MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: rebooting pop-up
April 05, 2020, 03:51:32 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 05, 2020, 03:51:32 PM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: rebooting pop-up  (Read 2953 times)
Helpmeplz01
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« on: May 02, 2004, 07:43:09 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:windows 98
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



When on an instant messenger service, a bot whom I believed to be one of my buddies messaged me and when I clicked I was bombarded with a series of p*rnographic pop-ups. After finally ridding myself of them, the next time I booted up my computer a site returned after start up thanking me for choosing to be on its website and asking me to enter.  I chose uninstall and the next time I booted up the computer, it came back.  I looked in program files and found it under "website viewer" and deleted it, upon reboot it had returned. I used "Spy sweeper" which found the items, I deleted them and upon reboot they had returned.  I am at a loss for what to do and really need help.  THank you
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: May 02, 2004, 08:12:18 PM »

HI Helpmeplz, A couple other programs I like to recommend other that
Spysweeper are Adaware and Spybot

Spybot----install----Search for updates------Check for problems---fix
Everything in RED
http://www.safer-networking.org/index.php?page=download

Adaware6 (free version) Install----check for updates----Do a Scan---fix
everything it finds
http://www.lavasoftusa.com/support/download/

RESTARTING your computer after running each

Finally, get a copy of Hijackthis
First create a Permanent folder on your hard drive
EG----Open MyDocuments---right click an empty spot and Select NEW---Folder---Name that new folder HJT
This is where you will want to save hijackthis too---anything removed with hijackthis will make backups to that new folder
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

I also like to recommend that you visit Windows update and get all
Critical updates and services packs----helps to keep your system secure
Logged

 
Helpmeplz01
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #2 on: May 02, 2004, 08:24:07 PM »

Wow, I cant believe I actually did that, I suck at computers..I think this is what you want...





Logfile of HijackThis v1.97.7
Scan saved at 3:26:47 PM, on 5/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AUDIOCOALMESS\TYPE COPY POKE.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\SPOOLSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WEBSITEVIEWER\123268.DLR
C:\AOL INSTANT MESSENGER\AIM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8DA3WHQN\HIJACKTHIS[1].EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/gw/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\PROGRAM FILES\SURFASSISTANT.COM\SAIEMOD.DLL
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [APIMon] C:\WINDOWS\SYSTEM\Apimonx.exe
O4 - HKLM\..\Run: [Windrfc] C:\WINDOWS\SYSTEM\fld.exe
O4 - HKLM\..\Run: [Acegrim] C:\PROGRA~1\Audiocoalmess\type copy poke.exe
O4 - HKLM\..\Run: [Winspl] C:\WINDOWS\SYSTEM\winsplsv.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [IcqBeta] C:\WINDOWS\SYSTEM\SPOOLSRVC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Instant Messenger (SM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .asf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37926.3545601852
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab



Hope this helps fix the problem
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: May 02, 2004, 08:44:15 PM »

Could you please download and install those 2 programs I referred you
too

Spybot and Adaware

Special instructions for Adaware

 Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...
After scan is finished
Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
« Last Edit: May 02, 2004, 10:00:19 PM by benditup » Logged

 
Helpmeplz01
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #4 on: May 02, 2004, 10:06:06 PM »

No, I do not know what C:\PROGRAM FILES\AUDIOCOALMESS\TYPE COPY POKE.EXEI regards and I also have not seen it anywhere before today.  I did everything you told me to do regarding Ad-aware and also took the Anti-Virus scan. NOt quite sure what you meant regarding copying and pasting with the hijakies....but 22 files were found infected...all of them with TROJ before it and many times   TROG p*rnDIAL.BP    I could not figure out a way to send you a complete list and Ive yet to try anything with them (I.e. Delete) until I hear fro you   It was found they were "non-cleanable" if that helps
Logged

 
Helpmeplz01
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #5 on: May 02, 2004, 10:08:37 PM »

Logfile of HijackThis v1.97.7
Scan saved at 5:12:03 PM, on 5/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AUDIOCOALMESS\TYPE COPY POKE.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\SPOOLSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\AOL INSTANT MESSENGER\AIM.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8DA3WHQN\HIJACKTHIS[1].EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\AUPDATE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/gw/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\PROGRAM FILES\SURFASSISTANT.COM\SAIEMOD.DLL
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [APIMon] C:\WINDOWS\SYSTEM\Apimonx.exe
O4 - HKLM\..\Run: [Windrfc] C:\WINDOWS\SYSTEM\fld.exe
O4 - HKLM\..\Run: [Acegrim] C:\PROGRA~1\Audiocoalmess\type copy poke.exe
O4 - HKLM\..\Run: [Winspl] C:\WINDOWS\SYSTEM\winsplsv.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [IcqBeta] C:\WINDOWS\SYSTEM\SPOOLSRVC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Instant Messenger (SM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .asf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37926.3545601852
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #6 on: May 02, 2004, 10:22:59 PM »

