|
-
July 11th, 2004, 11:56 PM
#11
Also, in the quote directions you said to go Start > Control Panel > Administrative Programs but i didn't see Administrative Programs on my Control Panel
If you switch to classic view you will see Administrative Tools more easily than in the catagory view that is the default. Left side of the control panel window.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
July 12th, 2004, 12:28 AM
#12
In addition to posting a new log, did you do the first half of the instructions also, or did you just run Adaware??
-
July 12th, 2004, 03:49 AM
#13
Junior Member
Logfile of HijackThis v1.98.0
Scan saved at 7:56:53 PM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sysud.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ipzu.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\InterVideo\WinDVD\WinDVD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloaded Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = no
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\auyyb.dll/sp.html#27063
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://auyyb.dll/index.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://auyyb.dll/index.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\auyyb.dll/sp.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\auyyb.dll/sp.html#27063
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://auyyb.dll/index.html#27063
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\http://www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4545A25A-AD18-91DE-7239-FA8038A1775C} - C:\WINDOWS\system32\winmt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sysud.exe] C:\WINDOWS\sysud.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...6/sdcregie.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23ea10ff...p/RdxIE601.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802
-
July 12th, 2004, 04:29 AM
#14
Junior Member
i jsut ran adaware after updating it
-
July 12th, 2004, 06:52 AM
#15
aboutbuster to the rescue. Worked for me and should for you.
This program is made to remove all random.dll hijacks. What you have is a variant of the CoolWebSearch Program, unfotunately the creator of CWShredder is no longer supported by the author so this is a different program.
it can be downloaded from http://www.downloads.subratam.org/AboutBuster.zip
and here is a pretty well detailed document on how to use it.
http://www.pchell.com/support/onlythebest.shtml
Great program and should pretty well help you get rid of this pos.
Duct tape.....A whole lot of Duct Tape 
Spyware/Adaware problem click
here
-
July 12th, 2004, 03:50 PM
#16
This program is made to remove all random.dll hijacks
With all respect, no, it's not. It deals with one type of CWS only.
What you have is a variant of the CoolWebSearch Program, unfotunately the creator of CWShredder is no longer supported by the author so this is a different program.
To put it more clearly, merijn will no longer be updating the shredder because the variants of CWS are getting so complex, no single tool can remove all instances. About:Buster is one of the new tools created to combat one specific variant of CWS;however, it is still not 100% effective, and still needs to be coupled with manual removal.
While this is one method of combating it, these instructions fail to mention that if you had spybot on your system, one of it's essential .dll's has been erased. The instructions are incomplete.
cvguy, the first part of the instructions were there for a reason, not as an option. I knew before you even said anything that you had only run Adaware, or the number in the following line: res://auyyb.dll/index.html#27063 would have been different.
-
July 12th, 2004, 04:58 PM
#17
Junior Member
okay theres 2 services. One's called Network Security Service and Network Security Service (NSS)
i stopped and disabled the Network Security Service but now its gone, can i find it again to get its path?
-
July 12th, 2004, 05:46 PM
#18
Junior Member
hoookay. issues i've encountered:
out of the given processes i could only find WebRebates0.exe and I would stop and it it would pop back up. if the CPU usage is 00 does that mean its stopped or not running? cause it would pop back up but have 00 CPU
out of those files i could only find WebRebates0 and there was also a WebRebates1
i tried deleting WebRebates0 but it wasnt allowed, and the Read-Only Attribute was already unchecked.
I ran hijack this and now instead of "res://gwcya.dll/inex.html#27063" it reads "res://C:\WINDOWS\lgeae.dll/sp.html#27063" << and also since before u said that it was obvious i didn't do the first part because those numbers would be different. they're the same. what am i doing wrong? hah or am i doing anything right?
how do i "fix" those entried u listed?
anyway this is what hijack this reads now if it helps any. thanks so much for the help even if it is seemingly hopeless.
Logfile of HijackThis v1.98.0
Scan saved at 9:42:42 AM, on 7/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sysud.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\system32\ipzu.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\WINDOWS\System32\svchost.exe
C:\Downloaded Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = no
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lgeae.dll/sp.html#27063
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lgeae.dll/index.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lgeae.dll/index.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lgeae.dll/sp.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lgeae.dll/sp.html#27063
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lgeae.dll/index.html#27063
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\http://www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9CAD02CC-BB43-75C0-802F-FB2C2F6800B4} - C:\WINDOWS\crqt32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sysud.exe] C:\WINDOWS\sysud.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [ipzu.exe] C:\WINDOWS\system32\ipzu.exe
O4 - HKLM\..\RunOnce: [d3bd.exe] C:\WINDOWS\d3bd.exe
O4 - HKLM\..\RunOnce: [crba.exe] C:\WINDOWS\system32\crba.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...6/sdcregie.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23ea10ff...p/RdxIE601.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802
-
July 12th, 2004, 05:53 PM
#19
/me bows shudderingly before the all mighty groovicus the Spyware God.
Guess I spoke too soon, you heard the man speak and ill humbly let him help you out again 
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
here
-
July 12th, 2004, 10:57 PM
#20
/me bows shudderingly before the all mighty groovicus the Spyware God.
lmao...nope, I'm just a lowly footsoldier. Meeeeeeeeee is the spyware god, and grinler, and sumdumguy, now we're talking some talented people there.
I can appreciate that people want to help. There is a huge need for many more. I wish people would spend a little time learning to identify the malware before recommending fixes though. It's not that hard. I'd also rather see an untouched log first, because then I can follow from point a to point b. When I come in at point c or point z, by then I don't know what is going on, or what has happened before, and things get broken.
I don't like using about:buster though, because it seems to take more attempts in removing everything, even though many others seem to use it quite successfully...in a case like this, it is warranted to give it a try.
cvqguy, if you have not rebooted since posting the last log, please let us know, otherwise, you (once again) will have to put up a new log. Once you do that, please do not reboot until we get you through the steps....
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote