Tried everything . . . persistent pop-ups

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by john.castillo, Sep 15, 2004.

  1. john.castillo

    john.castillo Private E-2

    Still getting pop-ups after running Ad-aware, SpyBot S&D, and Hijack This following all suggestions from previous posts. Helped with some things, but not completely. "StopGuard" pop-ups continue, trying to sell adware removal programs among others. Need help please!
     
    john.castillo, Sep 15, 2004
    #1
  2. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Hi,
    If you did everything per the tutorial, please download Hijack This and attach a log file.
     
    Major Attitude, Sep 15, 2004
    #2
  3. john.castillo

    john.castillo Private E-2

    Here it is:

    The file wasn't in the database of problem files YADUEI.EXE and I couldn't find any reference on the internet. Also, PSFREE.EXE is a temporary load to allow me to browse, though some pop-ups are still opening even though the PSFREE.EXE is active. Lastly, could not delete C:\WINDOWS
    \TEMP\WAVAJ.DAT for whatever reason. Simply wouldn't let me. Thanks for any help you can suggest. ~John

    Logfile of HijackThis v1.98.2
    Scan saved at 12:46:07 AM, on 9/15/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\OPLIMIT\OCRAWARE.EXE
    C:\OPLIMIT\OCRAWR32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDSCHD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDATE.EXE
    C:\WINDOWS\SYSTEM\YADUEI.EXE
    C:\WINDOWS\APPPATCH\JAVAW.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDLOG.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDDB.EXE
    C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\DOWNLOAD\HIJACKTHIS\HIJACKTHIS.EXE

    F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
    F1 - win.ini: run=hpfsched
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL
    O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\WINDOWS\TEMP\WAVAJ.DAT
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [HPID Scheduler] C:\Program Files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\program files\mcafee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\program files\mcafee.com\Agent\mcupdate.exe /embedding
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [rrtvabl] C:\WINDOWS\SYSTEM\yaduei.exe
    O4 - HKLM\..\Run: [JAVAW] C:\WINDOWS\APPPATCH\JAVAW.EXE
    O4 - HKLM\..\Run: [*JAVAW] C:\WINDOWS\APPPATCH\JAVAW.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
    O4 - HKLM\..\RunOnce: [*JAVAW] C:\WINDOWS\APPPATCH\JAVAW.EXE rerun
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
    O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\SYSTEM\SFP\ARCHIVE\DLLEULA.EXE ren
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/shared/comctl32.cab
    O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinstall.cab
    O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} (McAfee.com Component Download Manager Class) - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
     
    john.castillo, Sep 15, 2004
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds