Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
Hi I'm hoping someone out there might be able to give me a hand removing a most annoying piece of spyware called CoolWebSearch. I've tried removing it with several of the main spyware removers such as Ad-Aware. I've also tried using CWShredder to no avail. AS well I've tried to follow instructions for how to remove previous versions of CSW but have met with no lasting success. And now Ad-Aware is no longer even able to load even after reinstalling, so as you can imagine I'm a little fed up with this.


OPERATING SYSTEM: Win 98 SE

I've attached a copy of my log from SpySubtract

--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Thu Jun 16 00:30:16 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

--------------------------------- SpySubtract session ended ---------------------------------

--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Thu Jun 16 00:34:29 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Files and Directories
Found 'SWRT01.dll' in 'C:\WINDOWS\SYSTEM'
Found 'vsjlc.dll' in 'C:\WINDOWS\SYSTEM'
Found 'sdkor.dll' in 'C:\WINDOWS\SYSTEM'
Found 'wndfj.dll' in 'C:\WINDOWS\SYSTEM'
Found 'bkwpd.dll' in 'C:\WINDOWS\SYSTEM'
Found 'wpmlb.dll' in 'C:\WINDOWS\SYSTEM'
Found 'ldmdcj.log' in 'C:\WINDOWS'
Found 'ulldoj.dat' in 'C:\WINDOWS'
Found 'jgmzs.dll' in 'C:\WINDOWS'
Found 'onczvx.txt' in 'C:\WINDOWS'
Found 'zwjgmk.txt' in 'C:\WINDOWS'
Found 'mlzbln.dat' in 'C:\WINDOWS'
Programs in Memory
Internet URL Shortcuts
Found 'Ab scissor.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Broadband comparison.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Credit counseling.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Credit report.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Crm software.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Debt credit card.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Escorts.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Fha.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Health insurance.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Help desk software.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Insurance home.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Loan for debt consolidation.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Loan for people with bad credit.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Marketing email.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Mortgage insurance.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Nevada corporations.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Online Betting Site.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Online gambling casino.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Online instant loan.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Order phentermine.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Payroll advance.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Personal loans online.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Personal loans with bad credit.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Prescription Drugs Rx Online.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Refinancing my mortgage.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Tahoe vacation rental.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Unsecured bad credit loans.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Videos.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'What is hydrocodone.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Only sex website.url' in 'C:\WINDOWS\Favorites\'
Internet Cookies
Found 'stats1.clicktracks.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Found 'mediaplex.com' in 'Internet Explorer Cache'
Found 'as-us.falkag.net' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Windows Registry
Found '' in 'SOFTWARE\Oska Educational Systems\DeskMates'
Found '' in 'SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}'
Found '' in 'SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\VERSION'
Found '' in 'SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026}'
Found '' in 'SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026}\Forward'
Found '' in 'SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577}'
Found '' in 'SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577}\Forward'
Found '' in 'SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34}'
Found '' in 'SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34}\Forward'
Found '' in 'SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273}'
Found '' in 'SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582}'
Found '' in 'SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582}\Forward'
Found '' in 'SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F}'
Found '' in 'SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F}\Forward'
Found '' in 'SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A}'
Found '' in 'SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A}\Forward'
Found '' in 'SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39}'
Found '' in 'SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39}\Forward'
Found '' in 'SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C}'
Found '' in 'SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C}\Forward'
Found '' in 'SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\SWRT01.RT'
Found '' in 'SOFTWARE\Classes\SWRT01.RT\Clsid'
Found '' in 'SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862}\2.8'
Found '' in 'SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862}\2.8\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862}\2.8\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862}\2.8\HELPDIR'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\InprocServer32'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found '' in 'SOFTWARE\Classes\CLSID\{F7A196C6-1857-3989-03BD-EA02DB4032FF}\LocalServer32'
Found 'SearchAssistant' in 'SOFTWARE\Microsoft\Internet Explorer\Search'
Found 'SearchAssistant' in 'Software\Microsoft\Internet Explorer\Search'
Found '' in 'CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Found '' in 'SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\WINDOWS\SYSTEM\SWRT01.dll' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM\SWRT01.dll' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM\SWRT01.dll'
Checking for 'C:\WINDOWS\SYSTEM\vsjlc.dll' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM\vsjlc.dll' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM\vsjlc.dll'
Checking for 'C:\WINDOWS\SYSTEM\sdkor.dll' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM\sdkor.dll' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM\sdkor.dll'
Checking for 'C:\WINDOWS\SYSTEM\wndfj.dll' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM\wndfj.dll' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM\wndfj.dll'
Checking for 'C:\WINDOWS\SYSTEM\bkwpd.dll' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM\bkwpd.dll' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM\bkwpd.dll'
Checking for 'C:\WINDOWS\SYSTEM\wpmlb.dll' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM\wpmlb.dll' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM\wpmlb.dll'
Checking for 'C:\WINDOWS\ldmdcj.log' in shortcut areas.
Checking for 'C:\WINDOWS\ldmdcj.log' in startup areas.
Cleaning 'C:\WINDOWS\ldmdcj.log'
Checking for 'C:\WINDOWS\ulldoj.dat' in shortcut areas.
Checking for 'C:\WINDOWS\ulldoj.dat' in startup areas.
Cleaning 'C:\WINDOWS\ulldoj.dat'
Checking for 'C:\WINDOWS\jgmzs.dll' in shortcut areas.
Checking for 'C:\WINDOWS\jgmzs.dll' in startup areas.
Cleaning 'C:\WINDOWS\jgmzs.dll'
Checking for 'C:\WINDOWS\onczvx.txt' in shortcut areas.
Checking for 'C:\WINDOWS\onczvx.txt' in startup areas.
Cleaning 'C:\WINDOWS\onczvx.txt'
Checking for 'C:\WINDOWS\zwjgmk.txt' in shortcut areas.
Checking for 'C:\WINDOWS\zwjgmk.txt' in startup areas.
Cleaning 'C:\WINDOWS\zwjgmk.txt'
Checking for 'C:\WINDOWS\mlzbln.dat' in shortcut areas.
Checking for 'C:\WINDOWS\mlzbln.dat' in startup areas.
Cleaning 'C:\WINDOWS\mlzbln.dat'
Finished Cleaning
Started Scanning
Files and Directories
--------------------------------- SpySubtract session ended ---------------------------------

--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Thu Jun 16 00:42:43 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Thu Jun 16 00:48:06 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Thu Jun 16 00:49:10 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Files and Directories
Programs in Memory
Internet URL Shortcuts
Internet Cookies
Windows Registry
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found '' in 'SOFTWARE\Classes\CLSID\{F7A196C6-1857-3989-03BD-EA02DB4032FF}\LocalServer32'
Found 'SearchAssistant' in 'SOFTWARE\Microsoft\Internet Explorer\Search'
Found 'SearchAssistant' in 'Software\Microsoft\Internet Explorer\Search'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning
--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Thu Jun 16 10:41:49 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Thu Jun 16 18:24:40 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Fri Jun 17 08:50:07 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Fri Jun 17 15:34:07 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Fri Jun 17 23:05:44 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Fri Jun 17 23:51:31 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

Started Scanning
Windows Registry
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found '' in 'SOFTWARE\Classes\CLSID\{F7A196C6-1857-3989-03BD-EA02DB4032FF}\LocalServer32'
Found 'SearchAssistant' in 'SOFTWARE\Microsoft\Internet Explorer\Search'
Found 'SearchAssistant' in 'Software\Microsoft\Internet Explorer\Search'
Found '' in 'CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Found '' in 'SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Finished Scanning
--------------------------------- SpySubtract session started ---------------------------------
Machine=PABLO
Time=Sat Jun 18 00:23:14 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

