• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
LittleMissMoo

myexexex and casino palazzo

9 posts in this topic

Hello...

 

I'm still having problems with myexexex and casino palazzo! I've done most things mentioned in other threads to try and rid myself of the myexexex problem, but it's still here.

 

Here's what I've done so far...

 

1 - Created the clear.reg file and added it to the registry.

 

2 - Deleted the spad folder.

 

3 - Searched for the files HPCMDTY.dll, c_10230.dll, crt32_v2.dll and crt2_v32.dll. None of these files showed up so I had nothing to delete.

 

4 - Ran HiJackThis and fixed any references to spad and myexexex.

 

But myexexex insisted on appearing on IE at random times. So today I just ran HiJackThis and fixed :

 

O9 - Extra button: Microsoft® JavaScript® Console (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)

 

So far so good, but it's only been 30 mins! Is there anything else I should do to rid my computer of the annoying myexexex?

 

Also...how do I get rid of the Casino Palazzo? A shortcut keeps appearing on my desktop, as well as about 7 days ago, I was booted off my net connection and got a msg box from the casino palazzo bug thing saying "Your connection has been lost, would you like to reconnect? Yes No".

 

Also, anything I do, would I have to repeat the process for the other users on this computer?

 

Can anyone help me? I've had this problem for almost 2 weeks now! Any help would be greatly appreciated!

 

Thanks!

 

 

Here's my HiJackThis log -

 

Logfile of HijackThis v1.97.7

Scan saved at 13:50:52, on 03/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashserv.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\WINDOWS\System32\gsicon.exe

C:\WINDOWS\System32\dslagent.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\documents and settings\leeloo\local settings\temp\m.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\PopupVanish\PopupVanish.exe

C:\Program Files\AOL 8.0a\aoltray.exe

C:\Program Files\Logitech\ImageStudio\LowLight.exe

C:\Program Files\AOL 8.0a\waol.exe

C:\Program Files\AOL 8.0a\shellmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Mandy\My Documents\Setup Files\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice

O4 - HKLM\..\Run: [m] C:\documents and settings\leeloo\local settings\temp\m.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PopupVanish] C:\Program Files\PopupVanish\PopupVanish.exe

O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0a\aoltray.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.q-serve.com/signup.htm

O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab27571.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2262EB76-4576-4541-BAF8-4F280354896B}: NameServer = 195.93.34.134

O17 - HKLM\System\CCS\Services\Tcpip\..\{8951E138-12F1-495A-A04C-976300DCAB9E}: NameServer = 152.163.0.26 205.188.64.153

O17 - HKLM\System\CS1\Services\Tcpip\..\{2262EB76-4576-4541-BAF8-4F280354896B}: NameServer = 195.93.34.134

Share this post


Link to post
Share on other sites

Thanks Slav.

 

I followed PGPhantom's instructions while online, but when it came to deleting all content in the local settings/temp folder, all files could be deleted, apart from one, I can't remember the name... D_ something.

 

When I tried to delete this file, I got the message that it was "in use" and it could not be deleted. When I "OK"d this message, I got a blue screen. The error it reported was....

 

STOP: 0x00000005 (0x00420046, 0x00000002, 0x00000001, 0x80533FD4)

 

:( What went wrong?!

 

I haven't yet completed the instructions as I'm worried something else might go weird! (I'm not very confident with computers)

 

Also, last night while I was on a website, I was suddenly redirected to wow-web.com, a strip with links appeared across the screen. Also, one of the other users of this computer said that whenever they go to Google, when they click on search, the page goes to the wow-web site with search results. I don't know if that has anything to do with the myexexex or casino palazzo thing.

 

Thanks in advance!

Share this post


Link to post
Share on other sites

aaaaaaah!!

 

Okay, here's the deal so far, I did everything that PGPhantom and Shadowwar said to do. Everything seemed fine for about 6 hours, and THEN.....I got the blue screen AGAIN!!

 

This time the blue screen came up when I wasn't even active on the computer! Does anyone know what's wrong here?

 

The error I'm getting on the blue screen is still the same.....

 

STOP: 0x00000005 (0x00420046, 0x00000002, 0x00000001, 0x80533FD4)

 

Can anyone help me?? Thanks!

Share this post


Link to post
Share on other sites

This worked for me. ...... We used the asquared program and it found the trojan horse in system restore. You'll never find the program taking you to the myexexex web page because it constantly changes names. However if you can find anything in windows explorer or the registry it has to be deleted in safe mode. We found an exe one time in explorer and it disappeared before we could delete it. I also hear that cwshredder has a fix for this also.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0