• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
hyungbak

Unwantd Pop-ups

6 posts in this topic

I would appreciate any help removing pop-ups which continue despite all my efforts.

 

I have read through the Administrators' post and tried what I can, but to be frank, I don't understand some of it. Below please find my logfile from HijackThis.

 

Again, any help in deciphering it would be appreciated. Thank you.

 

Logfile of HijackThis v1.97.7

Scan saved at 11:40:14 AM, on 7/18/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\Program Files\NavNT\defwatch.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\vnxserv.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\BRMFRSMG.EXE

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\WINDOWS\DELLMMKB.EXE

C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

C:\Program Files\CyberArmor\casvc.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\NavNT\vptray.exe

C:\PROGRA~1\CYBERA~1\pcshelp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\Program Files\Forbes\ForbesAlerts.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Microsoft Works\MSWorks.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Catherine\Local Settings\Temporary Internet Files\Content.IE5\W56NSHQ7\HijackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [CyberArmorHelper] C:\PROGRA~1\CYBERA~1\pcshelp.exe -check

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Cache Cleaner] C:\Program Files\Neoteris\Cache Cleaner\dsCacheCleaner.exe -action delete

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: PD (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://webaccess.sullcrom.com/dana-cached/...oterisSetup.cab

O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7471.4530092593

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0312.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC308918-A0B1-4C17-A8A3-9EA3B2A2719E}: Domain = ms.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ms.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ms.com

Share this post


Link to post
Share on other sites

hyungbak,

 

Enable the "Show Hidden Folders" option, like this:

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders.

Uncheck the Hide Protected Operating System Files (recommended) option.

Click Yes to confirm.

Click OK.

 

Open Task Manager (Ctrl+Alt+Delete) close as many of the Wintools processes that you can see listed such as:

WToolsA.exe

WToolsS.exe

WSup.exe

 

Then go to Add/Remove Programs and remove Wintools.

 

Reboot into Safemode this way:

Turn on the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Search for these and delete them if they still exist:

C:\WINDOWS\System32\SWin32.dll

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

C:\Program Files\Common Files\WinTools\WToolsA.exe

Reboot normally.

 

Run Adaware and Spybot.

 

Ad-aware *

Download Ad-aware from here: http://www.computercops.biz/downloads-file-292.html

Install by double-clicking on the downloaded file.

After installing but before running, update Ad-aware by using its Globe icon.

After updating, shutdown and restart Ad-aware.

Ad-aware is ready to scan and clean your system following these steps:

 

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

"Unload recognized processes during scanning."

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

"Let Windows remove files in use after reboot."

Press "Scan Now"

Check option "Use Custom scanning options"

Check option "Activate In-Depth Scan"

Press "Select drives\folders to scan"

Select the active partition which is usually C:

Press "Next" to let Ad-aware scan your drives...

If it finds "bad" files and registry keys, press "Next" again

Right-click in that pane and choose "select all"

Press "next"

When it asks to remove all checked items, Press "OK"

Close Ad-aware, reboot your system and go on to the next step below.

 

Spybot S&D*

Download Spybot S&D here: http://www.computercops.biz/downloads-file-108.html

Install by double-clicking on the downloaded file.

Run Spybot S&D from desktop icon or Start menu.

Press "Search for updates" button to get list of updates available.

Press "Download updates" button.

Close all IE windows and close & restart Spybot S&D.

Press "Check for problems" button.

Have SpyBot remove all it marks in RED by pressing "Fix selected problems".

Close Spybot S&D, reboot your system.

 

Then do an online virus scan: Housecall: http://www.trendmicro.com/en/home/us/enterprise.htm

 

Reboot.

 

Update your HJT to v. 1.98:

Download HijackThis to its own permanent folder.

http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Here's how:

To create a folder:

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".

Now you have C:\HJT\ folder.

Double-click on the .exe to scan.

 

After Scan, the Scan button changes to Save Log. Click that, save it somewhere.

