MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Please - I still need help.
December 14, 2019, 11:48:11 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 14, 2019, 11:48:11 AM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Please - I still need help.  (Read 1095 times)
LeighRae
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« on: October 04, 2005, 10:58:00 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: XP Home
Problem Application Name & Version:  All browers: IE, Firefox, Maxthon
Problem Hardware Make & Model:
Error Messages:



I have been trying for a looong time to get rid of these web page ad popups.  It happens every few minutes and is driving me nuts.  I may have done more damage trying to get rid of them but nothing has worked so far.  I have Spybot S&D, Adaware SE Plus, Ewido and have run them all.  I am posting my newest Hijackthis log along with the Ewido report that I got a few days ago.  The Hijackthis is being run as I type this.  The file under #20 changes it's name all the time.  I've tried to get rid of it with VundoFix in safe mode, but it tells me that I have missing files for Vundo.  I've redownloaded VundoFix and tried again, but it doesn't work so far.
Thank you for any help you can give me.  I'm at the point where I'm thinking about reformating but I would lose a lot of important (to me) info and all.  Anyway, here are the logs.

Logfile of HijackThis v1.99.1
Scan saved at 4:51:39 PM, on 10/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Documents and Settings\Action Customer\Desktop\modules.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Pop-Up Stopper Anti-Spyware Toolbar - {E4CAA75E-9B5F-45EB-8E4E-8B743B44F171} - C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PWITB.DLL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [os9k3nP] ipmkpart.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\npukva.exe reg_run
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AutoLoaderoFqK1bSKVIaO] "C:\WINDOWS\system32\stcni11.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Pop-Up_Stopper_Anti-Spyware] C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PUSAS.EXE
O4 - HKCU\..\Run: [ZBqqRhjEO] srvxt.exe
O4 - HKCU\..\Run: [Subliminal Power] C:\Program Files\Subliminal Power\Subliminal.exe /s
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [Radio365 Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.pandasoftware.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4592/mcfscan.cab
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\d00mlad11d0.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pop-Up Stopper Anti-Spyware Service (PWISVC) - Panicware, Inc. - C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PWISVC.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         2:31:59 PM, 10/2/2005
 + Report-Checksum:      7DE1897

 + Scan result:

   HKLM\SOFTWARE\Classes\AtBHO.AtBHOObj\CLSID\\ -> Spyware.Atomica : Cleaned with backup
   HKLM\SOFTWARE\Classes\AtBHO.AtBHOObj.1\CLSID\\ -> Spyware.Atomica : Cleaned with backup
   HKLM\SOFTWARE\GIANTCompany\AntiSpyware\CleanerExe\DelRegValues\\1 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks -> Spyware.HuntBar : Cleaned with backup
   HKLM\SOFTWARE\GIANTCompany\AntiSpyware\CleanerExe\DelRegValues\\2 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks -> Spyware.HuntBar : Cleaned with backup
   HKLM\SOFTWARE\GIANTCompany\AntiSpyware\CleanerExe\DelRegValues\\4 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks -> Spyware.HuntBar : Cleaned with backup
   HKLM\SOFTWARE\GIANTCompany\AntiSpyware\CleanerExe\DelRegValues\\5 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks -> Spyware.HuntBar : Cleaned with backup
   HKLM\SOFTWARE\GIANTCompany\AntiSpyware\CleanerExe\DelRegValues\\7 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser -> Spyware.Hijacker.Generic : Cleaned with backup
   HKU\S-1-5-21-3848448594-2915903831-1203752577-1005\Software\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
   HKU\S-1-5-21-3848448594-2915903831-1203752577-1005_Classes\CLSID\\ -> Spyware.AproposMedia : Error during cleaning
   C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\Quarantine\Quarantine - 09-25-2005 - 12-37-08.SBU/{7D275675-F060-4984-8685-305A3127C678} -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\dbconfig.dll -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\dGdim.dll -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\hr0s05d7e.dll -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\i4jq0e15eh.dll -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ir4ml5h11.dll -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\m4280efueh280.dll -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\tZpiui.dll -> Spyware.Look2Me : Cleaned with backup


::Report End
« Last Edit: October 06, 2005, 07:39:47 PM by LeighRae » Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: October 05, 2005, 01:23:22 AM »

Please download QooFix9x and save it to your desktop.  Do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please open the QooFix9x folder on your desktop and run RunThis.bat.  If you get a warning about running MS-DOS programs in Safe Mode, please just click OK to continue.  Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the QooFix9x folder.
Logged

An Australian Member of

EDDY
LeighRae
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« Reply #2 on: October 05, 2005, 01:40:57 PM »

I downloaded the file and went into Safe Mode but it will only work for Windows 98.  I have XP.  I attempted to look for another file online that is for XP, but I'm not sure which one is compatible with what we're trying to do.  Thanks for responding.
Logged

 
LeighRae
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« Reply #3 on: October 06, 2005, 12:01:08 AM »

I am talking about the QooFix9x.exe file.  I can't run that.  I also tried running it from dos, but nope.
Logged

 
LeighRae
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« Reply #4 on: October 06, 2005, 07:44:25 PM »

I apologize for submitting my hijackthis log to both forums.  I had no idea the two were connected.  Geekstogo is not going to help me because I posted here.  I'm hoping you aren't doing the same.  I waited a long time before ever posting to see if I could possibly fix this myself and not bother anyone.  I can't.  If I'm off the list for wasting someone's time by posting to both places, please let me know and I will just reformat the drive.  I may have to do that anyway.  Thanks.
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 09, 2017, 02:11:15 PM