Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help. :( Pop Ups Galore


  • This topic is locked This topic is locked
30 replies to this topic

#1 mamaon0911

mamaon0911

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 12 June 2007 - 10:13 PM

Hi. I'm feeling very :huh: because Sunday night I must've accidentally clicked on something that brought on about a hundred pop ups. I tried to visit Symantec, BC and McAfee sites to see what virus I could've possibly had but the sites were all blocked!! It kept redirecting me to some bank loan site. *frustrated* So then I downloaded SuperAntiSpyware and then ran it like 5 times in safe mode deleting loads of stuff. Finally the sites aren't redirecting me anymore but the pop ups galore is still occuring! And then I'm getting pop ups from a slew of different things, from shopping, to cheap airline tickets!! I even get Windows Messages telling me that my "porn viewing" is being tracked and that I should download something to keep my privacy!! :flowers:: And other times it'll tell me that I need to install something else or other to update and keep my privacy on the internet. I've been closing them all of course because I don't trust anything anymore. I also went in an uninstalled a bunch of programs that I don't use anymore as well, trying to clean things up. I think I just made it worse. :thumbsup: This all started when I uninstalled my Verizon toolbar. Then out of no where I get an uninvited toolbar. It was a green color logo and started with an "M". Anyways, I tried to unistall it but then it said I needed to download the "uninstaller" which I stupidly did and now here I am.

:huh:

On the verge of tears.

*sigh*

So here is my HJT. I hope I did this right. Please explain things to me like I'm a 5-year-old. HAHAHA

What can you do but laugh at this point right?

OH! And don't know if this is important or not. But I also use a flock browser and when I use that nothing happens. No pop ups or messages, etc etc. only on my Internet Explorer!!

*grrrr*

Thanks in advance!!





Logfile of HijackThis v1.99.1
Scan saved at 7:52:09 PM, on 6/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINNT\system32\Explorer.exe
C:\WINNT\system32\wuauclt.exe
C:\unzipped\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F1 - win.ini: run= C:\C&C\INSTICON.EXE
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CF9FEC7-BE36-435A-8484-38CC07659C3A} - \
O2 - BHO: (no name) - {fc5b1081-9dba-40e9-8710-5a1e44698b4e} - C:\WINNT\system32\iiptqgq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Configuration Manager] C:\WINNT\cfg32.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.4\webbuying.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINNT\system32\lxbscoms.exe
O23 - Service: Net Agent - Unknown owner - C:\WINNT\dls0523pmw.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

BC AdBot (Login to Remove)

 


#2 mamaon0911

mamaon0911
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 12 June 2007 - 10:32 PM

Don't know if this is relevant or not, but I also get a lot of pop ups for the Bowflex. ??? and also Microsoft Internet Explorer windows with a Question Mark and NOTICE: sign, usually says something like...

You have not completed the error scan. If your computer has errors in file system or windows registry, it could cause unpredictable or erratic PC behavior, freezes, crashes and loss of data. You need to install ErrorPorector to scan for and if find, fix system errors now (Recommended).

And then it has two buttons to click on either OK or CANCEL. I usally close the window with the X. This message was for the ErrorProtector but there are many other ones I cannot remember at the moment.

I also get a window "FDEGHDF" that says:

Runtime error: "401";
Can't show non-modal form when modal form is displayed.


Seems like I have a slew of problems. :thumbsup:

#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 13 June 2007 - 05:07 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Can you try to bear with the problems for now, hopefully when we have removed most of the malware they will stop. If not, we can then try to sort them out, instead of batttling against two problems at once.

You are using peer-to-peer programs.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this may have been how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/

I have also noticed from your log that you have various online poker programs installed on your computer. I understand that you may use these games on a regular basis but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. If you did not install these programs yourself, or you do not use them any more, I would definitely recommend that you uninstall them from your computer, even if it is simply a precautionary measure. The amount of different poker software which arises on the internet means it is impossible to keep track of which ones are infected and which ones are not. If you do use the software, and wish to continue doing so, please ignore this.
If you do decide to go ahead and remove the poker software, you should be able uninstall them via Add/Remove Programs which can be found in the Control Panel. Let me know if you have any problems whilst doing so.