Started Scanning
Files and Directories
Found 'bbgkr.dll' in 'C:\WINDOWS'
Found 'ixicca.log' in 'C:\WINDOWS'
Programs in Memory
Internet URL Shortcuts
Found 'Ab scissor.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Broadband comparison.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Credit counseling.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Credit report.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Crm software.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Debt credit card.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Escorts.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Fha.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Health insurance.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Help desk software.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Insurance home.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Loan for debt consolidation.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Loan for people with bad credit.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Marketing email.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Mortgage insurance.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Nevada corporations.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Online Betting Site.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Online gambling casino.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Online instant loan.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Order phentermine.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Payroll advance.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Personal loans online.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Personal loans with bad credit.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Prescription Drugs Rx Online.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Refinancing my mortgage.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Tahoe vacation rental.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Unsecured bad credit loans.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Videos.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'What is hydrocodone.url' in 'C:\WINDOWS\Favorites\Sites about\'
Found 'Only sex website.url' in 'C:\WINDOWS\Favorites\'
Internet Cookies
Found 'bluestreak.com' in 'Internet Explorer Cache'
Found 'stats1.clicktracks.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Found 'mediaplex.com' in 'Internet Explorer Cache'
Found 'ads.pointroll.com' in 'Internet Explorer Cache'
Windows Registry
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found '' in 'SOFTWARE\Classes\CLSID\{F7A196C6-1857-3989-03BD-EA02DB4032FF}\LocalServer32'
Found 'SearchAssistant' in 'SOFTWARE\Microsoft\Internet Explorer\Search'
Found 'SearchAssistant' in 'Software\Microsoft\Internet Explorer\Search'
Found '' in 'CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Found '' in 'SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Finished Scanning
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #3 ·
Hey hany

I tried to do what you asked, unfortunately I am having the exact same problems with hijackthis as I am with Ad-aware, I get a message stating that OLEAUT32.DLL is out of date and requires a newer version. Right now I am going to windows update page to make sure everything is uptodate. I'll post again after I download any necessary updates.

