• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
tojomo

Jumping About:Blank DLL

12 posts in this topic

I followed the advice that is given again and again on this forum.... Safe mode-hijack this-delete/fix R1's RO's Offending DLL's and and O5-7's... I also get rid of O18's because they always are about offending dll-then ad-aware- then spyware s&d-cwshreder. Then I reboot and cheer. the hijack is gone... for about half a day. Unfortunatly it comes back. Same page different dll. these are the dlls so far and none are in the hijack database:

res://C:\WINDOWS\System32\dabkpi.dll/

res://C:\WINDOWS\System32\lac.dll/

res://C:\WINDOWS\System32\adlpfa.dll

 

here is my current hijackthis log:

Logfile of HijackThis v1.98.0

Scan saved at 11:03:54 AM, on 7/12/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

C:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRUN.EXE

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\Program Files\ATI Multimedia\main\ATISched.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Creative\ShareDLL\Mediadet.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

E:\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTPLAY2.EXE

C:\WINDOWS\system32\CTPDESRV.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {B9E241D1-7163-44D8-9745-5EBD05ED4891} - C:\WINDOWS\System32\adlpfa.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRUN.EXE"

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: HotSync Manager.lnk = E:\Palm\HOTSYNC.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download the &current page with Offline Explorer - file://E:\Program Files\Offline Explorer enterprise\Add_AllO.htm

O8 - Extra context menu item: Download using Offline &Explorer - file://E:\Program Files\Offline Explorer enterprise\Add_UrlO.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06a6030ead8a3b...ip/RdxIE601.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O18 - Filter: text/html - {C16876FD-34B0-411B-AF44-D7281DEB3AA8} - C:\WINDOWS\System32\adlpfa.dll

O18 - Filter: text/plain - {C16876FD-34B0-411B-AF44-D7281DEB3AA8} - C:\WINDOWS\System32\adlpfa.dll

 

 

Thanks for all your help.

Share this post


Link to post
Share on other sites

Download and install :

 

"FINDnFIX.exe" from http://freeatlast100.100free.com/FINDnFIX.exe or http://downloads.subratam.org/FINDnFIX.exe

 

Run the "!LOG!.bat" file, wait for the final output (log.txt)

post the results....

 

Regards

Share this post


Link to post
Share on other sites

The program is currently unavailable. We will get rid of it some other way. I´m working on your log.Sorry for the delay,

Edited by mmxx66

Share this post


Link to post
Share on other sites

Accidental post

Edited by mmxx66

Share this post


Link to post
Share on other sites

You have a hijack which can be removed using CWShredder but will be reinstalled by a hidden file. So first we have to find the hidden file and remove it.

 

Copy the contents of the quote box to Notepad.

Name the file Appinit.bat

Save as type All Files

Save on the Desktop.

 

Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv

ren windows1.hiv windows.txt

 

Double click on Appinit.bat

This will create a file on the desktop named windows.txt

 

Double click on the windows.txt file to open and copy and paste the entire contents into a reply to this post. The text will look funny but that is ok.

Share this post


Link to post
Share on other sites

Here is the contents of my windows.txt (created by your Appinit.bat):

regf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Pugf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                hbin                          ¨ÿÿÿnk, òk2 k_Ä    ÿÿÿÿ        ÿÿÿÿÿÿÿÿ  @  x  ÿÿÿÿ        0  >  o w   Windows Èþÿÿsk  x  x      ”           ì

            ! 

    €        !            # 

    €        #    ?          

                ?        

            ?          

