Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Popups And Missing Pxsttgqi.dll File


  • This topic is locked This topic is locked
10 replies to this topic

#1 Sapphiah

Sapphiah

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 18 March 2008 - 07:51 PM

Please help me clean my computer. Below are the error messages I receive at startup or while in IE.

(1). The executable files in Port Magic are corrupt, please reinstall.

This showed up at startup. I found out that this was a program that AOL installed. I now mainly use
Comcast and AOL advised to delete it because they no longer support it. I deleted it and this message
no longer appears. AOL recommended McAfee. I've had no luck in installing it.

(2). Error loading C:\Windows\system32\pxsttgqi.dll. The specified module could not be found.

This shows at startup. I can't find this file to delete it.

(3). Your computer is infected! Click here to protect your computer from spyware.

I continually receive this message while I am using Internet Explorer. I believed that it originally donwloaded
the Win Reanimator virus. I ran malwarebytes to remove it. It may have returned.

ALSO, I TRIED TO DOWNLOAD HIJACK THIS. IT'S ON MY DESKTOP. HOWEVER, IT WILL NOT RUN. I EVEN TRIED TO
RUN IT IN SAFE MODE USING F8.


Background Information

I have a Gateway desktop with XP operating system. A week ago. I got a Win Reanimator virus on my
computer. I read about it on the internet and was kind of directed to your website through Yahoo.
I downloaded Malwarebytes' Anti-Malware and thought I cleaned everything up. I normally use Internet Explorer
for personal use but also have used Mozilla Firefox for connecting to my computer system at work. I thought
my system was protected because I had security package from AOL (Network Plus Port Magic), recently
bought Spyware Doctor, I also had Norton (now I realized it was not up to date. I also have Gateway BigFix.

Well, after finding and clearing malware, I stupidly downloaded limewire. That's when the trouble really began.
I then went back to your website and tried to follow general advice that was given to others. I downloaded and
ran Ad aware 2007 and uninstalled an old version and installed a new version of spybot. I continually have to
run the malware, ad aware and spybot. Although I don't feel spybot is running correctly. However, whenever
I tried to install or delete anything from the system, spybot asks if it's okay.

The problem is simply that I am plagued with constant popups or redirection and I obviously have a file in the
startup file that does not belong there (pxsttqgi.dll). Please help.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 PM

Posted 18 March 2008 - 10:24 PM

hello please follow the instructions in this BC tutorial
How to remove WinReanimator (Removal Instructions)

When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process and, if asked to restart the computer, please do so immediately.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Sapphiah

Sapphiah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 19 March 2008 - 03:42 PM

Here is the log from mbam:


Malwarebytes' Anti-Malware 1.08
Database version: 477

Scan type: Quick Scan
Objects scanned: 122983
Time elapsed: 23 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\users32.dat (Adware.Agent) -> Unloaded module successfully.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Adapter 5.1.3214 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\users32.dat (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\cru629.dat (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\haseb.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winivstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 PM

Posted 19 March 2008 - 10:05 PM

After rebooting the PC to remove the malware found as required,,, how is the PC running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Sapphiah

Sapphiah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 19 March 2008 - 10:45 PM

At times it is still kind of slow. I still get the missing dll file at startup and I still get the warning that my computer is infected. It seems that I'm getting fewer popups, maybe it because what I'm doing (I was cleaning out my emails).

#6 Sapphiah

Sapphiah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 21 March 2008 - 03:06 AM

I still have a problem. I ran mbam again and it found 7 infections. I also usually run ad aware 2007 and it also finds infections. I am still experiencing slowness, redirection and popups when I am on the internet. Any more ideas to fix this?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 PM

Posted 21 March 2008 - 09:54 AM

Ok then it appears we will need to get a deeper look inside for where it it hiding. Please floow the instrucions in this tutorial or posting a HijackThis Log.
Preparation Guide for use before posting a HijackThis Log

After you have created it,post the log here HijackThis Logs and Malware Removal and NOT in this topic,thanks.

Click on New Topic and copy/paste the entire log into the reply. Give it a relevant title.
Once you have posted the log DO NOT reply to it or change it until contacted or advised to do so by the HJT Team tech.
Should you have any other questions about this ask those here.

Edited by boopme, 21 March 2008 - 09:13 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Sapphiah

Sapphiah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 21 March 2008 - 07:48 PM

I am still having trouble using hijack this. I have deleted and saved over and over. I have saved to a different folder. When I double click on the icon, nothing happens. I have even tried to run it in safe mode. I read somewhere on this site, to press F8 to get into safe mode. Then I am given 3 options. I tried the first two, safe mode and safe mode with networking. The icon didn't even appear on the desktop in safe mode. I went directly to the file folder and I still didn't have any luck opening the program. So. I'm stuck. Is there another way to get Hijack to work? Can I copy hjt to a cd disk?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 PM

Posted 21 March 2008 - 08:13 PM

Well then please try this

Download and install WinPatrol.
During installation, it will create "Scotty the dog" icon in your system tray.
Right click on the icon and choose Options.
Under the Options tab click on Hijack Log.
WinPatrol will scan your system and create a hijackthis log for you.
When the scan is complete, notepad will open with a file named HijackPatrol.log.
Save the log file to your desktop
Copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT into this topic.
Exit WinPatrol when done
Please tell us if you've posted the log or still hve diificulty.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Sapphiah

Sapphiah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 21 March 2008 - 10:40 PM

Hi boopme,

I just posted WinPatrol to the Hijack This Log Forum. Again thanks for your help.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 PM

Posted 22 March 2008 - 10:46 AM

Great job there!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users