Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heeeeeeellllllllp!


  • This topic is locked This topic is locked
10 replies to this topic

#1 ridelikethewind

ridelikethewind

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 15 November 2005 - 12:39 PM

Hello and THANX for having this forum!! I found your site thru a Google search for "free spyware removal"! I did everything suggested from your intro page, ran all of the programs listed and even did some of them more than once and am STILL having major pop-up issues! I also have a pop stopper program which should help w/pop-ups coming from the actual pages I an surfing on as well as the Googlebar which also has a pop-stopper so they are coming from something in my machine that I must have picked up. AND THEY ARE DRIVING ME CRAZY as well as slowing down my machine! :thumbsup: :flowers: :trumpet: :inlove:

I am running Windows XP Professional and this happened early in Nov - actually I did a no-no... I was looking for a crack/serial number for a trail program and downloaded what I thought was the crack/serial number. Then I ran Norton (Symantec Antivirus Corporate Edition) and nothing was found - until I ran the .exe file. THEN things really got bad. I had a few viruses too, but those I was able to get rid of, just can't get rid of the pop-ups when I search the web!

Here is my HJT logfile, but I can't see anything irregular here either - maybe someone else can?

Logfile of HijackThis v1.99.1
Scan saved at 12:26:00 PM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\navnt\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\navnt\DefWatch.exe
C:\PROGRA~1\navnt\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124466166171
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Any suggestions?!?!

THANX for ANY help!!!

Sincerely,

Dawn Gloeckler

Edited by ridelikethewind, 15 November 2005 - 12:48 PM.


BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:48 AM

Posted 15 November 2005 - 12:52 PM

Hi and welcome! :thumbsup:

List programs that can be removed using Windows 'Add or Remove'

This utility "List Installed Programs" will provide a list of installed programs. It is found half way down the page. Click on the little arrow and then the download icon that is on the new window that opens up. You can download the script and run it from your hard disk or run it without downloading.
When asked to enter the PC details - leave it blank and click OK. Ask to view the results and copy the Notepad list. Paste it in a reply to this thread.

David

#3 ridelikethewind

ridelikethewind
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 15 November 2005 - 01:07 PM

I'm sorry, but I'm lost already - do you mean go to my "Control Panel", then run the Add or Remove Programs window? If that is what you mean (and I even used Help and typed in "List Installed Programs" and it came up "no results found"), I scrolled down the whole list and there is no "List Installed Programs" - am I looking in the wrong place?

#4 ridelikethewind

ridelikethewind
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 15 November 2005 - 01:13 PM

Ok - never mind. You meant click on your LINK and I had to deactivat all of my pop-stoppers to get to it. SORRY!! BRB w/the info...


And THANX for the fast response!!!!!

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:48 AM

Posted 15 November 2005 - 01:15 PM

Ok, click on the underlined "List Installed Programs", and follow the instructions from there:

The download you want is found half way down the page. Click on the little arrow and then the download icon that is on the new window that opens up. You can download the script and run it from your hard disk or run it without downloading.
When asked to enter the PC details - leave it blank and click OK. Ask to view the results and copy the Notepad list. Paste it in a reply to this thread.


EDIT:

Ok, lol! :thumbsup:

David

Edited by D-Trojanator, 15 November 2005 - 01:15 PM.


#6 ridelikethewind

ridelikethewind
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 15 November 2005 - 01:17 PM

K, here are the results:

