• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
clueless567

pop-ups HELP

18 posts in this topic

I posted before in another but didn't get an answer yet. I recently downloaded "lochjournal" a program for livejournal, and since then I have been getting massive pop-ups. I disabled the program. I switched my internet options settings, ran ad-aware, stinger, and Spybot search & destroy. I also downloaded the programs spyware blaster and browser hijack blaster and ie-spyads, and went to windows updates. I tried switching from Microsoft Java to Sun Java - but I couldn't figure out how. I may just end up switching browsers. So basically, none of this has helped, although since I switched my internet options, most of the pop-up pages do not load, but still pop-up. Is there anything else I can do???

Share this post


Link to post
Share on other sites

Ok, I just downloaded Mozilla Firefox and within the first minutes of using it- POP-UPS!!!!!!! from the same sites as before, even though they are not shown (the sites do not load), they are still popping up!!! WTF???!!!! someone help me!!!!

 

p.s. I also switched my Outlook Express options so it wouldn't get the preview.

Edited by clueless567

Share this post


Link to post
Share on other sites

Hi, Please download HijackThis v1.98 here.

Unzip to a convenient permanent folder, for example: C:/HiJackThis/HiJackThis.exe

Double click HijackThis.exe, and hit "Scan". The scan button will turn into "Save Log" copy and paste the fresh log here...

 

Please do not attempt to "Fix" anything yet as we need to see the entire log and most of it will be harmless and even essential to the running of your computer.

Share this post


Link to post
Share on other sites

EDIT: PLEASE GO TO THE NEXT POST FOR ANOTHER LOG... I REALIZED I HAD TO UPDATE ADAWARE FIRST. SORRY!! I HOPE THAT WASN'T MY PROB - NEVERMIND, I JUST GOT ANOTHER POP-UP.

 

Logfile of HijackThis v1.98.0

Scan saved at 5:21:45 PM, on 7/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\NavNT\vptray.exe

C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

C:\WINDOWS\system32\monitorbk.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\WINDOWS\webshots.scr

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Lauren\My Documents\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=1c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirect...&c=1c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: iGive - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm (file missing) (HKCU)

O9 - Extra button: Advisor - {FAF4D0D2-21A1-4EEE-9FBC-EA9FAD9C86AA} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409

O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.240:8000/Java/cfs40301.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...ius/ext360.html

O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

Edited by clueless567

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 5:46:35 PM, on 7/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\NavNT\vptray.exe

C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

C:\WINDOWS\system32\monitorbk.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\WINDOWS\webshots.scr

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Lauren\My Documents\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=1c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirect...&c=1c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: iGive - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm (file missing) (HKCU)

O9 - Extra button: Advisor - {FAF4D0D2-21A1-4EEE-9FBC-EA9FAD9C86AA} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409

O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.240:8000/Java/cfs40301.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...ius/ext360.html

O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

Share this post


Link to post
Share on other sites

Hello Lauren

 

You have a version of Look2Me but we need to find out which one so we can treat it with the right tool.

 

Download vx2finder from here http://download.broadbandmedic.com/VX2Finder(126).exe and run it. Hit 'click to find vx2betterinternet'. When its finished click 'make log'. Copy and paste the results in this thread.

 

Close all other windows except for hijackthis, perform a scan and put a check against the following items and click 'fix checked'.

 

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

 

This item is considered to be a resource hog that is not needed and it may be worthwhile to fix it with HJT. You will still be able to start it manually if you need it...

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

 

Reboot and post a fresh Hijackthis log as well

 

can you also tell me if you installed this?

C:\Program Files\iGiveShoppingWindow

Edited by Scoff

Share this post


Link to post
Share on other sites

Log for VX2.BetterInternet File Finder (msg126)

 

Files Found---

C:\WINDOWS\System32\6ao4svc.dll

C:\WINDOWS\System32\6bo4svc.dll

C:\WINDOWS\System32\6mo4svc.dll

C:\WINDOWS\System32\6qo4svc.dll

C:\WINDOWS\System32\6ro4svc.dll

C:\WINDOWS\System32\6zo4svc.dll

C:\WINDOWS\System32\ahmparse.dll

C:\WINDOWS\System32\aoledit.dll

C:\WINDOWS\System32\apctres.dll

C:\WINDOWS\System32\apledit.dll

C:\WINDOWS\System32\asaamon.dll

C:\WINDOWS\System32\axaamon.dll

C:\WINDOWS\System32\axlui.dll

C:\WINDOWS\System32\azledit.dll

 

Additional Files---

C:\WINDOWS\System32\spOrder.dll

 

Keys Under Notify---crypt32chain

Keys Under Notify---cryptnet

Keys Under Notify---cscdll

Keys Under Notify---NavLogon

Keys Under Notify---ScCertProp

Keys Under Notify---Schedule

Keys Under Notify---sclgntfy

Keys Under Notify---SensLogn

Keys Under Notify---termsrv

Keys Under Notify---Userinstallable.drivers

Keys Under Notify---wlballoon

 

