Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

680130 popups won't go away


  • Please log in to reply
7 replies to this topic

#1 snehalrana

snehalrana

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 24 December 2004 - 12:29 PM

Hello Folks,

I am getting http://680130.net popups more frequently. Please help me from these annoying popups. They are beyond my reach and I need to get rid of them as it is affecting my business PC. I have professional version of Adaware SE Pro, Spybot search and Destroy and Trend Micro PC Cillin and seems like all of them cannot prevent this popups.

I have HiJackThis log and it is pasted below:

Logfile of HijackThis v1.97.7
Scan saved at 11:12:33 AM, on 12/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\WINDOWS\System32\msvcmm32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\SONYER~1\MOBILE~1\EPMWOR~1.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SONYER~1\MOBILE~1\DbgOut.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HardCopy Pro\HardCopy.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\Kkj070.exe
C:\WINDOWS\System32\QjlRXhe9.exe
H:\Install\hijackthis\ver1.97\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Snehal Rana\Application Data\Mozilla\Profiles\default\j1dcnt9c.slt\prefs.js)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hcaoegl.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B4F20D85-24F7-4804-828A-F4C77AE5400A} - C:\WINDOWS\system32\sogwm.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: (no name) - {} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\System32\msvcmm32.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [3TF95A#57YFBA3] C:\WINDOWS\System32\VchsZQoq.exe
O4 - HKLM\..\Run: [YNMq9] C:\documents and settings\snehal rana\local settings\temp\YNMq9.exe
O4 - HKLM\..\Run: [Woo7T] C:\docume~1\snehal~1\locals~1\temp\Woo7T.exe
O4 - HKLM\..\Run: [w] C:\documents and settings\snehal rana\local settings\temp\w.exe
O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [M3Tray] H:\Movielink\MovielinkManager\Movielink Manager.exe /WNDSTART /Tray
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [ikwJh1m1] C:\documents and settings\snehal rana\local settings\temp\ikwJh1m1.exe
O4 - HKLM\..\Run: [iFI] C:\docume~1\snehal~1\locals~1\temp\iFI.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [EMIL] C:\documents and settings\snehal rana\local settings\temp\EMIL.exe
O4 - HKLM\..\Run: [CdsRpq] C:\docume~1\snehal~1\locals~1\temp\CdsRpq.exe
O4 - HKLM\..\Run: [bC] C:\documents and settings\snehal rana\local settings\temp\bC.exe
O4 - HKLM\..\Run: [AtRK8] C:\docume~1\snehal~1\locals~1\temp\AtRK8.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HardCopy Pro] C:\Program Files\HardCopy Pro\HardCopy Pro.exe -m
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Launch High Impact eMail 2.0 (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RoboForm &2 (HKLM)
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 2.0 (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: TruePass EPF 7,0,0,478 - https://pki.revenue.state.il.us/app/truepas...sapplet-epf.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bullseye-network.net/cashback/c..._EMARKETMKR.cab
O16 - DPF: {0D3983A9-4E29-4F33-8313-DA22B29D3F87} (QuickBooks Online Edition Utilities Class v6) - https://accounting.quickbooks.com/v10.099/qboax6.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.org/fvlite22/fvlite.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLcd.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7777.8598148148
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {B815456B-0AD8-4A9C-8C7F-BB1C4095D871} (FS_PinIE Control) - http://new.imagestation.com/us/PC/FS_PinIE.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Template...nloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.149/code/iPIX-ImageWell-ipix.cab

Any help would be greatly appreciated.

Thanks
Snehal Rana :thumbsup:

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:37 AM

Posted 26 December 2004 - 12:29 AM

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log

#3 snehalrana

snehalrana
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 28 December 2004 - 07:23 AM

I tried running HijackThis 1.99 but windows XP SP2 crashed on me that is why I had to run 1.97

What am I missing? :thumbsup:

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:37 AM

Posted 28 December 2004 - 01:51 PM

You have a Peper infection

Download the removal tool :

Peper Removal Tool

! NOTE: YOU MUST BE ONLINE WHEN RUNNING IT and let is have access to pass the firewall.