INSTALLED SOFTWARE (96) - EQUESTRI-2KY8X1 - 11/15/2005 1:15:02 PM

ABBYY FineReader 6.0 Sprint Plus Ver: 6.00.1236.4166 Installed: 7/30/2005
Ad-Aware SE Personal Ver: 1.06
Adobe Acrobat 6.0.1 Professional Ver: 006.000.001 Installed: 10/20/2005
Adobe GoLive 5.0 Ver: 5.0 Installed: 11/10/2005
Adobe GoLive SDK 5.0r4
Adobe Illustrator 9.0 Ver: 9.0
Adobe PageMaker 7.0 Ver: 7.0.1
Adobe Photoshop 7.0 Ver: 7.0
Adobe Photoshop Scripting Support 1.0
Adobe SVG Viewer Ver: 1.0
AQUAZONE DESKTOP GARDEN
ContextPlus
Dynomite 2.01
Eye Candy 4000
Forms To Go 2.6.5
Google Toolbar for Internet Explorer
HijackThis 1.99.1 Ver: 1.99.1
IncrediMail Xe
Ipswitch WS_FTP Pro Uninstall
J2SE Runtime Environment 5.0 Update 1 Ver: 1.5.0.10 Installed: 7/24/2005
J2SE Runtime Environment 5.0 Update 4 Ver: 1.5.0.40 Installed: 7/25/2005
Lexmark 6200 Series
Lexmark Fax Solutions Ver: 1.10 Installed: 7/30/2005
Lexmark Fax Solutions Ver: 1.10 Installed: 7/30/2005
LimeWire PRO 4.8.1 Ver: 4.8.1
LiveReg (Symantec Corporation) Ver: 2.1.5.1502
LiveUpdate 2.6 (Symantec Corporation) Ver: 2.6.14.0
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 8/18/2005
Microsoft ASP.NET Web Matrix Ver: 0.6.812.0 Installed: 8/18/2005
Microsoft Money 2000 Standard Edition
Microsoft Office 2000 Standard Ver: 9.00.2720 Installed: 2/26/2005
MSN Music Assistant
Pop Up Washer
Project Nomads
QBeez
QuickTime Ver: 7.0.2 Installed: 7/12/2005
QuickTime Ver: 7.0.2 Installed: 7/12/2005
ROR Sitemap Generator 1.0 Ver: 1.0.0 Installed: 11/10/2005
Security Update for Windows XP (KB883939) Ver: 1 Installed: 6/19/2005
Security Update for Windows XP (KB890046) Ver: 1 Installed: 6/19/2005
Security Update for Windows XP (KB893756) Ver: 1 Installed: 8/13/2005
Security Update for Windows XP (KB896358) Ver: 1 Installed: 6/19/2005
Security Update for Windows XP (KB896422) Ver: 1 Installed: 6/19/2005
Security Update for Windows XP (KB896423) Ver: 1 Installed: 8/13/2005
Security Update for Windows XP (KB896428) Ver: 1 Installed: 6/19/2005
Security Update for Windows XP (KB896688) Ver: 1 Installed: 11/4/2005
Security Update for Windows XP (KB899587) Ver: 1 Installed: 8/13/2005
Security Update for Windows XP (KB899588) Ver: 1 Installed: 8/13/2005
Security Update for Windows XP (KB899589) Ver: 1 Installed: 11/4/2005
Security Update for Windows XP (KB899591) Ver: 1 Installed: 8/13/2005
Security Update for Windows XP (KB900725) Ver: 1 Installed: 11/4/2005
Security Update for Windows XP (KB901017) Ver: 1 Installed: 11/4/2005
Security Update for Windows XP (KB901214) Ver: 1 Installed: 7/13/2005
Security Update for Windows XP (KB902400) Ver: 1 Installed: 11/4/2005
Security Update for Windows XP (KB903235) Ver: 1 Installed: 7/13/2005
Security Update for Windows XP (KB904706) Ver: 1 Installed: 11/4/2005
Security Update for Windows XP (KB905414) Ver: 1 Installed: 11/4/2005
Security Update for Windows XP (KB905749) Ver: 1 Installed: 11/4/2005
Shockwave Flash
SnagIt 5 Ver: 5.2
Spybot - Search & Destroy 1.4 Ver: 1.4
Sygate Personal Firewall Ver: 5.6.2808 Installed: 11/15/2005
Symantec AntiVirus Client Ver: 8.1.1.319 Installed: 2/26/2005
Tetris4000
Unreal Gold
Unreal II
Update for Windows XP (KB894391) Ver: 1 Installed: 8/13/2005
Update for Windows XP (KB896727) Ver: 1 Installed: 8/13/2005
Update for Windows XP (KB898461) Ver: 1 Installed: 6/29/2005
VIA Audio Driver Setup Program
WebFldrs XP Ver: 9.50.5318 Installed: 2/26/2005
Windows Genuine Advantage v1.3.0254.0 Ver: 1.3.0254.0 Installed: 7/29/2005
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282 Ver: 20050127.090417
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890047 Ver: 20041221.124506
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 4/14/2005
Windows XP Hotfix - KB890923 Ver: 1 Installed: 4/14/2005
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB893066 Ver: 1 Installed: 4/14/2005
Windows XP Hotfix - KB893086 Ver: 1 Installed: 4/14/2005
Windows XP Service Pack 2 Ver: 20040803.231319
WinRAR archiver

