• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jdmchucky17

need to get rid of this

10 posts in this topic

After I somehow got this thing into my computer called "begin2search" I have been getting a lot of popups and highlighted words all over my webpages that I surf to. If I right click the highlighted word and click properties it will most likely refer to a begin2search url. Then, if I do click the highlight word then begin2search searches the word for me and finds all this information on it. Weird, because the word "computer" in the first sentence of this post is already highlighted. I have been getting a lot of popups recently also. I have already tried to get rid of this with ad-aware, but nothing has happened. Please help.

 

Logfile of HijackThis v1.98.0

Scan saved at 3:16:36 AM, on 7/11/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\PROGRA~1\DAP\DAP.EXE

C:\Program Files\WindowsSA\omniscient.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\tpmchz.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\sony\giga pocket\usbsircs.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Sony\giga pocket\GPVSvr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

c:\program files\mcafee.com\agent\mcagent.exe

D:\Programs\Steam\Steam.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Programs\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com

R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll

O2 - BHO: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O3 - Toolbar: (no name) - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - (no file)

O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server

O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [WinFavorites] C:\Program Files\WinFavorites\WinFavorites.exe1

O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\ilkkazra.exe

O4 - HKLM\..\Run: [egnzrwig] C:\WINDOWS\aslyhbxi.exe

O4 - HKLM\..\Run: [belt] C:\WINDOWS\Belt.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MELIS] C:\WINDOWS\melis.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [ktutgn] C:\WINDOWS\ktutgn.exe

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKLM\..\Run: [WinampAgent] D:\Programs\Winamp\winampa.exe

O4 - HKLM\..\Run: [xspque] C:\WINDOWS\System32\tpmchz.exe

O4 - HKLM\..\Run: [aTuner] D:\Programs\aTuner\aTuner.exe -autostart

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [steam] D:\Programs\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [spyKiller] D:\Programs\SpyKiller\spykiller.exe /startup

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://www.netmarble.net/game/NMStarter15.cab

O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_40/QDow.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinsthdlk.cab

O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://www.hangame.com/bar/HGAgentClient.cab

O16 - DPF: {5BD43B68-56AF-4863-B168-3E0781C3339E} (YNKGAME Control) - file://D:\Programs\Seals\SealOnlineOpenBeta\driver_setup\YNKGAME.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50144/QDow_AS2.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab

O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://download.netmarble.com/NMChatX/NMChatX.cab

O16 - DPF: {E9FD51D0-DC39-4f93-A67D-CC2F3A8B3B91} (HSNotifyApp) - http://calvary.pcts.ac.kr:8088/hsnotifyapp.cab

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DCD44BD-054F-4016-9242-67FF236776B2}: NameServer = 38.9.212.2,38.9.213.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBAC7100-47B6-4A40-AAE7-7CB064FD877E}: NameServer = 206.141.192.60 206.141.193.55

Share this post


Link to post
Share on other sites

Hi there,

 

You may want to print this first

 

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

NOTE THE OPTIONAL FIXES

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com

R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

 

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll<<<<You are using DAP which is not technically malware, but it may include malware and allow it into your system. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlman To remove it, fix these items with HJT and then remove it in Add/Remove Programs....

 

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)<<<<You are running MyWebSearch (or MyBar). This is not technically malware, but it is thought to be bad by many experts and it will bring malware with it. There are safer alternatives available such as the Google toolbar. I recommend that you remove it. Here are the components to fix with HJT and you will need to remove the main program as well:

 

O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll

O2 - BHO: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

 

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll<<<<You are using DAP which is not technically malware, but it may include malware and allow it into your system. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlman To remove it, fix these items with HJT and then remove it in Add/Remove Programs....

 

O3 - Toolbar: (no name) - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - (no file)

O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server

O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [WinFavorites] C:\Program Files\WinFavorites\WinFavorites.exe1

O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\ilkkazra.exe

O4 - HKLM\..\Run: [egnzrwig] C:\WINDOWS\aslyhbxi.exe

O4 - HKLM\..\Run: [belt] C:\WINDOWS\Belt.exe

O4 - HKLM\..\Run: [MELIS] C:\WINDOWS\melis.exe

 

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP<<<<You are using DAP which is not technically malware, but it may include malware and allow it into your system. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlman To remove it, fix these items with HJT and then remove it in Add/Remove Programs....