Bill
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #6 ·
Hey Hany

Thanks for the link my programs seem to be operating normally again, and my HijackThis log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 2:01:54 AM, on 29/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSZF32.EXE
C:\WINDOWS\SYSTEM\WINVW32.EXE
C:\WINDOWS\SYSTEM\IPFI.EXE
C:\WINDOWS\ATLFE.EXE
C:\WINDOWS\MSIC32.EXE
C:\WINDOWS\SYSTEM\IEJQ32.EXE
C:\WINDOWS\IEDJ.EXE
C:\WINDOWS\SYSTEM\ATLPD.EXE
C:\WINDOWS\APIGT32.EXE
C:\WINDOWS\SYSTK.EXE
C:\WINDOWS\JAVAYX.EXE
C:\WINDOWS\MFCAL.EXE
C:\WINDOWS\SYSTEM\SYSVG32.EXE
C:\WINDOWS\NTGJ32.EXE
C:\WINDOWS\SYSTEM\IEFZ32.EXE
C:\WINDOWS\SYSTEM\MSGH32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SDKCV.EXE
C:\WINDOWS\NTOL.EXE
C:\WINDOWS\IPAT.EXE
C:\WINDOWS\NTEO.EXE
C:\WINDOWS\CRAW.EXE
C:\WINDOWS\SYSTEM\SYSPS32.EXE
C:\WINDOWS\ADDCI.EXE
C:\WINDOWS\MSKX.EXE
C:\WINDOWS\APPSU32.EXE
C:\WINDOWS\SYSTEM\ADDVY32.EXE
C:\WINDOWS\SYSTEM\CRPX.EXE
C:\WINDOWS\IPSU.EXE
C:\WINDOWS\D3CT32.EXE
C:\WINDOWS\NTBO32.EXE
C:\WINDOWS\ATLOO.EXE
C:\WINDOWS\NTKH32.EXE
C:\WINDOWS\ATLLR32.EXE
C:\WINDOWS\IPMG.EXE
C:\WINDOWS\SYSTEM\SYSID32.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSIT.EXE
C:\WINDOWS\SYSTEM\MSRO32.EXE
C:\WINDOWS\SYSTEM\CRLY.EXE
C:\WINDOWS\SYSTEM\NETBR.EXE
C:\WINDOWS\SYSTEM\IEYP32.EXE
C:\WINDOWS\SYSTEM\MFCWE32.EXE
C:\WINDOWS\NETFT32.EXE
C:\WINDOWS\MFCWD32.EXE
C:\WINDOWS\NETLA.EXE
C:\WINDOWS\SYSTEM\APPCZ32.EXE
C:\WINDOWS\SYSTEM\ADDAQ32.EXE
C:\WINDOWS\SYSTEM\JAVATI.EXE
C:\WINDOWS\SYSTEM\APINC32.EXE
C:\WINDOWS\APIMV32.EXE
C:\WINDOWS\SYSTEM\MFCYL32.EXE
C:\WINDOWS\ADDLQ32.EXE
C:\WINDOWS\APIEI32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SYMPATICO STARTER KIT\BIN\CONFSVR.EXE
C:\WINDOWS\SYSTEM\NTNC.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SYMPATICO STARTER KIT\BIN\GBCONMON.EXE
C:\WINDOWS\SYSZF32.EXE
C:\PROGRAM FILES\SYMPATICO STARTER KIT\BIN\GBTASK.EXE
C:\WINDOWS\APIEI32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SYMPATICO STARTER KIT\BIN\GBDASH.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\grjcx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\grjcx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\grjcx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\grjcx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\grjcx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\grjcx.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\grjcx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {A9656520-F55C-E406-C173-47AF604EDC56} - C:\WINDOWS\SYSTEM\MFCYX32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [piiasqrssbsqt] C:\WINDOWS\SYSTEM\hkzgqy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Sympatico Starter Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTNC.EXE] C:\WINDOWS\SYSTEM\NTNC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Sympatico Starter Kit\bin\gbdefer.exe
O4 - HKLM\..\RunServices: [D3MQ.EXE] C:\WINDOWS\SYSTEM\D3MQ.EXE /s
O4 - HKLM\..\RunServices: [APPAO32.EXE] C:\WINDOWS\APPAO32.EXE /s
O4 - HKLM\..\RunServices: [MFCAK.EXE] C:\WINDOWS\MFCAK.EXE /s
O4 - HKLM\..\RunServices: [ATLLO.EXE] C:\WINDOWS\SYSTEM\ATLLO.EXE /s
O4 - HKLM\..\RunServices: [D3LG.EXE] C:\WINDOWS\SYSTEM\D3LG.EXE /s
O4 - HKLM\..\RunServices: [SDKDP32.EXE] C:\WINDOWS\SYSTEM\SDKDP32.EXE /s
O4 - HKLM\..\RunServices: [NETDU32.EXE] C:\WINDOWS\SYSTEM\NETDU32.EXE /s
O4 - HKLM\..\RunServices: [WINVI.EXE] C:\WINDOWS\SYSTEM\WINVI.EXE /s
O4 - HKLM\..\RunServices: [JAVAGQ32.EXE] C:\WINDOWS\JAVAGQ32.EXE /s
O4 - HKLM\..\RunServices: [IEDM.EXE] C:\WINDOWS\IEDM.EXE /s
O4 - HKLM\..\RunServices: [NTAO.EXE] C:\WINDOWS\NTAO.EXE /s
O4 - HKLM\..\RunServices: [NETOR32.EXE] C:\WINDOWS\SYSTEM\NETOR32.EXE /s
O4 - HKLM\..\RunServices: [WINNQ32.EXE] C:\WINDOWS\SYSTEM\WINNQ32.EXE /s
O4 - HKLM\..\RunServices: [CRTS32.EXE] C:\WINDOWS\SYSTEM\CRTS32.EXE /s