                                Øÿÿÿvk  >  Ø    fùAppInit_DLLsÖ?æG¸ÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ s q l n i i . d l l  4 2 -   °  Ðÿÿÿvk   X    ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5  Ø(ÍWðÿÿÿ9 0    ! Ðÿÿÿvk   €'    zGDIProcessHandleQuota"þàÿÿÿvk   È    °ºSpooler2ðÿÿÿy e s  À   °  (  x  ¨  ð  àÿÿÿvk   €      =pswapdiskÐÿÿÿvk   h    R¿TransmissionRetryTimeoutàÿÿÿ°  (  x  ¨  ð    `  Ðÿÿÿvk   €'      USERProcessHandleQuota  p                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             

Share this post


Link to post
Share on other sites

Please follow these steps:

 

Step 1:

Go to Folder Options> View

 

Scroll to the bottom of the list to find the box labeled:

Use Simple File Sharing(Recommended)

Remove the check from that box and press ok.

 

Step 2:

 

Download CWShredder from this link:

http://www.spywareinfo.com/downloads/tools/CWShredder.exe

 

Save that file somewhere as we will use it later.

 

Step 3:

 

Download this file and then immediately sign off the

internet and stay off until all steps are finished.

 

 

The file to download is here:

 

http://computercops.biz/modules.php?name=F...ownload&id=1183

 

Extract the batch file (hiving.bat) and run it. If you have script blocking enabled you will get a warning. Please allow this to run. The script is just producing a message box.

 

After a reboot the super hidden nasty file will no longer be loaded and will be visible. This will end the constant reinstall of about:Blank.

 

Step 4:

 

Restart the Computer.

 

Find this file:

c:\windows\system32\sqlnii.dll

 

Use the security tab on sqlnii.dll and take ownership.

Change the 'everyone special' to

'you> with Admin rights-> FULL control

Then try to delete it, if that fails try to rename

it first to different name+ext.

 

Example:

sqlnii.dll>bleh.txt

bleh.txt > badfile.111

 

Please zip that file and store it somewhere as I would like you to email it to me.

 

Now delete the original file.

 

Step 5:

 

Extract and Run CWShredder immediately.

Press the fix button to clean.

 

Restart and run hijackThis again.

Post your new log here in your next reply.

 

Also please create a new Windows.txt and post it again so I can check it

Share this post


Link to post
Share on other sites

That seems to have done it. I left my computer on for a day now, using internet explorer through out and it has not reverted. As requested below is my hijack this log from after the fix. I want to thank you soo much. Your hard work and diligence is much apreciated.

Logfile of HijackThis v1.98.0

Scan saved at 10:40:08 AM, on 7/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\hijackthis\HijackThis.exe

 

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRUN.EXE"

O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play

O4 - Global Startup: HotSync Manager.lnk = E:\Palm\HOTSYNC.EXE

O8 - Extra context menu item: Download the &current page with Offline Explorer - file://E:\Program Files\Offline Explorer enterprise\Add_AllO.htm

O8 - Extra context menu item: Download using Offline &Explorer - file://E:\Program Files\Offline Explorer enterprise\Add_UrlO.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06a6030ead8a3b...ip/RdxIE601.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

tojomo

Share this post


Link to post
Share on other sites

Good job!

You´re almost done.

close all open windows AND browsers and check these items for HJT to fix:

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06a6030ead8a3b...ip/RdxIE601.cab

 

You have RealPlayer running at Startup and this is not necessary. You can fix this with HJT, but you will also need to set it not to load in RealPlayer itself to keep it from resetting itself. This is the item to fix in HJT:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

Is your notepad.exe working right?

 

Send the file here

 

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

 

And also see TonyKlein's good advice

So how did I get infected in the first place?

 

Good luck :D

Edited by mmxx66

Share this post


Link to post
Share on other sites

Hi, i am having trouble with my mouse. I installed the software called Lime Wire which is basically a P2P download program and since then, my mouse has been wandering around the screen by itself sometimes. Even when i uninstalled it, there was no difference.

I got a brand new mouse and XP installed the drivers itself. I now think it is a virus. When it wanders around, it normally goes straight to the X button or to Start. This is really annoying especially when you havent saved your work and the cursor moves towards the X button and the window closes. I have tried Norton Antivirus but it doesnt pick it up even though i have installed all the latest updates.

 

PLEASE HELP ME. THANKS.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0