LOADINGWEBSITE.COM problems and who knows what else... HELP!!

PLEASE HELP!!! i am now officially out of ideas... i am having a frustrating popup problem that i cannot seem to fix. after doing a series of random attempts to fix the problem with ad-aware, spybot, etc., i happened on the majorgeek site and followed the specific instructions to no avail... the popups are still coming!!! i have tried to follow the previous threads on this topic, but cannot seem to fix my own issue. PLEASE HELP!!!

some notes...
when i first boot up, i get a RUNDLL popup that says "an exception occurred while trying to run "c:\winnt\system32\agi3duag.dll", DllGetVersion"

the popups come from numerous sites, including:
www.loadingwebsite.com
www.abcsearch.com
www.americansingles.com
www.partypoker.com
and others...

i also have gotten a popup that reads "PARASITE ALERT - A Parasite Has Been Found on Your Computer" - Virtual Bouncer has found a parasite on your computer... Would you like Virtual Bouncer to remove this parasite from your computer?" it only includes a Yes button or a No button; the "X" box does not close it (i used ctrl-alt-del to remove the window).

through the process five shortcuts were unknowingly added to my desktop - www.zestyfind.com (3X), www.888.com, and hop.clickbank.net

so...
i followed the instructions as follows in safe mode w/networking support (i run for windows 2000):

1) ran trend micro scan - it detected a few hundred issues, many of which had been identified and "fixed" in a previous scan (but they reappeared)
2) attemted to run symantec security check, but it just popped up a blank window, and did not start the scan. i tried reopening as well as shutting down and rebooting, but could not get this scan to run.
3) ran stinger - it only showed ~22,000 clean files and did not seem to find any problems.
4) shut down all open programs i could
5) ran ccleaner, it deleted a large number of files and did not seem to have any problems
6) ran ad-aware with the vx2 cleaner - it found/fixed 305 critical problems (previous scans identified many of the same things, that i "fixed", but apparently unsuccessfully)
7) ran spybot - it found/fixed 23 additional items. i already had immunization running, but checked it again and it said known problems were being addressed
8) ran cwshredder, kill2me, about:buster, and hsremove, all in safe mode with networking (during the reboot after cwshredder, i got another dll popup similar to the first one mentioned, though with a different dll: kmdsw.dll)
9) i read the "hijack this" tutorial and downloaded "hijack this" but have not installed or run it pending feedback from the wise ones at majorgeeks...

PLEASE HELP!!!

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Thanks for the quick response. I ran HJT and attached the log file.

One thing I noticed now and previously on occasion is that if I alt-tab I see a windows logo that seems to be an application running, but doesn't have any label associated with it. when i select it nothing seems to happen. when i ctrl-alt-delete it doesn't show any other applications running. i'm guessing that is related to the problems i'm having...

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Virtual Bouncer

vidctrl

ospc


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy.crp.disney.com:8080

O4 - HKLM\..\Run: [ttupt] C:\WINNT\ttupt.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [tsvcin] C:\WINNT\system32\n20050308.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitedcm32.exe
O4 - HKCU\..\Run: [Awoa] C:\Program Files\ospc\mroh.exe
O4 - HKCU\..\Run: [Fzug] C:\WINNT\system32\??sks\msiexec.exe

O16 - DPF: IBM EA2000 - https://w3-1.ibm.com/tools/us/expenses/EA2000.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\VBouncer ←–– Delete this whole folder if it exist!

C:\WINNT\system32\vidctrl ←–– Delete this whole folder if it exist!

C:\Program Files\ospc ←–– Delete this whole folder if it exist!

C:\WINNT\system32\??sks ←–– Delete this whole folder if it exist!
(There may be 2 of these folders, delete the one that was modified recently)

C:\WINNT\system32\n20050308.exe

C:\winnt\system32\elitedcm32.exe

C:\WINNT\ttupt.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows

-Please download Ewido Security Suite

- Install, be sure you get the updated reference file!
- Run a full scan on Local Disk C:\
- Remove ALL found infections


After you complete ALL of the above REBOOT, Scan with HijackThis and attach the new log along with the log from Ewido.

 

Thanks for the specific instructions. One question before I do them - you specify a few times to make sure all my browser windows are closed. I am getting popups even when I don't show any browser windows open (i.e., it seems that whatever I have is initiating IE without my actually opening it, and if I go to Task Manager it shows no applications running). But are you saying that as long as I don't have any browsers open (i.e., if Task Manager shows nothing running) then I'm good to go? I just don't want to screw up your instructions.

Thank you so much!

rob

 

Just make sure you have no browsers open while running the fix and you will be ok.

 

OK, here we go - I hope we're close... thank you so much for your help. i'd be lost without it.

Some notes on my following your notes...
virtual bouncer - didn't show in add/remove programs
vidctrl - didn't show in add/remove programs (but does show as running as a process in windows task manager - i ended the process there)
ospc - didn't show in add/remove programs

rebooted into "safe mode with networking" because i need to update "spybot" in a few steps

ran hijack this...
checked the r0
was not able to check the r1 - it didn't show up in the log - it is a file from one of my clients that only runs when i'm on their network.

did not check the 016 - dpf - i work for ibm and this is the tool we use to track expenses - its use predates any of the problems i've had, and i haven't been alerted to any issues from ibm's support desk

vbouncer - was not there
ospc - was there - sent to recycle
vidctrl - was there - sent to recycle
??sks - was not there
n20050308 - was not there
elitedcm32 - was there - sent to recycle
ttupt - was not there

emptied recycle bin

ran ccleaner
ran spybot s&d

found 1 problem - elitum.elitebar - fixed it

tried to run cleanmgr and it didn't run -
"disk cleanup is calculating how much space you will be able to free on C_Drive" but the bar for "calculating" never moved.

did the ewido scan - the log is attached. also ran hijack this and that log is attached.

thank you again for the help - this has been painful...

rob

 

Your HJT log is clean, are you having any further problems?

 

funny you should ask... as of a few hours ago i could not get on my machine at all. it would either start to boot, then the trackpoint (it's a laptop) would lock up once I got to windows (when i could get this far, the same thing happened in normal mode, safe mode, and safe with networking). though most of the time it wouldn't even get that far. when i go to start, i hear the hard drive spin up, but see nothing on the screen. it doesn't even get to the windows splash screen. just... nothing. then i have to power off, unplug and pull the battery (that seemed to help get it at least to where it would load) and try again. so this note is written on my fiance's computer because i'm locked out of mine. when it begins to load i do the power on password and the next password (hard drive? i can't recall - it's a work requirement that we have another password set up), then i get to the windows password, and finally to the desktop. but it's within a few minutes that it locks up and nothing seems to work except the power button (ctrl-alt-del does zip, nada).

so i don't know if i ended up deleting something I need during the process or what, but it seems odd that i didn't notice it yesterday when i sent you the logs...

that knocking you hear is my head on my desk...

on the other hand, i'm glad to hear that my hjt looks clean.

thanks for all your help. it's a very humbling experience to be a victim.

rob

 

Since this doesnt seem to be Malware related I would recommend posting this in the Software Forum.

Good Luck!