Download Brute Force Uninstaller.
Unzip it to a folder of its own (c:\BFU).
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to 'scriptfile to execute' you'll see a little icon like this: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste this:http://metallica.geekstogo.com/alcanshorty.bfu
Click OK.
Then click Execute to run the script.
Wait for the 'complete script execution' box to popup and press OK.
Press Exit to terminate the BFU program.

I'd like to take a look at one of the files you have:
Go to this page.
Where it says "Browse to the file you want to submit", copy and paste the filepath below into the box:

C:\WINNT\system32\iiptqgq.dll

Then click the Send File button below.

Scan once more with HijackThis and post back the new log, and also let me know when you have uploaded the file.
Thanks,
Charles

Edited by rookie147, 13 June 2007 - 05:09 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 mamaon0911

mamaon0911
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 13 June 2007 - 10:48 PM

Aw man :thumbsup:

I lost the previous post I replied to you on. I needed to know exactly what the "P2P" (I think that's what you called it, I don't know what it means) programs are so that I can remove them as well as Poker. I don't use either of those programs so if you can just direct me that-a-away please? :huh:

I know how to use the Control Panel to Add/Remove programs. Just point me in the direction of which programs they are.

Thanks!

oh yea and I think I was saying how grateful I am to have you respond to my post. Thank you so so much for helping out this technically handicapped loser. :flowers:

#5 mamaon0911

mamaon0911
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 13 June 2007 - 10:58 PM

Good evening. :flowers:

I ran the Brute Force Uninstaller based on your instructions. Thank you for the detailed step by step. :thumbsup:

I also sent the file you wanted to take a look at.

I haven't done the ADD/REMOVE PROGRAMS step yet because I don't know which programs to remove and I don't want to remove anything that will cause me to be unable to use my computer later on, so I'll wait for your confirmation as to which files I should remove. Is that okay that I did everything else first? Not sure if you wanted me to do things in a specific order...

Here is my new HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 8:57:48 PM, on 6/13/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\Explorer.exe
C:\unzipped\bfu\BFU.exe
C:\WINNT\NOTEDAD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HJT\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F1 - win.ini: run= C:\C&C\INSTICON.EXE
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CF9FEC7-BE36-435A-8484-38CC07659C3A} - \
O2 - BHO: (no name) - {fc5b1081-9dba-40e9-8710-5a1e44698b4e} - C:\WINNT\system32\iiptqgq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.4\webbuying.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINNT\system32\lxbscoms.exe
O23 - Service: Net Agent - Unknown owner - C:\WINNT\dls0523pmw.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 14 June 2007 - 09:31 AM

Hello there,

I haven't done the ADD/REMOVE PROGRAMS step yet because I don't know which programs to remove and I don't want to remove anything that will cause me to be unable to use my computer later on, so I'll wait for your confirmation as to which files I should remove. Is that okay that I did everything else first? Not sure if you wanted me to do things in a specific order...

Doing that step does not remove any programs, it just gives me a list of all the programs you crrently have installed. If anythins bad is present, we can go back later and uninstall it.
Yes, it's fine that you did things in that order ... :thumbsup:
Can you post back the uninstall list please.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 mamaon0911

mamaon0911
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 14 June 2007 - 09:43 AM

How do I gives you a list of all the programs I crrently have installed? :thumbsup: Sorry, I think if you posted about it for me yesterday it was deleted, a lot of the posts were lost by accident because of BC's backup procedure or something.

"Important Announcement:

Due to a problem in our backup procedure, the database for the forums became corrupt. Unfortunately this means that we had to revert the database to an earlier backup from around 10am Eastern on June 13th 2007.

We sincerely apologize to all those who have lost any information that they may have posted and for any posts that you may have to do over. Please be assured that measures are being put into place so that this does not happen again. If you had previously received help in one of your topics, you may want to respond back to it so that that helper knows about it.

- The Administration"


Sorry, can you tell me how to do it? Thanks!!!

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 14 June 2007 - 11:47 AM

Aha ok, sorry.
Go to Add/Remove Programs and remove the following (if present):

BitTorrent
Web Buying
PartyPoker


Open HijackThis.
Click the Config... button, then go to the Misc Tools section.
Press Open Uninstall Manager. You'll see a list of programs.
Select Save List... - save it to your Desktop.
The file "uninstall_list.txt" will be created.

