them, do not scan with them yet.
You can get cwshredder here:
http://www.majorgeeks.com/download4086.html
http://www.subratam.org/?page=removal
Here is a set of download and setup instructions for adaware I copied from a recent post by a security expert on another site:
If you do not have Adaware already installed and updated (version 6.181, reference file #01R335 04.08.2004 or higher, please do that now but don't scan yet as we will do that in safe mode.
Download Adaware (get the free edition)
(choose download from the lefthand menu)
After download and installing first, please update the program. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen. You should now see Reference File # : 01R335 04.08.2004 or higher listed.
In Ad-aware click the Gear Icon at the top of the screen.
The following items should be on a green check, not on a red X.
Under the Scanning button:
Scan within archives
Under Memory & Registry, Check EVERYTHING
In Check Drives & Folders, make sure all of your hard drives are selected
Under the Advanced button, check ALL under Log detail level (this makes it easier for visitors to the Lavasoft Support Forums to see what options you have selected should you require assistance.)
Under the Tweak button...
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.
In Scanning Engine:
Unload recognized processes during scanning
Include info about ignored objects in logfile, if detected in scan
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Include used command line parameters in logfile
In Cleaning Engine:
XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot
UNCHECK: Automatically try to unregister objects prior to deletion
O2 - BHO: (no name) - {F351A592-FA2A-46DB-BF1A-7C503A91DC54} - C:\WINDOWS\System32\ecophaa.dll
Then delete the dll file:
C:\WINDOWS\System32\ecophaa.dll
It may be
necessary to show hidden files and folders to see the file.
[ How to do it: http://www.xtra.co.nz/help/0,,4155-1916458,00.html ]
We then want to clear your temporary file locations. If you are storing any programs or information, that you know is good and you want to keep, in these locations; please move it to a different archive location before proceeding with the following steps:
Browse to the C:\documents and settings\\User Name (repeat for all users)\local settings\temp folder and delete all files and folders in it. Then browse to the C:\Windows\Temp folder and delete all files in it. Then in internet explorer click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.
Then reboot into normal mode.
Scan with Adaware and let it remove any bad files found.
MACHADO458
167 Posts
0
August 12th, 2004 02:00
I found these 3 files running at bootup that looks suspicious.
qcache.exe
imjpmig.exe Info found at the site -> http://www.2-spyware.com/file-imjpmig-exe.html
lxamsp32.exe
DemoniK
121 Posts
0
August 12th, 2004 04:00
Machado,
Referring to http://www.2-spyware.com for advice on files to determine if they are spyware or not is very inaccurate. This site is quite possibly the most incorrect site I have seen on the internet to date.
I'm not barking at you, not am I biting, but I'm just saying that you might consider using another website for your referrals.
PoohB,
You have some very nasty items installed on your computer. To be specific, About:Blank.
I have yet to be trained on removing this, so I suggest that you post your log in a forum that specializes in removal of spyware. SpywareInfo Forums is where I am being trained now, and they provide very precise, and easy to follow instructions for removing this spyware - http://forums.spywareinfo.com/ - Register a name, and post in the first forum on the list. It will be entitled "Malware Removal". Someone should respond with a resolution within a few hours. If not, send me a PM at the SpywareInfo forum and I will send someone to your rescue. My screen name on SWI is "DemoniK".
Jason
Message Edited by DemoniK on 08-12-2004 12:35 AM
MACHADO458
167 Posts
0
August 12th, 2004 09:00
Sorry about that previous post. I wasn't even done and I accidentally submitted the message. I wanted to re-write it but when its 12 at night I just fell asleep.
Please ignore the post. My apologizes for the jibberish.
ChrisRLG
3.9K Posts
0
August 12th, 2004 11:00
DemoniK
Not sure of the situation at SWI, but believe that most of the anti-malware forums have stopped PM's for new posters (because of abuse) until they have passed the new member stage.
Post the link here as a reply, that will generate an auto email.
DemoniK
121 Posts
0
August 12th, 2004 11:00
Chris...
