Jump to content


Photo

pop-ups HELP


  • Please log in to reply
17 replies to this topic

#1 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 12 July 2004 - 08:47 PM

I posted before in another but didn't get an answer yet. I recently downloaded "lochjournal" a program for livejournal, and since then I have been getting massive pop-ups. I disabled the program. I switched my internet options settings, ran ad-aware, stinger, and Spybot search & destroy. I also downloaded the programs spyware blaster and browser hijack blaster and ie-spyads, and went to windows updates. I tried switching from Microsoft Java to Sun Java - but I couldn't figure out how. I may just end up switching browsers. So basically, none of this has helped, although since I switched my internet options, most of the pop-up pages do not load, but still pop-up. Is there anything else I can do???

#2 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 12 July 2004 - 09:19 PM

Ok, I just downloaded Mozilla Firefox and within the first minutes of using it- POP-UPS!!!!!!! from the same sites as before, even though they are not shown (the sites do not load), they are still popping up!!! WTF???!!!! someone help me!!!!

p.s. I also switched my Outlook Express options so it wouldn't get the preview.

Edited by clueless567, 12 July 2004 - 09:27 PM.


#3 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 14 July 2004 - 08:32 AM

Hi, Please download HijackThis v1.98 here.
Unzip to a convenient permanent folder, for example: C:/HiJackThis/HiJackThis.exe
Double click HijackThis.exe, and hit "Scan". The scan button will turn into "Save Log" copy and paste the fresh log here...

Please do not attempt to "Fix" anything yet as we need to see the entire log and most of it will be harmless and even essential to the running of your computer.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#4 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 14 July 2004 - 04:22 PM

EDIT: PLEASE GO TO THE NEXT POST FOR ANOTHER LOG... I REALIZED I HAD TO UPDATE ADAWARE FIRST. SORRY!! I HOPE THAT WASN'T MY PROB - NEVERMIND, I JUST GOT ANOTHER POP-UP.

Logfile of HijackThis v1.98.0
Scan saved at 5:21:45 PM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\WINDOWS\system32\monitorbk.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lauren\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: iGive - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm (file missing) (HKCU)
O9 - Extra button: Advisor - {FAF4D0D2-21A1-4EEE-9FBC-EA9FAD9C86AA} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.24...va/cfs40301.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...ius/ext360.html
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/...lesilent610.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab

Edited by clueless567, 14 July 2004 - 04:49 PM.


#5 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 14 July 2004 - 04:46 PM

Logfile of HijackThis v1.98.0
Scan saved at 5:46:35 PM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\WINDOWS\system32\monitorbk.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lauren\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: iGive - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm (file missing) (HKCU)
O9 - Extra button: Advisor - {FAF4D0D2-21A1-4EEE-9FBC-EA9FAD9C86AA} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.24...va/cfs40301.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...ius/ext360.html
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/...lesilent610.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab

#6 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 15 July 2004 - 08:14 AM

Hello Lauren

You have a version of Look2Me but we need to find out which one so we can treat it with the right tool.

Download vx2finder from here http://download.broa...Finder(126).exe and run it. Hit 'click to find vx2betterinternet'. When its finished click 'make log'. Copy and paste the results in this thread.

Close all other windows except for hijackthis, perform a scan and put a check against the following items and click 'fix checked'.

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab

This item is considered to be a resource hog that is not needed and it may be worthwhile to fix it with HJT. You will still be able to start it manually if you need it...
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Reboot and post a fresh Hijackthis log as well

can you also tell me if you installed this?
C:\Program Files\iGiveShoppingWindow

Edited by Scoff, 15 July 2004 - 08:21 AM.

Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#7 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 15 July 2004 - 11:32 AM

Log for VX2.BetterInternet File Finder (msg126)

Files Found---
C:\WINDOWS\System32\6ao4svc.dll
C:\WINDOWS\System32\6bo4svc.dll
C:\WINDOWS\System32\6mo4svc.dll
C:\WINDOWS\System32\6qo4svc.dll
C:\WINDOWS\System32\6ro4svc.dll
C:\WINDOWS\System32\6zo4svc.dll
C:\WINDOWS\System32\ahmparse.dll
C:\WINDOWS\System32\aoledit.dll
C:\WINDOWS\System32\apctres.dll
C:\WINDOWS\System32\apledit.dll
C:\WINDOWS\System32\asaamon.dll
C:\WINDOWS\System32\axaamon.dll
C:\WINDOWS\System32\axlui.dll
C:\WINDOWS\System32\azledit.dll

Additional Files---
C:\WINDOWS\System32\spOrder.dll

Keys Under Notify---crypt32chain
Keys Under Notify---cryptnet
Keys Under Notify---cscdll
Keys Under Notify---NavLogon
Keys Under Notify---ScCertProp
Keys Under Notify---Schedule
Keys Under Notify---sclgntfy
Keys Under Notify---SensLogn
Keys Under Notify---termsrv
Keys Under Notify---Userinstallable.drivers
Keys Under Notify---wlballoon