!!! Please run this twice with a reboot in between.

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hcaoegl.dll
O2 - BHO: (no name) - {B4F20D85-24F7-4804-828A-F4C77AE5400A} - C:\WINDOWS\system32\sogwm.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: (no name) - {} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [3TF95A#57YFBA3] C:\WINDOWS\System32\VchsZQoq.exe
O4 - HKLM\..\Run: [YNMq9] C:\documents and settings\snehal rana\local settings\temp\YNMq9.exe
O4 - HKLM\..\Run: [Woo7T] C:\docume~1\snehal~1\locals~1\temp\Woo7T.exe
O4 - HKLM\..\Run: [w] C:\documents and settings\snehal rana\local settings\temp\w.exe
O4 - HKLM\..\Run: [ikwJh1m1] C:\documents and settings\snehal rana\local settings\temp\ikwJh1m1.exe
O4 - HKLM\..\Run: [iFI] C:\docume~1\snehal~1\locals~1\temp\iFI.exe
O4 - HKLM\..\Run: [EMIL] C:\documents and settings\snehal rana\local settings\temp\EMIL.exe
O4 - HKLM\..\Run: [CdsRpq] C:\docume~1\snehal~1\locals~1\temp\CdsRpq.exe
O4 - HKLM\..\Run: [bC] C:\documents and settings\snehal rana\local settings\temp\bC.exe
O4 - HKLM\..\Run: [AtRK8] C:\docume~1\snehal~1\locals~1\temp\AtRK8.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\system32\hcaoegl.dll
C:\WINDOWS\system32\sogwm.dll
C:\WINDOWS\System32\VchsZQoq.exe
C:\documents and settings\snehal rana\local settings\temp\YNMq9.exe
C:\documents and settings\snehal rana\local settings\Woo7T.exe
C:\documents and settings\snehal rana\local settings\temp\w.exe
C:\documents and settings\snehal rana\local settings\temp\ikwJh1m1.exe
C:\documents and settings\snehal rana\local settings\iFI.exe
C:\documents and settings\snehal rana\local settings\temp\EMIL.exe
C:\documents and settings\snehal rana\local settings\CdsRpq.exe
C:\documents and settings\snehal rana\local settings\temp\bC.exe
C:\documents and settings\snehal rana\local settings\AtRK8.exe

Reboot your computer to go back to normal mode and post a new log.

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:37 AM

Posted 28 December 2004 - 01:51 PM

After cleaning all of this try running version 1.99.0 of hijackthis for your reply

#6 snehalrana

snehalrana
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 28 December 2004 - 01:59 PM

I shall try this and get back to you.

Thanks

#7 snehalrana

snehalrana
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 01 January 2005 - 01:42 PM

Hello Grinler,

After following the steps you send me I am still having problems running the HijackThis 1.99 version and Windows XP SP2 crashes on me.

I have deleted following files:
C:\WINDOWS\system32\hcaoegl.dll
C:\WINDOWS\system32\sogwm.dll
C:\WINDOWS\System32\VchsZQoq.exe
C:\documents and settings\snehal rana\local settings\temp\YNMq9.exe
C:\documents and settings\snehal rana\local settings\Woo7T.exe
C:\documents and settings\snehal rana\local settings\temp\w.exe
C:\documents and settings\snehal rana\local settings\temp\ikwJh1m1.exe
C:\documents and settings\snehal rana\local settings\iFI.exe
C:\documents and settings\snehal rana\local settings\temp\EMIL.exe
C:\documents and settings\snehal rana\local settings\CdsRpq.exe
C:\documents and settings\snehal rana\local settings\temp\bC.exe
C:\documents and settings\snehal rana\local settings\AtRK8.exe

But there are also some similar DLL files under \temp and \local settings folder. Should I be removing them as well?

Let me know

Snehal Rana

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:37 AM

Posted 01 January 2005 - 05:33 PM

Reboot into safe mode and do the following:

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users