Good idea bro. I didn't even know they stopped PM's. I had seen a few people in BC say something about having the user send them a PM if their post wasn't responded to... I don't know. Maybe they did, maybe they didn't. I'll have to check on that.
Pooh-B...
Just incase you didn't catch what Chris said right off (I had trouble, but I'm still waking up), what he meant was to copy the link to your post in SWI, then paste it here. That will send me an email telling me that you've made a new post in this thread. From there, I'll subscribe to it at SWI.
Machado...
Welcome to the club man... I got to bed at 3am Central time. I figured that when I became so tired that I forgot how to spell "again", I better kill the day. lol.
No apologizes needed. Everyone makes mistakes. 
Jason
cghost
302 Posts
0
August 12th, 2004 14:00
Hi.
If you would like to try something here before going to another forum, here is an option for you.
One of the problems you have is the sp.html version of about:blank.
The fix I have proposed below is based on a post by ChrisRLG and is texruss's first suggested fix to try for this problem. I have added the adaware scan to their original instructions. It has some possibility of success because of modifications to cwshredder and adaware since the original release of sp.html.
http://forums.us.dell.com/supportforums/board/message?board.id=si_virus&message.id=17212
Please get cwshredder and adaware.
Download and install them, do not scan with them yet.You can get cwshredder here:
http://www.majorgeeks.com/download4086.html
http://www.subratam.org/?page=removalHere is a set of download and setup instructions for adaware I copied from a recent post by a security expert on another site:
If you do not have Adaware already installed and updated (version 6.181, reference file #01R335 04.08.2004 or higher, please do that now but don't scan yet as we will do that in safe mode.
Download Adaware (get the free edition)
(choose download from the lefthand menu)
After download and installing first, please update the program. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen. You should now see Reference File # : 01R335 04.08.2004 or higher listed.
In Ad-aware click the Gear Icon at the top of the screen.
The following items should be on a green check, not on a red X.
Under the Scanning button:
Scan within archives
Under Memory & Registry, Check EVERYTHING
In Check Drives & Folders, make sure all of your hard drives are selected
Under the Advanced button, check ALL under Log detail level (this makes it easier for visitors to the Lavasoft Support Forums to see what options you have selected should you require assistance.)
Under the Tweak button...
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.
In Scanning Engine:
Unload recognized processes during scanning
Include info about ignored objects in logfile, if detected in scan
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Include used command line parameters in logfile
In Cleaning Engine:
XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot
UNCHECK: Automatically try to unregister objects prior to deletion
Click Proceed to save these settings.
Now we will start fix activities.
Please close all but one browser window.
Go to Pandasoft and run their online virus scan.
{ http://www.pandasoftware.es/activescan/activescan-com.asp }After you run the online virus scan, please reboot into safe mode to run cwshredder.
[ How to do it: http://www.computerhope.com/issues/chsafe.htm ]
After you have run cwshredder:
Still in safe mode, Run HijackThis, tick to fix any of the following that show up:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Mark\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Mark\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Joy\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Joy\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Mark\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Joy\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {F351A592-FA2A-46DB-BF1A-7C503A91DC54} - C:\WINDOWS\System32\ecophaa.dll
Then delete the dll file:
C:\WINDOWS\System32\ecophaa.dll
It may be
necessary to show hidden files and folders to see the file.[ How to do it: http://www.xtra.co.nz/help/0,,4155-1916458,00.html ]
We then want to clear your temporary file locations. If you are storing any programs or information, that you know is good and you want to keep, in these locations; please move it to a different archive location before proceeding with the following steps:
Browse to the C:\documents and settings\\User Name (repeat for all users)\local settings\temp folder and delete all files and folders in it.
Then browse to the C:\Windows\Temp folder and delete all files in it.
Then in internet explorer click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.
Then reboot into normal mode.
Scan with Adaware and let it remove any bad files found.
Reboot again in normal mode and post a new log.
Regards.
cg
cghost
302 Posts
0
August 12th, 2004 16:00
The adaware setting information I gave above is probably out of date.
Here is setting information for the adaware se version.
http://forums.spywareinfo.com/index.php?showtopic=11150