Guardian Key--- is called: Userinstallable.drivers
Asynchronous 000
DllName C:\WINDOWS\system32\axaamon.dll
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Version 126
ID {D1FB0AB6-1F14-4ECC-A9D4-F55C529B947C}
IDex DS3

User Agent String---
{D1FB0AB6-1F14-4ECC-A9D4-F55C529B947C}

#8 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 15 July 2004 - 11:42 AM

Logfile of HijackThis v1.98.0
Scan saved at 12:41:16 PM, on 7/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\WINDOWS\system32\monitorbk.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Documents and Settings\Lauren\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: iGive - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm (file missing) (HKCU)
O9 - Extra button: Advisor - {FAF4D0D2-21A1-4EEE-9FBC-EA9FAD9C86AA} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.24...va/cfs40301.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...ius/ext360.html
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/...lesilent610.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

#9 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 15 July 2004 - 11:43 AM

I did download Igive shopping window. They are an online shopping thingy where you shop through their shopping window and part of the purchase is donated to a charity. I'm not sure how safe it is, but a lot of the rescues/charities I know use it.

You can also shop by clicking a link to an online retailer via their site, www.igive.com. maybe that would be safer.

Edited by clueless567, 15 July 2004 - 11:44 AM.


#10 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 15 July 2004 - 09:38 PM

Hi, now I'm having some kind of problem on one webpage w/ my Java or something. (I'm very dumb, please talk s-l-o-w) I think it has to do w/ the quicktime thingymabob that I deleted or checked or something before, remember: "This item is considered to be a resource hog that is not needed and it may be worthwhile to fix it with HJT. You will still be able to start it manually if you need it...
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime"
this problem itself is not urgent luckily. I would like the pop-ups to go away though.

#11 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 15 July 2004 - 09:48 PM

All that fixing that 04 line means is that Quick Time media player now doesn't run in the background when you start up. This is an unrelated problem, I was planning to sort out your sun java when we've finished. but try the tutorial from this link in the meantime. Any problems with it and I'll see if I can find some more details for you.

http://www.spywarein...instmsjava.html

I'm sorting out what from Look2Me needs deleteing that should stop the popups - I want to do some double checking first as you've got the new strain and this is a new tool that has a slightly different procedure to use.

Back soon...

Edited by Scoff, 15 July 2004 - 10:08 PM.

Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#12 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 15 July 2004 - 10:05 PM

Sign off and stay off the internet until this entire procedure is complete.

Open VX2Finder again and click on the *click to find VX2.BetterInternet* button.

Then select the *Delete these files* button.
You will be left with notice about one to be deleted on reboot.
It will ask to reboot on deletion of the last file (Reboot)

Once back in Windows

Open VX2Finder again and click on these buttons in the right pane:

user agent, Guardian.reg, restore policy

Exit and reboot.

Run Vx2Finder once more and click on the *click to find VX2.BetterInternet* button. Then click *make log*.

Post it here with a fresh HijackThis log please.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#13 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 18 July 2004 - 09:43 PM

Hi, thanks so much Scoff for your reply. Sorry it's been a few days - been busy w/ a guinea pig rescue. :)
Anyway, I was trying to follow your helpful advice but I wasn't sure which files I was supposed to delete on the VX2Finder. Maybe it's all of them but I want to check before I screw something up!! Thanks.

Sign off and stay off the internet until this entire procedure is complete.

Open VX2Finder again and click on the *click to find VX2.BetterInternet* button.

Then select the *Delete these files* button.
You will be left with notice about one to be deleted on reboot.
It will ask to reboot on deletion of the last file (Reboot)


Edited by clueless567, 18 July 2004 - 09:46 PM.


#14 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 18 July 2004 - 10:13 PM

No worries. Yes, delete them all - they should appear in the bottom window. It won't delete one of them until you reboot. The old version of the tool you had to manually select the files.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#15 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 18 July 2004 - 10:29 PM

ok, I deleted the files but I wasn't prompted to reboot??? Here is a Hijack This file if it will help...

Logfile of HijackThis v1.98.0
Scan saved at 11:27:33 PM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\monitorbk.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Documents and Settings\Lauren\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: iGive - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - file://C:\Program Files\iGiveShoppingWindow\System\Temp\igive_script2.htm (file missing) (HKCU)
O9 - Extra button: Advisor - {FAF4D0D2-21A1-4EEE-9FBC-EA9FAD9C86AA} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.24...va/cfs40301.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...ius/ext360.html
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/...lesilent610.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

#16 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 19 July 2004 - 01:56 AM

Looks ok apart from fix these with HJT

R3 - Default URLSearchHook is missing

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...ius/ext360.html
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/...lesilent610.cab


Run VX2Finder again and make another log and post it here to check if look2me is cleared.

Edited by Scoff, 19 July 2004 - 02:51 AM.

Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#17 clueless567

clueless567

    i love my rats

  • Full Member
  • Pip
  • 14 posts

Posted 22 July 2004 - 03:44 PM

oops didn't see Scoff's post. nevermind...

Edited by clueless567, 22 July 2004 - 03:45 PM.


#18 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 22 July 2004 - 05:24 PM

did that fix ok? nothing in the vx2 log?
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button