Copy and paste the contents of this file to your next reply, along with a new HijackThis log.
Thanks,
Charles

Edited by rookie147, 14 June 2007 - 11:47 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 mamaon0911

mamaon0911
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 14 June 2007 - 11:30 PM

Alrighty-o. I didn't see BITTORRENT or WEB BUYING on my ADD/REMOVE list. I did see PARTY POKER and that is removed. I also so a program called PEER POINTS MANAGER and removed that too. Never seen/heard/use that, so I thought maybe it's one of those spyware programs.

Here's is my Uninstall List:

Ad-aware 6 Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop CS
Adobe Reader 7.0.5
AOL Instant Messenger
ATI Display Driver
Canon Camera Support Core Library
Canon Camera TWAIN Driver 6.6
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ClipShack Uploader
Command & Conquer Tiberian Sun
DirectX 8 Hotfix - KB839643
DivX
DivX Player
Flock 0.7
HijackThis 1.99.1
Hotfix for MDAC 2.53 (KB927779)
hp LaserJet 1010 Series
Image Transfer
ImageMixer for Sony
InstaFinder_K
J2SE Runtime Environment 5.0 Update 3
Kazaa 3.2.7
LeechFTP
LimeWire 4.12.6
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Office 2000 Premium
Microsoft Windows Journal Viewer
MicroStaff WINASPI
Move Networks Player for Internet Explorer
Need2Find Bar
Nero - Burning Rom
NJWIN - NJStar CJK Viewer
P2P Networking
PIXELA ImageMixer
Print Server
QuickBooks Pro 99
QuickTime
RealPlayer
RX Bar
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Shareaza version 2.1.0.0
Sony USB Driver
SUPERAntiSpyware Free Edition
鈊象-明星三缺一2002
Update Rollup 1 for Windows 2000 SP4
VIA Rhine-Family Fast Ethernet Adapter
WildTangent Web Driver
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931768
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB932168
Windows 2000 Hotfix (SP5) Q818043
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See wm828026 for more information]
Windows Media Player system update (9 Series)
WinZip
Yahoo! Toolbar



And here is my new HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 9:30:08 PM, on 6/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\Explorer.exe
C:\Program Files\Flock\flock\flock.exe
C:\HJT\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F1 - win.ini: run= C:\C&C\INSTICON.EXE
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CF9FEC7-BE36-435A-8484-38CC07659C3A} - \
O2 - BHO: (no name) - {fc5b1081-9dba-40e9-8710-5a1e44698b4e} - C:\WINNT\system32\iiptqgq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.4\webbuying.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINNT\system32\lxbscoms.exe
O23 - Service: Net Agent - Unknown owner - C:\WINNT\dls0523pmw.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

#10 mamaon0911

mamaon0911
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 14 June 2007 - 11:33 PM

BTW, when i'm on a window i always hear clicking noises and then my cursor navigates away. It's like I can't stay on a page for very long, I have to use my mouse, point back to this text area to start typing again. It's like the cursor keeps toggling off to another site or to something else. I don't see any pop ups but I hear a lot of clicks as if I clicked on stuff. It's so frustrating!!! And it's kind of scary too because then I might be hitting the "enter" key and then something may have popped up asking if I wanted to install something or other. :thumbsup:

Don't know if that was relevant or not. :T

LOL!

Anyways. Thanks Charles. :flowers:

Good night!

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 15 June 2007 - 03:19 AM

Hi again,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

BTW, when i'm on a window i always hear clicking noises and then my cursor navigates away. It's like I can't stay on a page for very long, I have to use my mouse, point back to this text area to start typing again. It's like the cursor keeps toggling off to another site or to something else. I don't see any pop ups but I hear a lot of clicks as if I clicked on stuff. It's so frustrating!!! And it's kind of scary too because then I might be hitting the "enter" key and then something may have popped up asking if I wanted to install something or other. :thumbsup:

To be honest I'm not sure if this is a malware problem or not, it doesn't sound like one to me, However, we'll get rid of all the malware on your computer first; this may make it stop. If not, we can deal with it later, so we'll concentrate on one problem at a time. :flowers:

There are a few more programs we can remove from Add/Remove Programs:

Kazaa 3.2.7
LimeWire 4.12.6
Need2Find Bar
P2P Networking
RX Bar
Shareaza version 2.1.0.0
鈊象-明星三缺一2002
WildTangent Web Driver


