Hi kcbach57, Welcome to Dell Forum, If you are still looking for help please follow these directions.
1) This item does not identify, as such we call them random named trojans. If you do not know what it is we will remove it. If you do pass over it and make me aware of what it is.
C:\Program Files\Ioile\Zkyqk.exe
2) Look in Add Remove programs and if this item is there, uninstall it:
Internet Optimizer
I suggest you look at all of your programs, if you see anything you did not put there, uninstall it also.
3) Open Task Manager then under the Processes Tab highlite and end process on these two items:
C:\Program Files\Ioile\Zkyqk.exe C:\Program Files\Internet Optimizer\optimize.exe
4) Download CCleaner from this link:
http://www.ccleaner.com/ Take the time to review the instructions on the download page so that when I ask you to run it you will know what you are doing.
5) Open Hijack this and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Dfwwlrz] C:\Program Files\Ioile\Zkyqk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
Close all programs but HJT and all browser windows, then click on "Fix Checked"
SHOW HIDDEN FILES: Follow the instructions in the link to enable hidden files for your operating system.
You may wish to reverse this process if you have any concern about anyone getting into these hidden system files.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\Program Files\
Ioile\ >>> folder
C:\Program Files\
Internet Optimizer\ >>> folder
We removed a nasty trojan, let's make sure none are hiding, run this free online scan, scan the whole system and set it to clean or fix anything it locates. Let me know what it finds and the exact name and location of anything it locates but can't remove. You may be asked to install an ActiveX, please do so as this program is safe and it can not run without it.
http://www.windowsecurity.com/trojanscan/
Run CCleaner then restart the computer and post a new log in this same thread along with any feedback you have. Let us know how you are running.
Here is my new log...thanks for your help...I hope everything worked.
You wouldn't happen to know if this would have anything to do with musicmatch not working? For some reason I can't listen to the radio or downloads anymore. Its really strange.
Logfile of HijackThis v1.99.1
Scan saved at 8:14:45 AM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Hello kcbach57, Where's my feedback about this? "Let us know how you are running"
I can see no reason this would be so? Have you thought about removing MM and using the Windows Media Player?
http://www.microsoft.com/windows/windowsmedia/default.aspx You could also uninstall MM and reinstall it to see if something is corrupt, check it for updates, sometimes if they are not kept current the software does not work right? I do not us MM so I can not advise you much.
I will have a couple of other optional suggests once I have reviewed this new log.
You have Yahoo search junk that you did not have before, have you downloaded this? I suggest you remove it.
http://www.dell4me.com/myway if you are not using Dell4me as your Homepage, you may check and remove any of those, just clutter put there by Dell to show you ads. I know, I have two Dell's...lol
You have CCleaner on AUTO: O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO and it is using reources each time you boot. This is your option, it can be run manually when you feel you need it.
I see a lot of stuff that is part of MM I just have little experience with it. If you decide to keep it, you may want to remove all of it and download it fresh. This is your call.
Now, let's look at the log. Your log is clean and I will provide you with information below to help you stay that way.
This process I am doing now is optional and has nothing to do with malware. If you wish to proceed then do so like this:
1) Look in Add Remove programs and if
Viewpoint is there, uninstall it.
2) Open Hijack this and choose "Do a system scan only" then check the box in front of these line items:
Thanks for all your help...I did everything you mentioned and seem to be running much faster...until another day, lol. I will look into the links you provided on pc protection, etc., I really appreciate everything.
pskelley
933 Posts
0
April 20th, 2005 23:00
I suggest you look at all of your programs, if you see anything you did not put there, uninstall it also.
C:\Program Files\Ioile\Zkyqk.exe
C:\Program Files\Internet Optimizer\optimize.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Dfwwlrz] C:\Program Files\Ioile\Zkyqk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
You may wish to reverse this process if you have any concern about anyone getting into these hidden system files.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
http://www.windowsecurity.com/trojanscan/
When you are completely finished with the removal procedure and are satisfied that the threat has been removed follow these instruction:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
Message Edited by pskelley on 04-20-2005 08:59 PM
kcbach57
4 Posts
0
April 21st, 2005 12:00
Scan saved at 8:14:45 AM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.0.4.65\InstallStub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.0.4.65\InstallStub.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SkorburgCompany.local
O17 - HKLM\Software\..\Telephony: DomainName = SkorburgCompany.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SkorburgCompany.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SkorburgCompany.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
pskelley
933 Posts
0
April 21st, 2005 13:00
http://www.microsoft.com/windows/windowsmedia/default.aspx You could also uninstall MM and reinstall it to see if something is corrupt, check it for updates, sometimes if they are not kept current the software does not work right? I do not us MM so I can not advise you much.
I will have a couple of other optional suggests once I have reviewed this new log.
http://www.kephyr.com/spywarescanner/library/viewpointmediaplayer/index.phtml
http://computercops.biz/startuplist-4102.html
http://forums.net-integration.net/index.php?showtopic=13470
I suggest you remove this junk.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
http://forums.net-integration.net/index.php?showtopic=3051
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
Message Edited by pskelley on 04-21-2005 11:01 AM
kcbach57
4 Posts
0
April 21st, 2005 14:00