 

O4 - HKLM\..\Run: [ktutgn] C:\WINDOWS\ktutgn.exe

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKLM\..\Run: [xspque] C:\WINDOWS\System32\tpmchz.exe

 

 

O4 - HKCU\..\Run: [spyKiller] D:\Programs\SpyKiller\spykiller.exe /startup<<<<You are running SpyHunter (or Spykiller). This is a program that advertises itself as removing spyware, but it apparently gives false positives to get you to buy it and then does a miserable job. Some even thing that it may install malware. I recommend that you remove it in Add/Remove Programs. See this post for details about these programs:

http://www.safer-networking.org/index.php?...tail=2004-02-05

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present<<<<IF YOU SET THIS LEAVE IT, IF NOT, FIX IT

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present<<<<IF YOU SET THIS LEAVE IT, IF NOT, FIX IT

 

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm<<<<You are using DAP which is not technically malware, but it may include malware and allow it into your system. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlman To remove it, fix these items with HJT and then remove it in Add/Remove Programs....

 

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm<<<<You are using DAP which is not technically malware, but it may include malware and allow it into your system. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlman To remove it, fix these items with HJT and then remove it in Add/Remove Programs....

 

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE<<<<You are using DAP which is not technically malware, but it may include malware and allow it into your system. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlman To remove it, fix these items with HJT and then remove it in Add/Remove Programs....

 

O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_40/QDow.cab

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50144/QDow_AS2.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DCD44BD-054F-4016-9242-67FF236776B2}: NameServer = 38.9.212.2,38.9.213.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBAC7100-47B6-4A40-AAE7-7CB064FD877E}: NameServer = 206.141.192.60 206.141.193.55

 

Restart your computer in

Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

 

Not all or any of these may still show,

 

 

 

C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL<<<<Folder C:\WINDOWS\mxTarget.dll<<<<File

C:\Windows\System32\wsaupdater.exe<<<<File

C:\Program Files\WindowsSA\omniscient.exe<<<<Folder

C:\WINDOWS\System32\tpmchz.exe<<<<File

C:\WINDOWS\System32\winb2s32.dll<<<<File

C:\WINDOWS\2_0_1browserhelper2.dll<<<<File

C:\WINDOWS\Downloaded Program Files\bridge.dll<<<<File

C:\Program Files\DAP\DAPIEBar.dll<<<<Folder

c:\program files\support.com\client\bin\tgcmd.exe /server<<<<Folder

C:\Sonysys\cleanup.exe<<<<Folder

C:\WINDOWS\Downloaded Program Files\bridge.dll",Load<<<<File

C:\Program Files\WinFavorites\WinFavorites.exe1<<<<Folder

C:\WINDOWS\System32\ilkkazra.exe<<<<File

C:\WINDOWS\aslyhbxi.exe<<<<File

C:\WINDOWS\Belt.exe<<<<File

C:\WINDOWS\melis.exe<<<<File

C:\WINDOWS\ktutgn.exe<<<<File

C:\Program Files\WindowsSA\omniscient.exe<<<<Folder

C:\WINDOWS\System32\tpmchz.exe<<<<FileD:\Programs\SpyKiller\spykiller.exe /startup<<<<Folder

 

 

Reboot, then post a fresh logfile so that I can check to see if it is clean.

Share this post


Link to post
Share on other sites

I did what you told me to, except that I didn't delete most of the DAP stuff; however, my internet explorer seems to be running very smoothly, with no popups and no highlighted words. Thank you very much and here is what you wanted me to send.

