Did the instructions in the other thread but pop ups are back.

Discussion in 'Malware Help (A Specialist Will Reply)' started by LTL, Aug 25, 2005.

  1. LTL

    LTL Guest

    I keep getting a gang of pop ups. Very annoying. I run the ad-aware and other programs but they keep coming back. I get pop ups to install win fixer, auroa or something like that, some that I think are from ad clicking.com, another one that tells me to install something or right click on the bar and select don't install and exit. I need help guys.
     
    LTL, Aug 25, 2005
    #1
  2. LTL

    LTL Guest

    I did the four steps and an alternative scan and I still get pop ups. I tried attatching my log file but the browser was stuck on "sending request" I hope you don't mind that I just pasted it here.

    Edit by chaslang: Inline log attached.
     

    Attached Files:

    Last edited by a moderator: Aug 29, 2005
    LTL, Aug 27, 2005
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There seems to be a problem right now uploading attachments.

    To get you started and to reduce the size of that log, do the below:

    Look in Add/Remove programs for the below and uninstall if found:
    SurfSideKick 3
    CMAPP

    Then do the below:

    Download HOSTER and then follow the below steps.
    • Unzip Hoster to a convenient folder such as C:\Hoster
    • Run Hoster.exe, click Restore Original Hosts and then click OK.
    • Click the X to exit the program
    - run CCleaner again before doing the below

    Download this trial version of Ewido Security Suite

    • Install ewido security suite
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
    • After it completes the update, click the Scanner button

    Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

    Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

    Open up Ewido and do the following:

    • Click on Scanner
    • Then click Settings
    • Under What to Scan? Select Scan every file
    • Then click OK
    • Click on Complete System Scan and the scan will start.
    • Let the program scan the machine
    While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

    Once the scan has completed, there will be a button located on the bottom of the screen named Save report

    • Click Save report
    • Save the report to your desktop or anyplace you will be able to find it to upload here.
    Reboot into normal mode and reconnect to the internet.

    Come back here and post the Ewido Scan Report also post a new HJT log. If you still cannot attach logs, post them inline.
     
    chaslang, Aug 27, 2005
    #3
  4. LTL

    LTL Guest

    I need some serious help, my computer isn't functioning right. I did the scans and saved the logfile in safe mode and when I reboot in normal mode I had a Hoster window open and it ask me to clean a file I clicked o.k. it and the window disapeared an d I'm left with my desktop but no start button and no icons. I did the restart thing a couple of times and the oster came up and sked me to clean a file but the file wasn't able to be clean. It was a file in the system 32 folder. the only reason why I'm able to go on the net is becase I pressed alt + del + ctrl and did a new task and opened up Mozilla.