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:48 AM

Posted 15 November 2005 - 01:24 PM

HA! :thumbsup: Just as i expected:

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

David

#8 ridelikethewind

ridelikethewind
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 15 November 2005 - 02:01 PM

K, here is the HJT log (but how did you see anything? I looked at the log and didn't see anything abnormal - I know what all those things are - except for the 'Hotfixes' and Security Updates):

Logfile of HijackThis v1.99.1
Scan saved at 1:47:17 PM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\navnt\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\navnt\DefWatch.exe
C:\PROGRA~1\navnt\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124466166171
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

And here is the Aproposfix log too (BTW, I was watching it run and saw it found something called Viaimail which another spyware program found, but I only got a free scan - not a fix - so I went to my Programs file where it was supposed to be and couldn't find that folder. It must have been 'cloaked' somehow? I see it was a hidden folder, but I have all of my hidden folders turned on! I'm usually able to fix these things myself when I get them but this is the FIRST time I was unable to find the problem!!):

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Dawn Gloeckler\Desktop\Downloads\Spyware removal\AproposFix\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CqiVFAH5HR6m]
@="y64\\68LTUUTUUVUk.AEcOySTUUTjWU:pukv:zULRLM7FaZU6KBO7KLUBI86FBHVLRL"
"Device"="\\\\.\\DVhl5vRz"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\ipfdmio.sys"
"DriverName"="RdbUdfs"
"HideUninstallerName"="C:\\Program Files\\Viaimail\\glmerial.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\nwpctres.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{294EBA1A-D830-451C-89EF-9BB5846CF35A}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\ipvkntfs.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xe5ead58-602d-29e9-f458-4864ef36b1a1}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Viaimail\\dpwsutil.exe"

************

Removing hidden service:
Service RdbUdfs removed.

Removing hidden folder:
Deletion of folder Viaimail succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\ipfdmio.sys succeeded!
Deletion of file C:\WINDOWS\system32\ipcxflog.exe succeeded!
Deletion of file C:\WINDOWS\system32\ipvkntfs.dll succeeded!
Deletion of file C:\WINDOWS\system32\nwpctres.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CqiVFAH5HR6m]
[-HKEY_LOCAL_MACHINE\Software\CqiVFAH5HR6m]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{294EBA1A-D830-451C-89EF-9BB5846CF35A}]

Done!

Finished!

THANX again for the QUICK response!!!! It seems to be fixed cuz I even tried surfing using the word 'Casinos' and NO pop-ups!!! THANX a MILLION!!!

P.S. I do graphics - if you need something, LET ME KNOW!!! But I'm sure you figured that by seeing all of the graphics programs I have!! :thumbsup:

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:48 AM

Posted 15 November 2005 - 02:05 PM

What about this entry in your add/remove:

ContextPlus

Recongise that? :thumbsup:

Go to add/remove in the control panel and see if it's still there - if it is uninstall it!

Clean Log!! Posted Image
How's everything running? :up: or :down: ?

David

#10 ridelikethewind

ridelikethewind
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 15 November 2005 - 02:20 PM

No.... no ContextPlus in there. I would have seen that in my Add/Remove programs before tho. I'm very familiar w/what is on my machine - well most of it anyway - but especially in my programs lists and in my Programs folder. I see that now on the AproposFix log tho.

And YES!! Everything is running GREAT - and MUCH faster!!! K, that's what I get for looking for cracks to trial programs. It used to be a lot easier back when but I haven't done it in a while and I was always able to fix whatever I got before... I wanted the full version of Incredimail's LetterCreator cuz I could customize all my own stationary, but I suppose I'd better stick to BUYING programs from now on. It's not as easy as it used to be to 'cheat' anymore... :thumbsup:

THANK YOU SO MUCH AGAIN and I'll keep my fingers out of the cookie jar from now on too!!!

Dawn :flowers:

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:48 AM

Posted 15 November 2005 - 02:21 PM

Ok! :thumbsup:

Good like with the graphics

David :flowers:

Due to the fact that this topic has thankfully been resolved, I will close this thread. :trumpet:

If you want to thread to be re-opened at any point ? please PM me or any other staff with a link to it!

If anyone else is reading this with a similar problem that you would like help with, please post it in a new thread in the security section!


:inlove: David :cool:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users