Jump to content


Photo

SpySweeper & Ad-Aware Won't Kill It


  • Please log in to reply
1 reply to this topic

#1 hitranger

hitranger

    Member

  • New Member
  • Pip
  • 2 posts

Posted 28 July 2004 - 09:11 PM

SpySweeper and Ad-Aware won't kill this bug. It hijacks my browser and resets my default page and resides in deep registry. I ran HiJack log in normal mode, then I ran it again in Safe Mode and the I ran it a second time in Safe mode. The I ran it after going back to normal mode. Please help me get this frustrating problem fixed. Here are the 4 logs in the order mentioned above:
1.Before Safe Mode:

Logfile of HijackThis v1.98.0
Scan saved at 8:39:59 PM, on 7/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\IEBD32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\PRINTKEY-PRO\PRINTKEYPRO.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHISMANUALLY.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A7367BB2-EC6D-86CC-D35F-619C39373118} - C:\WINDOWS\WINNX32.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E10CFF79-7387-A961-D8F3-A733C71183E3} - C:\WINDOWS\WINSY32.DLL (file missing)
O2 - BHO: Class - {992CC6B0-F19C-96EB-B2AC-26F988029CAD} - C:\WINDOWS\IPQN.DLL (file missing)
O2 - BHO: Class - {C4012D49-A194-A75E-2913-A6B0116BD90C} - C:\WINDOWS\IECT32.DLL (file missing)
O2 - BHO: Class - {A78C683B-955A-AA50-0ABD-D5989A728228} - C:\WINDOWS\SYSTEM\SDKFG.DLL (file missing)
O2 - BHO: Class - {B990B770-D62A-B542-EDA6-516033B76258} - C:\WINDOWS\JAVADJ.DLL (file missing)
O2 - BHO: Class - {372F8931-D513-1387-33C0-8D1E94346E23} - C:\WINDOWS\CRTW32.DLL (file missing)
O2 - BHO: Class - {45095715-4837-DE78-F8F8-76551A4633CF} - C:\WINDOWS\SYSTEM\MSHM32.DLL
O2 - BHO: Class - {CDC4F9B8-74D2-78D7-264C-744CE85D9BF8} - C:\WINDOWS\SYSTEM\SYSGE.DLL (file missing)
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyStopper] C:\PROGRAM FILES\SPYSTOPPER\spystopper.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [IEBD32.EXE] C:\WINDOWS\SYSTEM\IEBD32.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Printkey-Pro.lnk = C:\Program Files\Printkey-Pro\Printkeypro.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

2. In Safe Mode Log1:
Logfile of HijackThis v1.98.0
Scan saved at 8:44:48 PM, on 7/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHISMANUALLY.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A7367BB2-EC6D-86CC-D35F-619C39373118} - C:\WINDOWS\WINNX32.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E10CFF79-7387-A961-D8F3-A733C71183E3} - C:\WINDOWS\WINSY32.DLL (file missing)
O2 - BHO: Class - {992CC6B0-F19C-96EB-B2AC-26F988029CAD} - C:\WINDOWS\IPQN.DLL (file missing)
O2 - BHO: Class - {C4012D49-A194-A75E-2913-A6B0116BD90C} - C:\WINDOWS\IECT32.DLL (file missing)
O2 - BHO: Class - {A78C683B-955A-AA50-0ABD-D5989A728228} - C:\WINDOWS\SYSTEM\SDKFG.DLL (file missing)
O2 - BHO: Class - {B990B770-D62A-B542-EDA6-516033B76258} - C:\WINDOWS\JAVADJ.DLL (file missing)
O2 - BHO: Class - {372F8931-D513-1387-33C0-8D1E94346E23} - C:\WINDOWS\CRTW32.DLL (file missing)
O2 - BHO: Class - {45095715-4837-DE78-F8F8-76551A4633CF} - C:\WINDOWS\SYSTEM\MSHM32.DLL
O2 - BHO: Class - {CDC4F9B8-74D2-78D7-264C-744CE85D9BF8} - C:\WINDOWS\SYSTEM\SYSGE.DLL (file missing)
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyStopper] C:\PROGRAM FILES\SPYSTOPPER\spystopper.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [IEBD32.EXE] C:\WINDOWS\SYSTEM\IEBD32.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Printkey-Pro.lnk = C:\Program Files\Printkey-Pro\Printkeypro.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

3. In Safe Mode Log2:

Logfile of HijackThis v1.98.0
Scan saved at 8:47:03 PM, on 7/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHISMANUALLY.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A7367BB2-EC6D-86CC-D35F-619C39373118} - C:\WINDOWS\WINNX32.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E10CFF79-7387-A961-D8F3-A733C71183E3} - C:\WINDOWS\WINSY32.DLL (file missing)
O2 - BHO: Class - {992CC6B0-F19C-96EB-B2AC-26F988029CAD} - C:\WINDOWS\IPQN.DLL (file missing)
O2 - BHO: Class - {C4012D49-A194-A75E-2913-A6B0116BD90C} - C:\WINDOWS\IECT32.DLL (file missing)
O2 - BHO: Class - {A78C683B-955A-AA50-0ABD-D5989A728228} - C:\WINDOWS\SYSTEM\SDKFG.DLL (file missing)
O2 - BHO: Class - {B990B770-D62A-B542-EDA6-516033B76258} - C:\WINDOWS\JAVADJ.DLL (file missing)
O2 - BHO: Class - {372F8931-D513-1387-33C0-8D1E94346E23} - C:\WINDOWS\CRTW32.DLL (file missing)
O2 - BHO: Class - {45095715-4837-DE78-F8F8-76551A4633CF} - C:\WINDOWS\SYSTEM\MSHM32.DLL
O2 - BHO: Class - {CDC4F9B8-74D2-78D7-264C-744CE85D9BF8} - C:\WINDOWS\SYSTEM\SYSGE.DLL (file missing)
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyStopper] C:\PROGRAM FILES\SPYSTOPPER\spystopper.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [IEBD32.EXE] C:\WINDOWS\SYSTEM\IEBD32.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Printkey-Pro.lnk = C:\Program Files\Printkey-Pro\Printkeypro.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