I would suspect that file I asked you about is one of your problems
Is your Norton AV running properly? (It may be comprimised)
If so can you do a Scan in safe mode?
Please make sure that you have Norton AV's Virus definitions fully updated...
Try and start in safe mode and run a complete scan
If, for some reason you cannot run in safe mode....
Do a Scan in Normal Mode, But first enter your task manager(Ctrl-Alt-Del) and
shut down all running programs in the background
Except for Explorer and Systray and your AV or do another scan with
Housecall and shut down all running background programs except for
Explorer and Systray and let it FIX all problems.....
Here's how to start in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=2#_Section2

What I want you to do after is post back a Fresh Hijackthis log
but first follow these directions, you can download it again if you like, there are entries we can manually rid you of, but it is safer
to hold onto the backups in that new folder
Instructions:
Create a Permanent folder on your hard drive
EG----Open MyDocuments---right click an empty spot and Select NEW---Folder---Name that new folder HJT
This is where you will want to save hijackthis too---anything removed with hijackthis will make backups to that new folder
http://www.spywareinfo.com/~merijn/files/HijackThis.exe


You posted your new log before I posted my response Smiley
That's okay, I'm just suspecting that some of those files you mentioned that were non-cleanable, may have been running in the background---If you can follow my instructions and shut them down in
the taskmanager before running your AV that would probably help out.

Can you post back with another Fresh hijackthis log afterwards, thanx
« Last Edit: May 02, 2004, 10:27:30 PM by benditup » Logged

 
Helpmeplz01
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #7 on: May 02, 2004, 10:36:23 PM »

Norton Anti-Virus is not working, the folder is there...but no program. When I try to open Norton Systemworks I get no response
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #8 on: May 02, 2004, 10:41:01 PM »

Can you open up your task manager (CTRL-ALT-DEL) and end task on everything except for Explorer and Systray and then go back to Housecalls and do another
scan and let it FIX or remove everything it finds.. If not we will try a manual
fix
Logged

 
Helpmeplz01
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #9 on: May 02, 2004, 10:42:51 PM »

Alright Ill try that, meanwhile letting ya know I saved hijackthis onto my computer
Logged

 
Helpmeplz01
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #10 on: May 02, 2004, 11:08:38 PM »

Same deal, 23 found and they couldnt be cleaned...
Logged

 
Helpmeplz01
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #11 on: May 02, 2004, 11:10:06 PM »

It says at the site if they are trojan files they should just be deleted, should I just delete them?
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #12 on: May 03, 2004, 12:10:47 AM »

Sorry Helpmeplz, yes they should be deleted
Not sure exactly what files you are talking about
See if I mention a few of them in your log
C:\PROGRAM FILES\AUDIOCOALMESS\TYPE COPY POKE.EXE
I still don't know what this entry is, could you navigate to the folder and Zip it up
You will navigate to C:\PROGRAM FILES\AUDIOCOALMESS
Right click on Audiocoalmess and add it to archives

Do another scan with Hijackthis a put a check next to these entries

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\PROGRAM FILES\SURFASSISTANT.COM\SAIEMOD.DLL

O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKLM\..\Run: [APIMon] C:\WINDOWS\SYSTEM\Apimonx.exe
O4 - HKLM\..\Run: [Windrfc] C:\WINDOWS\SYSTEM\fld.exe
O4 - HKLM\..\Run: [Acegrim] C:\PROGRA~1\Audiocoalmess\type copy poke.exe
O4 - HKLM\..\Run: [Winspl] C:\WINDOWS\SYSTEM\winsplsv.exe
O4 - HKCU\..\Run: [IcqBeta] C:\WINDOWS\SYSTEM\SPOOLSRVC.exe

FIX CHECKED only after you have closed down ALL other open windows(including this one)

Restart your computer in safe mode(from instructions above) and show hidden files and folders
Open My Computer.
    * Select the View menu and click Folder Options.
    * Select the View Tab.
    * In the Hidden files section select Show all files.
    * Click OK.

Delete these files or folders
C:\WINDOWS\SYSTEM\Apimonx.exe <----this file
C:\WINDOWS\SYSTEM\fld.exe  <----this file
C:\PROGRAM FILES\WEBSITEVIEWER  <----this folder
C:\WINDOWS\SYSTEM\SPOOLSRVC.exe  <--- this file (notice the spelling)

Restart your computer in Normal Mode and post back with a Fresh Hijackthis log
« Last Edit: May 03, 2004, 12:13:15 AM by benditup » Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 20, 2018, 12:07:14 AM