New window pop-up adverts!
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 17

Thread: New window pop-up adverts!

  1. #1
    Registered User
    Join Date
    Feb 2007
    Posts
    32

    New window pop-up adverts!

    Hey folks

    First of all, thanks for your help a while back when I had some problems with my webcam. My latest problem is when I'm using Firefox everytime I go to a new site I my compy opens up a new window advertising something like online dating, spyware scans or just general adverts. It's really pissing me off, but I've run several Adware and Spyware scans using customised options, but still I am still interrupted by needless windows trying to sell me something. I don't think their pop ups as I have a blocker enabled, unless that's a bag of ****e itself.

    I have installed and scanned my system using Ad-Aware SE, Spybot Search and Destroy and also CW Shredder as the Microsoft Spyware cleaner has suggested but still nothing.

    Any suggestions are welcome, guys.

    Thanks.

  2. #2
    Registered User Ferrit's Avatar
    Join Date
    Apr 2001
    Location
    Vancouver Island The Real Canada
    Posts
    4,952
    Exactly what programs are you using to scan for spyware cause it sounds like hijacking
    Gigabyte 990FXA-UD3
    AMD FX 8350 4ghz OCTO-Core
    Windows 8.1 PRO 64
    Adata 256 gig SSD
    Kingston HyperX 1600 16 Gigs
    Sapphire R9 280 2gig
    Enermax Liberty Modular 620
    www.northernaurora.net
    http://www.northernaurora.net/page/chat.html

  3. #3
    Registered User
    Join Date
    Feb 2007
    Posts
    32
    I am using Ad-Aware SE Personal, Spybot Search and Destroy and CW Shredder.

  4. #4
    Registered User Ferrit's Avatar
    Join Date
    Apr 2001
    Location
    Vancouver Island The Real Canada
    Posts
    4,952
    Good programs
    Now shut off system restore update all the programs and then reboot to safemode and scan with all 3 in safemode
    Gigabyte 990FXA-UD3
    AMD FX 8350 4ghz OCTO-Core
    Windows 8.1 PRO 64
    Adata 256 gig SSD
    Kingston HyperX 1600 16 Gigs
    Sapphire R9 280 2gig
    Enermax Liberty Modular 620
    www.northernaurora.net
    http://www.northernaurora.net/page/chat.html

  5. #5
    Driver Terrier NooNoo's Avatar
    Join Date
    Dec 2000
    Location
    UK
    Posts
    31,824
    Then download hijackthis from trend micro and post a log.
    Never, ever approach a computer saying or even thinking "I will just do this quickly."

  6. #6
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    Quote Originally Posted by Ferrit
    Good programs
    Now shut off system restore update all the programs and then reboot to safemode and scan with all 3 in safemode
    and make sure your internet is off when you do this.
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  7. #7
    Registered User
    Join Date
    Mar 2007
    Posts
    2
    HijackThis will tell you what's wrong with your pc.
    sorry to post this here, but i couldn't pm you NooNoo, do you need any HJT/PC Security helpers?

    also to original poster, if you download, install and update this program
    http://free.grisoft.com/doc/20/lng/us/tpl/v5
    and do a full system scan in safe mode, should help keep your pc clean.

  8. #8
    Registered User
    Join Date
    Mar 2007
    Posts
    2
    download, install, update this program
    http://free.grisoft.com/doc/20/lng/us/tpl/v5
    then do a full system scan in safe mode.