4. Back in Normal Mode:

Logfile of HijackThis v1.98.0
Scan saved at 8:54:00 PM, on 7/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\IEBD32.EXE
C:\WINDOWS\SYSTEM\MSHM32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\PRINTKEY-PRO\PRINTKEYPRO.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHISMANUALLY.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A7367BB2-EC6D-86CC-D35F-619C39373118} - C:\WINDOWS\WINNX32.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E10CFF79-7387-A961-D8F3-A733C71183E3} - C:\WINDOWS\WINSY32.DLL (file missing)
O2 - BHO: Class - {992CC6B0-F19C-96EB-B2AC-26F988029CAD} - C:\WINDOWS\IPQN.DLL (file missing)
O2 - BHO: Class - {C4012D49-A194-A75E-2913-A6B0116BD90C} - C:\WINDOWS\IECT32.DLL (file missing)
O2 - BHO: Class - {A78C683B-955A-AA50-0ABD-D5989A728228} - C:\WINDOWS\SYSTEM\SDKFG.DLL (file missing)
O2 - BHO: Class - {B990B770-D62A-B542-EDA6-516033B76258} - C:\WINDOWS\JAVADJ.DLL (file missing)
O2 - BHO: Class - {372F8931-D513-1387-33C0-8D1E94346E23} - C:\WINDOWS\CRTW32.DLL (file missing)
O2 - BHO: Class - {45095715-4837-DE78-F8F8-76551A4633CF} - C:\WINDOWS\SYSTEM\MSHM32.DLL
O2 - BHO: Class - {CDC4F9B8-74D2-78D7-264C-744CE85D9BF8} - C:\WINDOWS\SYSTEM\SYSGE.DLL (file missing)
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyStopper] C:\PROGRAM FILES\SPYSTOPPER\spystopper.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [IEBD32.EXE] C:\WINDOWS\SYSTEM\IEBD32.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Printkey-Pro.lnk = C:\Program Files\Printkey-Pro\Printkeypro.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

In my Add/Remove Programs in Control Panel I see these programs running that I know are not supposed to be there but I cannot delete them:
HomeSearchAssistant
SearchExtender
ShoppingWizard

I try to delete and I get the message: UNABLE TO DELETE.

Please help me with this frustrating problem. Thanks.

Edited by hitranger, 29 July 2004 - 06:53 AM.


#2 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 29 July 2004 - 10:59 AM

Hi there,

This analysis is from a normal mode log.

Please do this first;

You are running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar) like this C:\HJT\HijackThis.exe. Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop.

When you have done that, then make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

NOTE THE OPTIONAL FIX


R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A7367BB2-EC6D-86CC-D35F-619C39373118} - C:\WINDOWS\WINNX32.DLL (file missing)

O2 - BHO: Class - {E10CFF79-7387-A961-D8F3-A733C71183E3} - C:\WINDOWS\WINSY32.DLL (file missing)
O2 - BHO: Class - {992CC6B0-F19C-96EB-B2AC-26F988029CAD} - C:\WINDOWS\IPQN.DLL (file missing)
O2 - BHO: Class - {C4012D49-A194-A75E-2913-A6B0116BD90C} - C:\WINDOWS\IECT32.DLL (file missing)
O2 - BHO: Class - {A78C683B-955A-AA50-0ABD-D5989A728228} - C:\WINDOWS\SYSTEM\SDKFG.DLL (file missing)
O2 - BHO: Class - {B990B770-D62A-B542-EDA6-516033B76258} - C:\WINDOWS\JAVADJ.DLL (file missing)
O2 - BHO: Class - {372F8931-D513-1387-33C0-8D1E94346E23} - C:\WINDOWS\CRTW32.DLL (file missing)
O2 - BHO: Class - {45095715-4837-DE78-F8F8-76551A4633CF} - C:\WINDOWS\SYSTEM\MSHM32.DLL
O2 - BHO: Class - {CDC4F9B8-74D2-78D7-264C-744CE85D9BF8} - C:\WINDOWS\SYSTEM\SYSGE.DLL (file missing)
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)


O4 - HKLM\..\RunServices: [IEBD32.EXE] C:\WINDOWS\SYSTEM\IEBD32.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<<<<These items are considered to be resource hogs that are not needed and it may be worthwhile to fix them with HJT. You will still be able to start them manually if you need them...

O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)


Restart your computer in
Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

Not all or any of these may still show,



C:\WINDOWS\SYSTEM\IEBD32.EXE<<<<File
C:\WINDOWS\SYSTEM\MSHM32.EXE<<<<File
C:\WINDOWS\WINNX32.DLL<<<<File
C:\WINDOWS\WINSY32.DLL<<<<File
C:\WINDOWS\IPQN.DLL<<<<File
C:\WINDOWS\IECT32.DLL<<<<File
C:\WINDOWS\SYSTEM\SDKFG.DLL<<<<File
C:\WINDOWS\CRTW32.DLL<<<<File
C:\WINDOWS\SYSTEM\MSHM32.DLL<<<<File
C:\WINDOWS\SYSTEM\SYSGE.DLL<<<<File
C:\WINDOWS\SYSTEM\IEBD32.EXE<<<<File

Reboot, then post a fresh normal mode logfile so that I can check to see if it is clean.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button