 

Guardian Key--- is called: Userinstallable.drivers

Asynchronous 000

DllName C:\WINDOWS\system32\axaamon.dll

Impersonate 000

Logon WinLogon

Logoff WinLogoff

Version 126

ID {D1FB0AB6-1F14-4ECC-A9D4-F55C529B947C}

IDex DS3

 

User Agent String---

{D1FB0AB6-1F14-4ECC-A9D4-F55C529B947C}

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 12:41:16 PM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\NavNT\vptray.exe

C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

C:\WINDOWS\system32\monitorbk.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Documents and Settings\Lauren\My Documents\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=1c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirect...&c=1c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: iGive - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm (file missing) (HKCU)

O9 - Extra button: Advisor - {FAF4D0D2-21A1-4EEE-9FBC-EA9FAD9C86AA} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409

O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.240:8000/Java/cfs40301.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...ius/ext360.html

O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Share this post


Link to post
Share on other sites

I did download Igive shopping window. They are an online shopping thingy where you shop through their shopping window and part of the purchase is donated to a charity. I'm not sure how safe it is, but a lot of the rescues/charities I know use it.

 

You can also shop by clicking a link to an online retailer via their site, www.igive.com. maybe that would be safer.

Edited by clueless567

Share this post


Link to post
Share on other sites

Hi, now I'm having some kind of problem on one webpage w/ my Java or something. (I'm very dumb, please talk s-l-o-w) I think it has to do w/ the quicktime thingymabob that I deleted or checked or something before, remember: "This item is considered to be a resource hog that is not needed and it may be worthwhile to fix it with HJT. You will still be able to start it manually if you need it...

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime"

this problem itself is not urgent luckily. I would like the pop-ups to go away though.

Share this post


Link to post
Share on other sites

All that fixing that 04 line means is that Quick Time media player now doesn't run in the background when you start up. This is an unrelated problem, I was planning to sort out your sun java when we've finished. but try the tutorial from this link in the meantime. Any problems with it and I'll see if I can find some more details for you.

 

http://www.spywareinfo.com/~merijn/uninstmsjava.html

 

I'm sorting out what from Look2Me needs deleteing that should stop the popups - I want to do some double checking first as you've got the new strain and this is a new tool that has a slightly different procedure to use.

 

Back soon...

Edited by Scoff

Share this post


Link to post
Share on other sites

Sign off and stay off the internet until this entire procedure is complete.

 

Open VX2Finder again and click on the *click to find VX2.BetterInternet* button.

 

Then select the *Delete these files* button.

You will be left with notice about one to be deleted on reboot.

It will ask to reboot on deletion of the last file (Reboot)

 

Once back in Windows

 

Open VX2Finder again and click on these buttons in the right pane:

 

user agent, Guardian.reg, restore policy

 

Exit and reboot.

 

Run Vx2Finder once more and click on the *click to find VX2.BetterInternet* button. Then click *make log*.

 

Post it here with a fresh HijackThis log please.

Share this post


Link to post
Share on other sites

Hi, thanks so much Scoff for your reply. Sorry it's been a few days - been busy w/ a guinea pig rescue. :)

Anyway, I was trying to follow your helpful advice but I wasn't sure which files I was supposed to delete on the VX2Finder. Maybe it's all of them but I want to check before I screw something up!! Thanks.

 

Sign off and stay off the internet until this entire procedure is complete.

 

Open VX2Finder again and click on the *click to find VX2.BetterInternet* button.

 

Then select the *Delete these files* button.

You will be left with notice about one to be deleted on reboot.

It will ask to reboot on deletion of the last file (Reboot)

Edited by clueless567

Share this post


Link to post
Share on other sites

No worries. Yes, delete them all - they should appear in the bottom window. It won't delete one of them until you reboot. The old version of the tool you had to manually select the files.

Share this post


Link to post
Share on other sites

ok, I deleted the files but I wasn't prompted to reboot??? Here is a Hijack This file if it will help...

 

Logfile of HijackThis v1.98.0

Scan saved at 11:27:33 PM, on 7/18/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\NavNT\vptray.exe

C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\monitorbk.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Documents and Settings\Lauren\My Documents\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=1c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirect...&c=1c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: iGive - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm (file missing) (HKCU)

O9 - Extra button: Advisor - {FAF4D0D2-21A1-4EEE-9FBC-EA9FAD9C86AA} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409

O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.240:8000/Java/cfs40301.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...ius/ext360.html

O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Share this post


Link to post
Share on other sites

Looks ok apart from fix these with HJT

 

R3 - Default URLSearchHook is missing

 

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...ius/ext360.html

O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab

 

Run VX2Finder again and make another log and post it here to check if look2me is cleared.

Edited by Scoff

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0