Do Ctrl-A to Select all, and then copy and paste it here. Thanks.

Share this post


Link to post
Share on other sites

Thank you very much. I implemented your suggestions and it appears to have fixed the problem. Please see the new log file below. I appreciate your assistance.

 

Logfile of HijackThis v1.98.0

Scan saved at 7:53:30 AM, on 7/19/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\Program Files\NavNT\defwatch.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\vnxserv.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\BRMFRSMG.EXE

C:\Program Files\CyberArmor\casvc.exe

C:\WINDOWS\DELLMMKB.EXE

C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\NavNT\vptray.exe

C:\PROGRA~1\CYBERA~1\pcshelp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\Program Files\Forbes\ForbesAlerts.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Netropa\OSD.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [CyberArmorHelper] C:\PROGRA~1\CYBERA~1\pcshelp.exe -check

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Cache Cleaner] C:\Program Files\Neoteris\Cache Cleaner\dsCacheCleaner.exe -action delete

O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: PD - {1B28A319-CB6A-4EE6-8CCD-19FFBC872664} - C:\Program Files\Popup Defender\pd.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://webaccess.sullcrom.com/dana-cached/...oterisSetup.cab

O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0312.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC308918-A0B1-4C17-A8A3-9EA3B2A2719E}: Domain = ms.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ms.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ms.com

Share this post


Link to post
Share on other sites

You're welcome.

:D

Good job! WinTools seems to be gone, however there is still more work to do.

Regarding ad-supported Weatherbug, read this, and you decide if you want to keep it.

If not, remove it according to instructions on this website.

http://www.pchell.com/support/weatherbug.shtml

 

Run HJT and check to fix:

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} -

C:\WINDOWS\Downloaded Program Files\SbCIe028.dll (file missing)

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

 

If you chose to remove Weatherbug, also check these:

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

 

Reboot.

Empty your Temporary Internet Files and history in Internet Options. And clean out your

%Userprofile%\Local Settings\Temp

 

OR use the Disk Cleanup Utility to empty all your Temp folders.

 

If everything is working well, purge the System Restore and create a new Restore Point:

To flush the XP System Restore Points:

(Using XP, you must be logged in as Administrator to do this.)

 

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.

On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn Off System Restore.

 

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

 

Let us know how things are running now.

Share this post


Link to post
Share on other sites

Thanks again. I ran the rest of your suggested changes and, in case you think it's useful to see it again, I've cut and paste the HT logfile.

 

I decided to keep the Weatherbug because my wife likes to have it.

 

One question I had was this: when I installed Adaware a while back I think it did something to my Cyberarmour because whenever I reboot the computer I get an error message regarding the inability to load Cyberarmour. Do you have any suggested fixes?

 

Anyway, this forum is so helpful, and I think it's great that you taking time out to help people. My sincere thanks.

 

Here is the new logfile:

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\Program Files\NavNT\defwatch.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\vnxserv.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\BRMFRSMG.EXE

C:\Program Files\CyberArmor\casvc.exe

C:\WINDOWS\DELLMMKB.EXE

C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\NavNT\vptray.exe

C:\PROGRA~1\CYBERA~1\pcshelp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe

C:\Program Files\Forbes\ForbesAlerts.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Outlook Express\msimn.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [CyberArmorHelper] C:\PROGRA~1\CYBERA~1\pcshelp.exe -check

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Cache Cleaner] C:\Program Files\Neoteris\Cache Cleaner\dsCacheCleaner.exe -action delete

O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: PD - {1B28A319-CB6A-4EE6-8CCD-19FFBC872664} - C:\Program Files\Popup Defender\pd.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://webaccess.sullcrom.com/dana-cached/...oterisSetup.cab

O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0312.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC308918-A0B1-4C17-A8A3-9EA3B2A2719E}: Domain = ms.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ms.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ms.com

Share this post


Link to post
Share on other sites

Glad we could help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0