 

Logfile of HijackThis v1.98.0

Scan saved at 2:47:30 PM, on 7/11/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\PROGRA~1\DAP\DAP.EXE

C:\WINDOWS\System32\tpmchz.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\WINDOWS\System32\ctfmon.exe

D:\Programs\Steam\Steam.exe

C:\Program Files\sony\giga pocket\usbsircs.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Sony\giga pocket\GPVSvr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

c:\program files\mcafee.com\agent\mcagent.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Programs\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [WinampAgent] D:\Programs\Winamp\winampa.exe

O4 - HKLM\..\Run: [aTuner] D:\Programs\aTuner\aTuner.exe -autostart

O4 - HKLM\..\Run: [mfzjkhkodq] C:\WINDOWS\System32\tpmchz.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [steam] D:\Programs\Steam\Steam.exe -silent

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://www.netmarble.net/game/NMStarter15.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinsthdlk.cab

O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://www.hangame.com/bar/HGAgentClient.cab

O16 - DPF: {5BD43B68-56AF-4863-B168-3E0781C3339E} (YNKGAME Control) - file://D:\Programs\Seals\SealOnlineOpenBeta\driver_setup\YNKGAME.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://download.netmarble.com/NMChatX/NMChatX.cab

O16 - DPF: {E9FD51D0-DC39-4f93-A67D-CC2F3A8B3B91} (HSNotifyApp) - http://calvary.pcts.ac.kr:8088/hsnotifyapp.cab

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBAC7100-47B6-4A40-AAE7-7CB064FD877E}: NameServer = 206.141.192.60 206.141.193.55

 

Thank you once again. This has been very convenient and you guys are someone that I can trust. Thank you.

Share this post


Link to post
Share on other sites

Hi there,

 

No problem about DAP that was an optional fix.

 

Almost there, these still need to be fixed.

 

Note the Optional fixes, please indicate to me if you are keeping them in your next post, thanks.

 

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

 

O4 - HKLM\..\Run: [mfzjkhkodq] C:\WINDOWS\System32\tpmchz.exe

 

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present<<<<<<<<IF YOU SET THIS LEAVE IT, IF NOT, FIX IT

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present<<<<<<<<IF YOU SET THIS LEAVE IT, IF NOT, FIX IT

 

 

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBAC7100-47B6-4A40-AAE7-

7CB064FD877E}: NameServer = 206.141.192.60 206.141.193.55<<<< This is

Ameritech Electronic Commerce<<< do you know of them, if so keep it.

 

 

Restart your computer in

Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

 

 

 

C:\WINDOWS\System32\tpmchz.exe<<<<File

 

 

Reboot, then post a fresh logfile so that I can check to see if it is clean.

Share this post


Link to post
Share on other sites

here is a fresh new log that i did. the only popup i have been getting lately is most ly just from opening up internet explorer, and just random popups here and there.

 

Logfile of HijackThis v1.98.0

Scan saved at 4:36:57 PM, on 7/17/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\sony\giga pocket\usbsircs.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Sony\giga pocket\GPVSvr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Programs\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [WinampAgent] D:\Programs\Winamp\winampa.exe

O4 - HKLM\..\Run: [aTuner] D:\Programs\aTuner\aTuner.exe -autostart

O4 - HKLM\..\Run: [mmksvxfslex] C:\WINDOWS\System32\tpmchz.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "d:\programs\steam\steam.exe" -silent

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://www.netmarble.net/game/NMStarter15.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinsthdlk.cab

O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://www.hangame.com/bar/HGAgentClient.cab

O16 - DPF: {5BD43B68-56AF-4863-B168-3E0781C3339E} (YNKGAME Control) - file://D:\Programs\Seals\SealOnlineOpenBeta\driver_setup\YNKGAME.cab

O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://download.netmarble.com/NMChatX/NMChatX.cab

O16 - DPF: {E9FD51D0-DC39-4f93-A67D-CC2F3A8B3B91} (HSNotifyApp) - http://calvary.pcts.ac.kr:8088/hsnotifyapp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBAC7100-47B6-4A40-AAE7-7CB064FD877E}: NameServer = 206.141.192.60 206.141.193.55

Share this post


Link to post
Share on other sites

Hi there,

 

Do this first,

 

Click Start, click Control Panel, and then double-click Add or Remove Programs "Change or Remove Programs"and Remove:

 

twain-tech (if it's there)

 

Next,

 

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

 

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

 

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

 

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [mmksvxfslex] C:\WINDOWS\System32\tpmchz.exe

 

From my last post

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present<<<I take it you set these, if not fix them

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present<<<<I take it you set these, if not fix them

 

Restart your computer in

Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

 

Not all or any of these may still show,

 

 

C:\WINDOWS\System32\tpmchz.exe<<<<FileC:\WINDOWS\systb.dll<<<<File

C:\WINDOWS\mxTarget.dll<<<<File

 

Reboot,

 

For this file you need to do this,

Start | Run (type) cmd

(type) cd\WINDOWS\Downloaded Program Files (press Enter)

(type) del bridge.dll (press Enter)

 

C:\WINDOWS\Downloaded Program Files\bridge.dll

 

Now post a fresh logfile so that I can check to see if it is clean.