    Here's the Hijack log

    Logfile of HijackThis v1.99.1
    Scan saved at 11:13:18 PM, on 8/27/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\System32\nfsiod.exe
    C:\WINDOWS\System32\nfsiod.exe
    C:\WINDOWS\System32\usbhdctl.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\usbhdctl.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\explorer.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mmjb.musicmatch.com/mmjb/pro...EM=HPPAV&OOEM=HPPAV&LANG=ENU&LANG=ENU&Grant=0
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 69.31.81.22 www.google.ae
    O1 - Hosts: 69.31.81.22 www.google.am
    O1 - Hosts: 69.31.81.22 www.google.as
    O1 - Hosts: 69.31.81.22 www.google.at
    O1 - Hosts: 69.31.81.22 www.google.az
    O1 - Hosts: 69.31.81.22 www.google.be
    O1 - Hosts: 69.31.81.22 www.google.bi
    O1 - Hosts: 69.31.81.22 www.google.ca
    O1 - Hosts: 69.31.81.22 www.google.cd
    O1 - Hosts: 69.31.81.22 www.google.cg
    O1 - Hosts: 69.31.81.22 www.google.ch
    O1 - Hosts: 69.31.81.22 www.google.ci
    O1 - Hosts: 69.31.81.22 www.google.cl
    O1 - Hosts: 69.31.81.22 www.google.co.cr
    O1 - Hosts: 69.31.81.22 www.google.co.hu
    O1 - Hosts: 69.31.81.22 www.google.co.il
    O1 - Hosts: 69.31.81.22 www.google.co.in
    O1 - Hosts: 69.31.81.22 www.google.co.je
    O1 - Hosts: 69.31.81.22 www.google.co.jp
    O1 - Hosts: 69.31.81.22 www.google.co.ke
    O1 - Hosts: 69.31.81.22 www.google.co.kr
    O1 - Hosts: 69.31.81.22 www.google.co.ls
    O1 - Hosts: 69.31.81.22 www.google.co.nz
    O1 - Hosts: 69.31.81.22 www.google.co.th
    O1 - Hosts: 69.31.81.22 www.google.co.ug
    O1 - Hosts: 69.31.81.22 www.google.co.uk
    O1 - Hosts: 69.31.81.22 www.google.co.ve
    O1 - Hosts: 69.31.81.22 www.google.com
    O1 - Hosts: 69.31.81.22 www.google.com.ag
    O1 - Hosts: 69.31.81.22 www.google.com.ar
    O1 - Hosts: 69.31.81.22 www.google.com.au
    O1 - Hosts: 69.31.81.22 www.google.com.br
    O1 - Hosts: 69.31.81.22 www.google.com.co
    O1 - Hosts: 69.31.81.22 www.google.com.cu
    O1 - Hosts: 69.31.81.22 www.google.com.do
    O1 - Hosts: 69.31.81.22 www.google.com.ec
    O1 - Hosts: 69.31.81.22 www.google.com.fj
    O1 - Hosts: 69.31.81.22 www.google.com.gi
    O1 - Hosts: 69.31.81.22 www.google.com.gr
    O1 - Hosts: 69.31.81.22 www.google.com.gt
    O1 - Hosts: 69.31.81.22 www.google.com.hk
    O1 - Hosts: 69.31.81.22 www.google.com.ly
    O1 - Hosts: 69.31.81.22 www.google.com.mt
    O1 - Hosts: 69.31.81.22 www.google.com.mx
    O1 - Hosts: 69.31.81.22 www.google.com.my
    O1 - Hosts: 69.31.81.22 www.google.com.na
    O1 - Hosts: 69.31.81.22 www.google.com.nf
    O1 - Hosts: 69.31.81.22 www.google.com.ni
    O1 - Hosts: 69.31.81.22 www.google.com.np
    O1 - Hosts: 69.31.81.22 www.google.com.pa
    O1 - Hosts: 69.31.81.22 www.google.com.pe
    O1 - Hosts: 69.31.81.22 www.google.com.ph
    O1 - Hosts: 69.31.81.22 www.google.com.pk
    O1 - Hosts: 69.31.81.22 www.google.com.pr
    O1 - Hosts: 69.31.81.22 www.google.com.py
    O1 - Hosts: 69.31.81.22 www.google.com.sa
    O1 - Hosts: 69.31.81.22 www.google.com.sg
    O1 - Hosts: 69.31.81.22 www.google.com.sv
    O1 - Hosts: 69.31.81.22 www.google.com.tr
    O1 - Hosts: 69.31.81.22 www.google.com.tw
