• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
terrapins

ads234.com, and other pesky parasites

7 posts in this topic

Hey all,

 

I've been battling ad/spyware for sometime now, using Ad-aware, Spybot, and Norton Antivirus to destroy these headaches. Now, I get redirects from ads234.com and pops from about: blank. Below is my HijackThis Log....please help!

 

 

Logfile of HijackThis v1.98.0

Scan saved at 3:15:33 AM, on 7/30/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\DAEMON.EXE

C:\EPOAGENT\NAIMAS32.EXE

C:\EPOAGENT\NAIMAG32.EXE

C:\WINDOWS\SYSTEM\HPZTSB04.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\TEMP\NUVZAATN.EXE

C:\WINDOWS\TEMP\BAQU.EXE

C:\WINDOWS\WOVAX.EXE

C:\WINDOWS\SYSTEM\IMAIR32.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE

C:\WINDOWS\RunDLL.exe

C:\WINDOWS\SYSTEM\IOSRCL32.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMJB.EXE

C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMDIAG.EXE

C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_DIRECTOR.EXE

C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TDMENGINE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\HIJACKTHIS.EXE

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25 - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\WINDOWS\ALL USERS\APPLICATION DATA\PRIBI\PRIBI.DLL

O2 - BHO: (no name) - {81D66134-ADC3-4C6D-B0A9-03D4EE35B849} - C:\WINDOWS\SYSTEM\flxd.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\PROGRAM FILES\COMMON FILES\MIDADDLE\MIDADDLE.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [irMon] IrMon.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [NaimAgent_Service] C:\EPOAgent\naimas32.exe

O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe

O4 - HKLM\..\Run: [Lotus Sametime Connect] C:\PROGRAM FILES\LOTUS\SAMETIME CLIENT\CONNECT.exe

O4 - HKLM\..\Run: [ctmd] C:\WINDOWS\ctmd.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [Nuvzaatn.exe] C:\WINDOWS\TEMP\NUVZAATN.EXE

O4 - HKLM\..\Run: [baqu.exe] C:\WINDOWS\TEMP\BAQU.EXE

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\automove.exe

O4 - HKLM\..\Run: [wovax] C:\WINDOWS\wovax.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [q63h36V] IMAIR32.EXE

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [bxsnRWZ7O] IOSRCL32.EXE

O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\RunServices: [bxsnRWZ7O] IOSRCL32.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)

O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://eproject.flowserve.com/qp2.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 205.171.3.65,205.171.2.65

Share this post


Link to post
Share on other sites

Hi,

First thing to do is ...

 

Update Ad-aware's Reference File: instructions icon11.gifhere

 

Required Step: icon11.gifReconfigure Ad-Aware for Full Scan

 

Note: do not run Ad-Aware yet, just update and reconfigure.

 

Next:

 

Reconfigure Windows 98 to show hidden files:

Double-click the My Computer icon on the Windows desktop.

Click the View menu, and then click Options or Folder Options. Click the View tab.

 

In the Advanced settings box, under the "Hidden files" folder

Uncheck: "Hide file extensions for known file types"

Select: "Show all files" Ok the prompt

Click Apply, and then click OK.

 

Next:

 

Close all open programs and browsers, rescan with HijackThis.

Place a check in each of the following then click "Fix checked".

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25 - (no file)

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\WINDOWS\ALL USERS\APPLICATION DATA\PRIBI\PRIBI.DLL

O2 - BHO: (no name) - {81D66134-ADC3-4C6D-B0A9-03D4EE35B849} - C:\WINDOWS\SYSTEM\flxd.dll (file missing)

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\PROGRAM FILES\COMMON FILES\MIDADDLE\MIDADDLE.DLL

O4 - HKLM\..\Run: [ctmd] C:\WINDOWS\ctmd.exe

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [Nuvzaatn.exe] C:\WINDOWS\TEMP\NUVZAATN.EXE

O4 - HKLM\..\Run: [baqu.exe] C:\WINDOWS\TEMP\BAQU.EXE

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\automove.exe

O4 - HKLM\..\Run: [wovax] C:\WINDOWS\wovax.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [q63h36V] IMAIR32.EXE

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKCU\..\Run: [bxsnRWZ7O] IOSRCL32.EXE

O4 - HKCU\..\RunServices: [bxsnRWZ7O] IOSRCL32.EXE

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)

O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Open Windows Explorer to C:\Windows\Temp

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\WINDOWS\SYSTEM\IMAIR32.EXE <--this file

C:\WINDOWS\WOVAX.EXE <--this file

C:\WINDOWS\SYSTEM\IOSRCL32.EXE <--this file

C:\WINDOWS\ctmd.exe <--this file

C:\WINDOWS\SYSTEM\automove.exe <--this file

C:\WINDOWS\wovax.exe <--this file

C:\WINDOWS\aqadcup.exe <--this file

C:\WINDOWS\SYSTEM\ms.exe <--this file

IOSRCL32.EXE <--this file

Note: locate "IOSRCL32.EXE" via Start > Search > Advanced Options

C:\WINDOWS\ALL USERS\APPLICATION DATA\PRIBI <--this folder

C:\PROGRAM FILES\COMMON FILES\MIDADDLE <--this folder

C:\Program Files\Common Files\slmss <--this folder

C:\installer <--this folder

 

While still in Safe Mode, run Ad-Aware and fix everything it finds.

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Share this post


Link to post
Share on other sites

Thank you so much for replying! Following your instructions - just one quick question:

 

In Safe Mode you said to delete the entire contents of the folder C:\Windows\Temp, but that folder has contents such as Excel8.0, Word8.0, and Ppt8.0. Is it ok to delete such items? I was wondering if you meant the the temporary internet files folder instead??

 

Thanks in advance!

Share this post


Link to post
Share on other sites

Followed all the steps and here's my new HijackThis log...(things seem to to be running smooth so far :-)...many thanks indeed!

 

 

Logfile of HijackThis v1.98.0

Scan saved at 11:54:55 AM, on 7/30/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\DAEMON.EXE

C:\EPOAGENT\NAIMAS32.EXE

C:\EPOAGENT\NAIMAG32.EXE

C:\WINDOWS\SYSTEM\HPZTSB04.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE

C:\WINDOWS\RunDLL.exe

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\HIJACKTHIS.EXE

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [irMon] IrMon.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [NaimAgent_Service] C:\EPOAgent\naimas32.exe

O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe

O4 - HKLM\..\Run: [Lotus Sametime Connect] C:\PROGRAM FILES\LOTUS\SAMETIME CLIENT\CONNECT.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://eproject.flowserve.com/qp2.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 205.171.3.65,205.171.2.65

Share this post


Link to post
Share on other sites

ugh...spoke too soon...Hotmail...and AIM Express still don't work...when they try to open I get the "This page cannot be displayed" deal....

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0