Share this post


Link to post
Share on other sites

the only problem i had was that i couldn't delete bridge.dll. it said "access denied." what exactly is bridge.dll?

 

Logfile of HijackThis v1.98.0

Scan saved at 12:37:44 AM, on 7/18/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\sony\giga pocket\usbsircs.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Sony\giga pocket\GPVSvr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Programs\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [WinampAgent] D:\Programs\Winamp\winampa.exe

O4 - HKLM\..\Run: [aTuner] D:\Programs\aTuner\aTuner.exe -autostart

O4 - HKLM\..\Run: [mmksvxfslex] C:\WINDOWS\System32\tpmchz.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "d:\programs\steam\steam.exe" -silent

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://www.netmarble.net/game/NMStarter15.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinsthdlk.cab

O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://www.hangame.com/bar/HGAgentClient.cab

O16 - DPF: {5BD43B68-56AF-4863-B168-3E0781C3339E} (YNKGAME Control) - file://D:\Programs\Seals\SealOnlineOpenBeta\driver_setup\YNKGAME.cab

O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://download.netmarble.com/NMChatX/NMChatX.cab

O16 - DPF: {E9FD51D0-DC39-4f93-A67D-CC2F3A8B3B91} (HSNotifyApp) - http://calvary.pcts.ac.kr:8088/hsnotifyapp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBAC7100-47B6-4A40-AAE7-7CB064FD877E}: NameServer = 206.141.192.60 206.141.193.55

Share this post


Link to post
Share on other sites

Hi there,

 

bridge.dll.......this is Adware by Flingstone

 

Lets try it this way,

 

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

 

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

 

Next,

 

For this file you need to do this,

Start | Run (type) cmd

(type) cd\WINDOWS\Downloaded Program Files (press Enter)

(type) del bridge.dll (press Enter)

 

 

Reboot, then post a fresh log.

Share this post


Link to post
Share on other sites

i haven't gotten any popups lately. first of all, i'd just like to say thank you very much. you have been a very big help and most of my popups and what not are pretty much gone. thsi is my latest log:

 

Logfile of HijackThis v1.98.0

Scan saved at 1:11:22 PM, on 7/20/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\sony\giga pocket\usbsircs.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Sony\giga pocket\GPVSvr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

D:\Programs\Steam\Steam.exe

C:\Program Files\AIM\aim.exe

D:\Programs\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [WinampAgent] D:\Programs\Winamp\winampa.exe

O4 - HKLM\..\Run: [aTuner] D:\Programs\aTuner\aTuner.exe -autostart

O4 - HKLM\..\Run: [mmksvxfslex] C:\WINDOWS\System32\tpmchz.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "d:\programs\steam\steam.exe" -silent

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://www.netmarble.net/game/NMStarter15.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinsthdlk.cab

O16 - DPF: {5BD43B68-56AF-4863-B168-3E0781C3339E} (YNKGAME Control) - file://D:\Programs\Seals\SealOnlineOpenBeta\driver_setup\YNKGAME.cab

O16 - DPF: {E9FD51D0-DC39-4f93-A67D-CC2F3A8B3B91} (HSNotifyApp) - http://calvary.pcts.ac.kr:8088/hsnotifyapp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBAC7100-47B6-4A40-AAE7-7CB064FD877E}: NameServer = 206.141.192.60 206.141.193.55

Share this post


Link to post
Share on other sites

Hi there,

 

Ok, apart from DAP, that you have decided to keep, your log is now clean.

 

 

To provide future protection - download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

 

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download

Here

Both are very small free programs that you run once, and then just weekly to check for updates.

 

And also see

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0