    O1 - Hosts: 69.31.81.22 www.google.com.ua
    O1 - Hosts: 69.31.81.22 www.google.com.uy
    O1 - Hosts: 69.31.81.22 www.google.com.vc
    O1 - Hosts: 69.31.81.22 www.google.com.vn
    O1 - Hosts: 69.31.81.22 www.google.de
    O1 - Hosts: 69.31.81.22 www.google.dj
    O1 - Hosts: 69.31.81.22 www.google.dk
    O1 - Hosts: 69.31.81.22 www.google.es
    O1 - Hosts: 69.31.81.22 www.google.fi
    O1 - Hosts: 69.31.81.22 www.google.fm
    O1 - Hosts: 69.31.81.22 www.google.fr
    O1 - Hosts: 69.31.81.22 www.google.gg
    O1 - Hosts: 69.31.81.22 www.google.gl
    O1 - Hosts: 69.31.81.22 www.google.gm
    O1 - Hosts: 69.31.81.22 www.google.hn
    O1 - Hosts: 69.31.81.22 www.google.ie
    O1 - Hosts: 69.31.81.22 www.google.it
    O1 - Hosts: 69.31.81.22 www.google.kz
    O1 - Hosts: 69.31.81.22 www.google.li
    O1 - Hosts: 69.31.81.22 www.google.lt
    O1 - Hosts: 69.31.81.22 www.google.lu
    O1 - Hosts: 69.31.81.22 www.google.lv
    O1 - Hosts: 69.31.81.22 www.google.mn
    O1 - Hosts: 69.31.81.22 www.google.ms
    O1 - Hosts: 69.31.81.22 www.google.mu
    O1 - Hosts: 69.31.81.22 www.google.mw
    O1 - Hosts: 69.31.81.22 www.google.nl
    O1 - Hosts: 69.31.81.22 www.google.no
    O1 - Hosts: 69.31.81.22 www.google.off.ai
    O1 - Hosts: 69.31.81.22 www.google.pl
    O1 - Hosts: 69.31.81.22 www.google.pn
    O1 - Hosts: 69.31.81.22 www.google.pt
    O1 - Hosts: 69.31.81.22 www.google.ro
    O1 - Hosts: 69.31.81.22 www.google.ru
    O1 - Hosts: 69.31.81.22 www.google.rw
    O1 - Hosts: 69.31.81.22 www.google.se
    O1 - Hosts: 69.31.81.22 www.google.sh
    O1 - Hosts: 69.31.81.22 www.google.sk
    O1 - Hosts: 69.31.81.22 www.google.sm
    O1 - Hosts: 69.31.81.22 www.google.td
    O1 - Hosts: 69.31.81.22 www.google.tm
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
    O2 - BHO: SDWin32 Class - {09EFDC8C-DB5A-42C9-A434-3966475CC55D} - C:\WINDOWS\System32\pmzoq.dll (file missing)
    O2 - BHO: (no name) - {4FA2B39B-A7DA-983C-68E6-5B095A4118FD} - C:\DOCUME~1\Owner\LOCALS~1\Temp\dglybylqtaz.dll
    O2 - BHO: SDWin32 Class - {68C2064E-BA17-4EF5-85E2-0E3F34771025} - C:\WINDOWS\System32\dhdkl.dll
    O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\zplkr.dll
    O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll (file missing)
    O3 - Toolbar: Date Bar - {A833AB67-7368-457E-B8BF-249CCD8DDD14} - C:\DOCUME~1\Owner\LOCALS~1\Temp\dbar.dll (file missing)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
    O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
    O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
    O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
    O4 - HKLM\..\Run: [zinsddf] C:\WINDOWS\zinsddf.EXE
    O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [rurq] C:\PROGRA~1\COMMON~1\rurq\rurqm.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] 1
    O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
    O4 - HKCU\..\Run: [Wpo] C:\WINDOWS\System32\??erinit.exe
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: SnapDetect.lnk = ?
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0023.exe
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\vldex.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\nzuwhwg.exe