Just highlight them and click Remove like we did before. If you have any problems with the uninstallation of these items, just let me know.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O2 - BHO: (no name) - {3CF9FEC7-BE36-435A-8484-38CC07659C3A} - \
O2 - BHO: (no name) - {fc5b1081-9dba-40e9-8710-5a1e44698b4e} - C:\WINNT\system32\iiptqgq.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.4\webbuying.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O23 - Service: Net Agent - Unknown owner - C:\WINNT\dls0523pmw.exe (file missing)


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following folders (if present):

C:\Program Files\BitTorrent
C:\Program Files\Web Buying
C:\WINNT\system32\P2P Networking

And remove the following files:

C:\WINNT\system32\iiptqgq.dll
C:\WINNT\dls0523pmw.exe

Navigate to Start | Search | All files and folders.
Expand More advanced options, check 'Search system folders', 'Search hidden files and folders' and 'Search subfolders'.
Paste this into the All or part of the file name box:IExplorer.dll
Then click Search.
If you find any examples of these, please remove them.

Reboot into Normal Mode again.

You're using an outdated version of Java (the latest one is Java Runtime Environment (JRE) 6u1), and these can be exploited by malware, so you need to update it as soon as possible. Please update and remove the older versions from your computer. Do the following:
Go to Start | Control Panel | Add/Remove Programs
Search in the list for all previous installed versions of Java (J2SE Runtime Environment ...)
Select it and click Remove.
Then download and install the newest version from here:
Java Runtime Environment (JRE) 6u1

Then scan once more with HijackThis and post back the new log.
Thanks,
Charles

Edited by rookie147, 15 June 2007 - 03:19 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 mamaon0911

mamaon0911
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 15 June 2007 - 09:10 PM

Tried to remove KAZAA but an error message popped up:

INSTALLSHIELD WIZARD

Please do the following:

- Close any running programs
- Empty your temporary folder
- Check your internet connection (Internet Based setups)

Then try to run the setup again.

Error code: -6001


I already did all that but it still doesn't uninstall. :flowers:



Also tried to remove Need2Find Bar but kept getting Error Code too:

RUNDLL

Error loading C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll

The specified module could not be found.





Tried to remove RX Bar but when I click on the CHANGE/REMOVE button nothing happens.



Can I please keep 鈊象-明星三缺一2002, it's that Chinese Mah Jong game of mine. I don't think it has anything to do with internet. I don't have to be on the internet to play it. Is it okay to keep? :thumbsup:



Shareaza version 2.1.0.0 removed
Limewire 4.12.6 removed
P2P Networking removed

Edited by mamaon0911, 16 June 2007 - 01:38 AM.


#13 mamaon0911

mamaon0911
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 June 2007 - 02:09 AM

OK.

Scanned with HijackThis and checkmarked the list (the ones that were present) and clicked Fixed.

Rebooted in Safe Mode, but could not set my system to show all files because when I hit Start I didn't have My Computer available. So no Tools Folder and Folder Options.

I was still able to find:

C:\Program Files\BitTorrent and delete it.

However, I did not see:

C:\Program Files\Web Buying

or

C:\WINNT\system32\PSP Networking



When I used the Search function, under "MORE ADVANCED OPTIONS", I did not have Search system folder or search hidden files and folders. I only had Search subfolders and Case Sensitive and Search Slower Files. Do I have a really outdated computer or what!? LOL!! :thumbsup:

I still managed to search IExplorer.dll, found 1 copy of it and deleted it.

I removed the outdated version of Java per your instructions. Since I use it rarely, I didn't download a new one. Is that okay or do I have to have Java on my computer?

The amazing thing is, it's taken me a good several minutes to type up this post and I haven't seen a pop up or heard any funny clicking sounds and my cursor has not navigated away from this screen. *keeping fingers crossed*

Next up....HJT log.....

#14 mamaon0911

mamaon0911
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 June 2007 - 02:10 AM

Here's my lates Hijack This Log:





Logfile of HijackThis v1.99.1
Scan saved at 12:10:13 AM, on 6/16/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F1 - win.ini: run= C:\C&C\INSTICON.EXE
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINNT\system32\lxbscoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

#15 mamaon0911

mamaon0911
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 June 2007 - 02:12 AM

Thank you eversomuch Charles!!!

:thumbsup:

I hope that clears it (most of it) out. Let me know how I'm lookin' when you get a chance.

Good night and have a great weekend! :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users