O4 - HKLM\..\RunServices: [APPAH32.EXE] C:\WINDOWS\APPAH32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\SYSTEM\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF32.EXE] C:\WINDOWS\SYSZF32.EXE /s
O4 - HKLM\..\RunServices: [NETFU.EXE] C:\WINDOWS\NETFU.EXE /s
O4 - HKLM\..\RunServices: [JAVAXM32.EXE] C:\WINDOWS\JAVAXM32.EXE /s
O4 - HKLM\..\RunServices: [APIOB32.EXE] C:\WINDOWS\APIOB32.EXE /s
O4 - HKLM\..\RunServices: [JAVADK.EXE] C:\WINDOWS\JAVADK.EXE /s
O4 - HKLM\..\RunServices: [WINVW32.EXE] C:\WINDOWS\SYSTEM\WINVW32.EXE /s
O4 - HKLM\..\RunServices: [IPFI.EXE] C:\WINDOWS\SYSTEM\IPFI.EXE /s
O4 - HKLM\..\RunServices: [ATLFE.EXE] C:\WINDOWS\ATLFE.EXE /s
O4 - HKLM\..\RunServices: [MSIC32.EXE] C:\WINDOWS\MSIC32.EXE /s
O4 - HKLM\..\RunServices: [IEJQ32.EXE] C:\WINDOWS\SYSTEM\IEJQ32.EXE /s
O4 - HKLM\..\RunServices: [IEDJ.EXE] C:\WINDOWS\IEDJ.EXE /s
O4 - HKLM\..\RunServices: [ATLPD.EXE] C:\WINDOWS\SYSTEM\ATLPD.EXE /s
O4 - HKLM\..\RunServices: [APIGT32.EXE] C:\WINDOWS\APIGT32.EXE /s
O4 - HKLM\..\RunServices: [SYSTK.EXE] C:\WINDOWS\SYSTK.EXE /s
O4 - HKLM\..\RunServices: [JAVAYX.EXE] C:\WINDOWS\JAVAYX.EXE /s
O4 - HKLM\..\RunServices: [MFCAL.EXE] C:\WINDOWS\MFCAL.EXE /s
O4 - HKLM\..\RunServices: [SYSVG32.EXE] C:\WINDOWS\SYSTEM\SYSVG32.EXE /s
O4 - HKLM\..\RunServices: [NTGJ32.EXE] C:\WINDOWS\NTGJ32.EXE /s
O4 - HKLM\..\RunServices: [IEFZ32.EXE] C:\WINDOWS\SYSTEM\IEFZ32.EXE /s
O4 - HKLM\..\RunServices: [MSGH32.EXE] C:\WINDOWS\SYSTEM\MSGH32.EXE /s
O4 - HKLM\..\RunServices: [SDKCV.EXE] C:\WINDOWS\SYSTEM\SDKCV.EXE /s
O4 - HKLM\..\RunServices: [NTOL.EXE] C:\WINDOWS\NTOL.EXE /s
O4 - HKLM\..\RunServices: [IPAT.EXE] C:\WINDOWS\IPAT.EXE /s
O4 - HKLM\..\RunServices: [NTEO.EXE] C:\WINDOWS\NTEO.EXE /s
O4 - HKLM\..\RunServices: [CRAW.EXE] C:\WINDOWS\CRAW.EXE /s
O4 - HKLM\..\RunServices: [SYSPS32.EXE] C:\WINDOWS\SYSTEM\SYSPS32.EXE /s
O4 - HKLM\..\RunServices: [ADDCI.EXE] C:\WINDOWS\ADDCI.EXE /s
O4 - HKLM\..\RunServices: [MSKX.EXE] C:\WINDOWS\MSKX.EXE /s
O4 - HKLM\..\RunServices: [APPSU32.EXE] C:\WINDOWS\APPSU32.EXE /s
O4 - HKLM\..\RunServices: [ADDVY32.EXE] C:\WINDOWS\SYSTEM\ADDVY32.EXE /s
O4 - HKLM\..\RunServices: [CRPX.EXE] C:\WINDOWS\SYSTEM\CRPX.EXE /s
O4 - HKLM\..\RunServices: [IPSU.EXE] C:\WINDOWS\IPSU.EXE /s
O4 - HKLM\..\RunServices: [D3CT32.EXE] C:\WINDOWS\D3CT32.EXE /s
O4 - HKLM\..\RunServices: [NTBO32.EXE] C:\WINDOWS\NTBO32.EXE /s
O4 - HKLM\..\RunServices: [ATLOO.EXE] C:\WINDOWS\ATLOO.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [ATLLR32.EXE] C:\WINDOWS\ATLLR32.EXE /s
O4 - HKLM\..\RunServices: [IPMG.EXE] C:\WINDOWS\IPMG.EXE /s
O4 - HKLM\..\RunServices: [SYSID32.EXE] C:\WINDOWS\SYSTEM\SYSID32.EXE /s
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SYSIT.EXE] C:\WINDOWS\SYSIT.EXE /s
O4 - HKLM\..\RunServices: [MSRO32.EXE] C:\WINDOWS\SYSTEM\MSRO32.EXE /s
O4 - HKLM\..\RunServices: [CRLY.EXE] C:\WINDOWS\SYSTEM\CRLY.EXE /s
O4 - HKLM\..\RunServices: [NETBR.EXE] C:\WINDOWS\SYSTEM\NETBR.EXE /s
O4 - HKLM\..\RunServices: [IEYP32.EXE] C:\WINDOWS\SYSTEM\IEYP32.EXE /s
O4 - HKLM\..\RunServices: [MFCWE32.EXE] C:\WINDOWS\SYSTEM\MFCWE32.EXE /s
O4 - HKLM\..\RunServices: [NETFT32.EXE] C:\WINDOWS\NETFT32.EXE /s
O4 - HKLM\..\RunServices: [MFCWD32.EXE] C:\WINDOWS\MFCWD32.EXE /s
O4 - HKLM\..\RunServices: [NETLA.EXE] C:\WINDOWS\NETLA.EXE /s
O4 - HKLM\..\RunServices: [APPCZ32.EXE] C:\WINDOWS\SYSTEM\APPCZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDAQ32.EXE] C:\WINDOWS\SYSTEM\ADDAQ32.EXE /s
O4 - HKLM\..\RunServices: [JAVATI.EXE] C:\WINDOWS\SYSTEM\JAVATI.EXE /s
O4 - HKLM\..\RunServices: [APINC32.EXE] C:\WINDOWS\SYSTEM\APINC32.EXE /s
O4 - HKLM\..\RunServices: [APIMV32.EXE] C:\WINDOWS\APIMV32.EXE /s
O4 - HKLM\..\RunServices: [MFCYL32.EXE] C:\WINDOWS\SYSTEM\MFCYL32.EXE /s
O4 - HKLM\..\RunServices: [ADDLQ32.EXE] C:\WINDOWS\ADDLQ32.EXE /s
O4 - HKLM\..\RunServices: [APIEI32.EXE] C:\WINDOWS\APIEI32.EXE /s
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
 

·
Registered
Joined
·
826 Posts
These instructions are sort of long, so you might want to print them out.

  1. Download AboutBuster. Unzip it to your desktop but do not run it yet. Instead, open it, and download any updates found and then close the program for now
  2. Next download and install Cleanup.
  3. Download CWShredder and check for updates (if any). Once again, don't hit fix.
  4. Make sure you have AdAware and SpyBot S&D installed
    -http://www.lavasoftusa.com/support/download/ for AdAware and check here for instructions on how to configure it.
    -
    1. Download Spyboy S&D from this page
    2. Open and install the program then click here and follow the instructions for updating the program. Download all available updates.
    3. (do these steps later) Run a scan by clicking on Spybot S&D and then clicking Search & Destroy and then Check for problems
    4. When scan completes, remove all items in red by making sure that they are checked and then click Fix selected problems
  5. Download and unzip cwsserviceremove.zip to your desktop and do not do anything with it yet.
  6. End task of the following files:
    C:\WINDOWS\SYSTEM\QTTASK.EXE and
    C:\WINDOWS\SYSTEM\NTNC.EXE
  7. Reboot into Safe Mode and Enable Viewing of Hidden/System Files
    How to boot to safe mode - http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    How to enable viewing of hidden/system files - http://www.xtra.co.nz/help/0,,4155-1916458,00.html
  8. Restart HJT and put a check next to the following entries if they still exist:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\grjcx.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\grjcx.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\grjcx.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\grjcx.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\grjcx.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\grjcx.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\grjcx.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {A9656520-F55C-E406-C173-47AF604EDC56} - C:\WINDOWS\SYSTEM\MFCYX32.DLL
    O4 - HKLM\..\Run: [piiasqrssbsqt] C:\WINDOWS\SYSTEM\hkzgqy.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    O4 - HKLM\..\Run: [NTNC.EXE] C:\WINDOWS\SYSTEM\NTNC.EXE


    and any other random file names that might appear present.
  9. Now delete any of the following files that might be present (once again, make sure that you are in safe mode and that viewing of hidden/system files is enabled)
    C:\WINDOWS\SYSTEM\NTNC.EXE
    C:\WINDOWS\SYSTEM\hkzgqy.exe
    C:\WINDOWS\SYSTEM\MFCYX32.DLL
  10. Run AboutBuster two times in safe mode and save the logs that it will generate.
  11. Run CWShredder and let it fix anything it finds (be sure to hit the "fix" button)
  12. Now run Cleanup! Click on "Clean up Now" and let it run, when it finishes, say NO to reboot now
  13. Next run AdAware and SpyBotS&D and let them remove everything that they find
  14. Finally, Reboot your computer and run AboutBuster two times again. Save the logs once again and post back the logs from AboutBuster and a new HJT log.

Also, if it is possible, try not to restart your computer because everytime that you restart it, your HJT log will be different, and it is important in this case to have the exact file names (since they are random). Thank you. If you have any questions, feel free to ask them.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #8 ·
Okay, so I have downloaded all the programs without any problems. However I'm now having serious performance issues with the computer. For example after 5/6 hours Spybot was only about 1/3 of the way done. Pretty much any application such as games are bogged right down whenever any loading needs to be done. This might possibly be related to all the programs which are running when hitting control alt delete I get a list of around 75 open apps. And I'm sure that 90-95% of those are just crap on the system from some spyware or virus. However the same speed issues are existing in safe mode when these programs do not seem to be running. Also am getting to the point where you get a message stating that there is no memory available you need to close applications. So as you can imagine things are getting very tiring. Wondering if it might not just be easiest to clean erase and reinstall windows (and if you agree some directions for that would be great), or if there might be some software out there that might be able to resolve this issue before handling our other issue.

Also I'll note here that when I run About Buster I get a message stating that Streams(ADS) not scanned: System not NTFS, and it seems to stop there and not continue I have to abort the scan though so it could be just another speed issue with the computer. And also Spybot does not freeze up it continues to work it is just incredibly slow.
 

·
Registered
Joined
·
826 Posts
Billtron said:
Okay, so I have downloaded all the programs without any problems. However I'm now having serious performance issues with the computer. For example after 5/6 hours Spybot was only about 1/3 of the way done. Pretty much any application such as games are bogged right down whenever any loading needs to be done. This might possibly be related to all the programs which are running when hitting control alt delete I get a list of around 75 open apps. And I'm sure that 90-95% of those are just crap on the system from some spyware or virus. However the same speed issues are existing in safe mode when these programs do not seem to be running. Also am getting to the point where you get a message stating that there is no memory available you need to close applications. So as you can imagine things are getting very tiring. Wondering if it might not just be easiest to clean erase and reinstall windows (and if you agree some directions for that would be great), or if there might be some software out there that might be able to resolve this issue before handling our other issue.

Also I'll note here that when I run About Buster I get a message stating that Streams(ADS) not scanned: System not NTFS, and it seems to stop there and not continue I have to abort the scan though so it could be just another speed issue with the computer. And also Spybot does not freeze up it continues to work it is just incredibly slow.
Well the speed issue is because you are running an older version of windows - 98SE, and these applications were designed to be optimal for the XP/NT framework. Nowabout the messege from AboutBuster is because the win98se is a FAT32 partition and not a NTFS (just the way the system is arranged, organized, and compressed). I suppose we'll have to delete files manually. By the way, you are running only ONE program at a time right? Only Ad-aware, spybot, or ewido should be running at a time.

As for the formatting your computer - yes we could format your computer, and it would be easier, but then the scum who make this crapware win. If you are really determined to format your computer and start off clean, you will need to find the Windows instal CD. I'll post further instructions if you are unwilling to keep at the fix and would rather format your computer.

I am available on AIM and that would greatly speed things up if we could get online at the same time.

Best of luck bro.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #10 ·
Yeah I've got to the point now where I've messed around enough with it that I don't mind doing an erase and install. So I think I would prefer just to to take that avenue since I have all my major files backed up any way. In which case if you could provide a step by step instructions for reformatting win 98 SE that'd great thanks.
 

·
Registered
Joined
·
826 Posts
Billtron said:
Yeah I've got to the point now where I've messed around enough with it that I don't mind doing an erase and install. So I think I would prefer just to to take that avenue since I have all my major files backed up any way. In which case if you could provide a step by step instructions for reformatting win 98 SE that'd great thanks.
Well, personally, I highly suggest that you stick with the directions and we will fix it and restore your computer. If you are dead sure you want to format and restore windows to the original state, go ahead and start a new threat asking for help formatting your computer, not in the security forum though. Good luck mon ami.
 
1 - 11 of 11 Posts
Status
Not open for further replies.
Top