winup2date.dll adware (qool.aid) uninstall

aclambert · Apr 19, 2005

This is in my computer and I can't get it out. I have run all your spyware programs. some detect it and some don't. Even when they detect it they state they can't remove it. I run hijack and I think I can isolate it but hijack will not allow me to delete ot fix it.

Art

chaslang · Apr 20, 2005

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

aclambert · Apr 20, 2005

Here is the log file. the 010 lines are not able to be fixed by hijack

chaslang · Apr 20, 2005

You can fix this next line using HijackThis.
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Why are you trying to have HijackThis fix the below O10 lines? Aren't they related to your ISP? See: http://castlecops.com/lsp-25.html
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

Do you recognize the below two items?
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

Now perform the steps below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post both logs as attachments.

aclambert · Apr 22, 2005

here is the hijack log

chaslang · Apr 22, 2005

Please go back and read message # 4. Answer my questions and run the steps requested. I did not ask for a HijackThis log.

Log in or Sign up

winup2date.dll adware (qool.aid) uninstall

aclambert Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

aclambert Private E-2

Attached Files:

hijackthis.log420.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

aclambert Private E-2

Attached Files:

hijackthis.log21.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member