    Here's the Hoster log

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 11:12:37 PM, 8/27/2005
    + Report-Checksum: 3FB5EBE0

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{5483427F-93B8-1470-5A89-E6B56484CDB2} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A8BD9566-9895-4FA3-918D-A51D4CD15865} -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{D0070620-1E72-42E7-A14C-3A255AD31839} -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610} -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783} -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{2A7DB8D1-43BE-4AD3-A81E-9BB8C9D00073} -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5483427F-93B8-1470-5A89-E6B56484CDB2} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\picsvr -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
    HKU\S-1-5-21-3065466409-2852694325-1527757643-1003\Software\Mvu -> Spyware.Delfin : Cleaned with backup
    HKU\S-1-5-21-3065466409-2852694325-1527757643-1003\Software\picsvr -> Spyware.Delfin : Cleaned with backup
    [568] C:\WINDOWS\system32\vldex.dll -> Spyware.Look2Me : Error during cleaning
    [1408] C:\WINDOWS\system32\cbyptdlg.dll -> Spyware.Look2Me : Error during cleaning
    [1596] C:\WINDOWS\System32\nfsiod.exe -> Backdoor.Lamebot.v : Error during cleaning
    [1628] C:\WINDOWS\System32\nfsiod.exe -> Backdoor.Lamebot.v : Error during cleaning
    [1688] C:\WINDOWS\system32\cbyptdlg.dll -> Spyware.Look2Me : Error during cleaning
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ncnk.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkokkazwkqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@ad.adition[1].txt -> Spyware.Cookie.Adition : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@ad.adition[3].txt -> Spyware.Cookie.Adition : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@ads.euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@cz7.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@www2.enigmasoftwaregroup[2].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wflikpcpggoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4chajmepqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Default User\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoupazmdqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Default User\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\dddt.sys -> Trojan.Kolweb.b : Cleaned with backup
    C:\Program Files\CMAPP\Client\cmappclient.exe -> Spyware.CASClient : Cleaned with backup
    C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
    C:\temp\Installer.exe -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\dddt.sys -> Trojan.Kolweb.b : Cleaned with backup
    C:\WINDOWS\offun.exe -> TrojanDownloader.VB.hw : Cleaned with backup
    C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
    C:\WINDOWS\system32\0tm.exe -> Trojan.Delf.cf : Cleaned with backup
    C:\WINDOWS\system32\actsetup.exe -> Backdoor.Lamebot.v : Cleaned with backup
    C:\WINDOWS\system32\bqbnooc.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkokkazwkqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ad.adition[1].txt -> Spyware.Cookie.Adition : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ad.adition[3].txt -> Spyware.Cookie.Adition : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cz7.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www2.enigmasoftwaregroup[2].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wflikpcpggoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4chajmepqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoupazmdqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup
    C:\WINDOWS\system32\dddt.sys -> Trojan.Kolweb.b : Cleaned with backup
    C:\WINDOWS\system32\gdb32.exe -> Backdoor.Lamebot.v : Cleaned with backup
    C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\IkagXRA7.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\jkjnb.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
    C:\WINDOWS\system32\ldlgdd.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
    C:\WINDOWS\system32\mirindaspg.exe -> Trojan.Kolweb.b : Cleaned with backup
    C:\WINDOWS\system32\msshed32.exe -> TrojanDownloader.Delf.go : Cleaned with backup
    C:\WINDOWS\system32\n0f6t.exe -> Trojan.Kolweb.b : Cleaned with backup
    C:\WINDOWS\system32\npwrszhc.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\nsvsvc\nsv.ocx -> Spyware.Delfin : Cleaned with backup
    C:\WINDOWS\system32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
    C:\WINDOWS\system32\nsvsvc\nsvsvc.exe -> Spyware.Delfin : Cleaned with backup
    C:\WINDOWS\system32\pypav.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
    C:\WINDOWS\system32\redtrsha.dll -> Spyware.SafeSurfing : Cleaned with backup
    C:\WINDOWS\system32\rwpcfgex.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\timon3.dll -> Spyware.AzSearch : Cleaned with backup


    ::Report End


    I want to do the system restore and in hope that i would get my desktop back and actually see a start button and now a black screen with the wallpaper only. Please help.
     
    LTL, Aug 28, 2005
    #4
  5. LTL

    LTL Guest

    O.k I found the thread where it tells you how to get your start button back and your icon on the desktop so that's not a problem. I still have these pop ups but thew ewido also has window that opens up and pops up in a way notify me to clean and block or just clean the infected file.
     
    LTL, Aug 28, 2005
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds