Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing Elitemediagroup & Other Adware


  • This topic is locked This topic is locked
2 replies to this topic

#1 sweetgal

sweetgal

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 13 May 2006 - 11:33 AM

(Moderator edit: log post moved to HJT forum for team review and member help. jgweed)


I am new to this forum and a complete novice when it comes to computers so anyone that decides to help me in finding and fixing my problem PLEASE BARE WITH ME.

I am running Windows 98 and within the last couple of weeks I have been having major problems in getting pop-up from elitemediagroup. When the ad/pop-up comes up a little box will appear that says click here to complete your download. There is no way to get out of this pop-up till you click Ok and usually I have to click it 3 times before I can even close the pop-up from elitemediagroup. Also I am getting pop-up from Heavy.com it is some sort of radio program. I have never downloaded anything from them that I know of and don't know why this is happening.

I have Ad-aware SE personal edition, Trojan Horse (14 day trial), Spyware blaster, AVG (free edition), Registry mechanic, CC-cleaner and Clean up all on my computer. I have ran all the scan's from these programs and nothing seems to help.

I have tried to figure out how to run and show my Hijack this log. I am not even sure if I have done this correctly or not as I said before when it comes to computers I honestly have no idea as to what I am doing beyond the basics.

For anyone who tries to help me resolve this problem I will need step-by-step instructions on what to do. I tried to just load the file directly from Hijack this and was not able to because it said that I was not allowed to post something with that extention and I don't know how to change it. So I just copied and pasted a copy of the file on here.

Thank you all so very much for any help that you can offer.


Logfile of HijackThis v1.99.1
Scan saved at 11:33:33 AM, on 5/13/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\POINT32.EXE
C:\WINDOWS\THISELT.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\U3E5WYDF\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Jennifer's Computer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\THISELT.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRxdm069
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...650/mcfscan.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) -

Edited by jgweed, 13 May 2006 - 12:21 PM.


BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:46 AM

Posted 13 May 2006 - 10:14 PM

Hello sweetgal, my name is SifuMike and I will be helping you. :thumbsup:

Please download, update and run
Spybot 1.4

Fix whatever it suggests.

If you need help running this tool, here is a helpful tutorial.
Spybot Tutorial

***************************************************


Please download, update and run the free A2 (A squared) anti-trojan

If malware is found, click the button "Remove Selected Malware".

Save the log file by clicking on "Save HTML-Report".

Let it delete whatever it finds.

***************************************************

I tried to just load the file directly from Hijack this and was not able to because it said that I was not allowed to post something with that extention and I don't know how to change it. So I just copied and pasted a copy of the file on here.


You did it correctly. :flowers:

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\U3E5WYDF\HIJACKTHIS[1].EXE


You have Hijackthis in a temp folder. It will not save backups when run from a temp folder. You need to put it into C:\Program Files\Hijackthis folder.

The following will automaticly put Hijackthis into the correct default folder (C:\Program Files\Hijackthis).

Go to
HijackThis Download Site with installer
Just click on Hijackthis_sfx.exe file that you downloaded.
A WinZip self extractor screen appears with the default location of C:\Program Files\Hijackthis.
Then press the Unzip button. Now it will be in the correct folder.
Then go to C:\Program Files\Hijackthis
run Hijackthis and copy and paste the entire log to this thread.

If you have trouble with my instructions then follow this advice:
Unzip HijackThis/Make a shortcut, Important How-To's

To generate a log - do this:

1. Double-click on HijackThis.exe.
2. Click on Scan.
3. When the scan is finished, the Scan button will change into a Save Log button.
4.Click on the Save Log button to save the log, press Ctrl-A to Select All, and copy its contents here in a new post.

Edited by SifuMike, 13 May 2006 - 10:22 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:46 AM

Posted 20 May 2006 - 08:47 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users