  9. #9
    Registered User
    Join Date
    Feb 2007
    Posts
    32
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\necmfk\necmfk.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\r?ndll.exe
    C:\Program Files\STK017_V2.01\STK017M.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Documents and Settings\Nick\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
    R3 - URLSearchHook: (no name) - <default> - (no file)
    R3 - URLSearchHook: (no name) - {BB127645-9AF4-B971-D659-BB3EB35376E7} - (no file)
    R3 - URLSearchHook: (no name) - {74B570E8-9159-BAD5-2C02-BECE1CC9E3ED} - (no file)
    R3 - URLSearchHook: (no name) - {90FD2B62-9FD5-E657-A4AB-E4CB5CEC5BB0} - (no file)
    R3 - URLSearchHook: (no name) - {A1D01B13-B2E4-D311-8999-D4E61DAD76F4} - C:\WINDOWS\system32\hhopcal.dll (file missing)
    R3 - URLSearchHook: (no name) - {3A8BA5B8-4109-62DF-7F73-3CB67B6BA0B0} - (no file)
    R3 - URLSearchHook: (no name) - {2964EF48-01AE-7B7D-8B71-2C27C290B9BB} - (no file)
    R3 - URLSearchHook: (no name) - {721D3383-DC62-F5E4-4ED0-F3CAEC53E2BC} - (no file)
    R3 - URLSearchHook: (no name) - {4446F6F2-4F19-3791-3787-3346E4ECD4BA} - (no file)
    R3 - URLSearchHook: (no name) - {CF545E64-ECD4-C501-F7BA-902CF21D04B1} - C:\WINDOWS\system32\kkfvykkf.dll (file missing)
    R3 - URLSearchHook: (no name) - {E3CD3D3A-D388-AB58-F83A-F8EA6EC573E3} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {37BF35C1-8928-F7F9-0E91-F24A44F7A0E6} - (no file)
    R3 - URLSearchHook: (no name) - {66E13397-8C23-F9A2-0E91-F24A44F7A4EB} - (no file)
    R3 - URLSearchHook: (no name) - {57CC03E6-A112-CCE4-23A3-C26705B689AF} - C:\WINDOWS\system32\hiik.dll (file missing)
    R3 - URLSearchHook: (no name) - {B92CA628-43C4-644D-BEC2-37B6DBE52CB0} - (no file)
    R3 - URLSearchHook: (no name) - {88019659-6EF5-510B-93F0-079B9AA401F4} - C:\WINDOWS\system32\ves.dll (file missing)
    R3 - URLSearchHook: (no name) - {B9F6B803-0DBA-7365-938E-732252FC7EE7} - (no file)
    R3 - URLSearchHook: (no name) - {3532F630-1AD7-6603-A0A9-6143C415F7BF} - (no file)
    R3 - URLSearchHook: (no name) - {ED12E38D-5532-71BE-14F6-74E2EE0073B2} - (no file)
    R3 - URLSearchHook: (no name) - {A594F136-1881-3506-A4AF-641331AD6BB3} - (no file)
    R3 - URLSearchHook: (no name) - {E818E4DE-543A-71E8-14F6-74E2EE0026E1} - (no file)
    R3 - URLSearchHook: (no name) - {D935D4AF-790B-44AE-39C4-44CFAF410BA5} - C:\WINDOWS\system32\otnstwv.dll (file missing)
    R3 - URLSearchHook: (no name) - {2414801E-68FE-1671-81D9-1634E371E5E3} - (no file)
    R3 - URLSearchHook: (no name) - {354F81DA-3332-17EF-4CF5-14D4BDB7A9E8} - (no file)
    R3 - URLSearchHook: (no name) - {997A23EF-9D51-E7D1-7BE6-B59E89145FB1} - (no file)
    R3 - URLSearchHook: (no name) - {75BC74EB-9804-BAD5-2C53-BECE1C9DEDB2} - (no file)
    R3 - URLSearchHook: (no name) - {A6301A43-F8FD-D77B-DEAC-D128925567EF} - (no file)
    R3 - URLSearchHook: (no name) - {A2611F4D-FEFB-D57B-DCAC-D128930332ED} - C:\WINDOWS\system32\nskfj.dll (file missing)
    R3 - URLSearchHook: (no name) - {B720C70F-2DBB-5133-9EA8-5150D48729E3} -

  10. #10
    Registered User
    Join Date
    Feb 2007
    Posts
    32
    C:\WINDOWS\system32\uycb.dll (file missing)
    O2 - BHO: (no name) - {0682A7F5-0252-6CA0-6FF3-628D18CFD2AB} - C:\WINDOWS\system32\zojf.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0D79FC42-1280-3177-A4DA-33C6FE6492C9} - C:\WINDOWS\system32\dbjeeiu.dll (file missing)
    O2 - BHO: (no name) - {3854CC42-3FB3-0443-89EA-03EBCE54BFF9} - C:\WINDOWS\system32\dbjeeiu.dll (file missing)
    O2 - BHO: (no name) - {424085C2-2261-46C8-07B0-16AADA9094AA} - C:\WINDOWS\system32\agloromt.dll (file missing)
    O2 - BHO: (no name) - {503CB28B-4B24-2C81-4465-7B1CF1FBD3FA} - C:\WINDOWS\system32\kxxe.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {556DC645-64E8-5C1F-D788-508EA8CED5AD} - C:\WINDOWS\system32\eyt.dll (file missing)
    O2 - BHO: (no name) - {57CC03E6-A112-CCE4-23A3-C26705B689AF} - C:\WINDOWS\system32\hiik.dll (file missing)
    O2 - BHO: (no name) - {6440F634-49D9-6959-FABA-60A3E98FF8E9} - C:\WINDOWS\system32\eyt.dll (file missing)
    O2 - BHO: (no name) - {6511828B-6617-19B5-6955-4B31C1CBFECA} - C:\WINDOWS\system32\kxxe.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7FB03851-98A5-FF53-9B0B-F8342038FAFC} - C:\WINDOWS\system32\iai.dll (file missing)
    O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
    O2 - BHO: (no name) - {88019659-6EF5-510B-93F0-079B9AA401F4} - C:\WINDOWS\system32\ves.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {947E5F87-FB73-99DE-4A41-9912B2411DA3} - C:\WINDOWS\system32\nni.dll (file missing)
    O2 - BHO: (no name) - {9594F8DF-403E-6DE2-4465-6853368357E4} - C:\WINDOWS\system32\orr.dll (file missing)
    O2 - BHO: (no name) - {A1D01B13-B2E4-D311-8999-D4E61DAD76F4} - C:\WINDOWS\system32\hhopcal.dll (file missing)
    O2 - BHO: (no name) - {A2611F4D-FEFB-D57B-DCAC-D128930332ED} - C:\WINDOWS\system32\nskfj.dll (file missing)
    O2 - BHO: (no name) - {A4B9C8AE-6D0F-58A4-6957-587E77C27AA0} - C:\WINDOWS\system32\orr.dll (file missing)
    O2 - BHO: (no name) - {AC6C4354-B4A1-8203-9CAB-D766F65A27A0} - C:\WINDOWS\system32\haddy.dll (file missing)
    O2 - BHO: (no name) - {B720C70F-2DBB-5133-9EA8-5150D48729E3} - C:\WINDOWS\system32\uycb.dll (file missing)
    O2 - BHO: (no name) - {B899FC3D-5D95-396B-F656-3DE80E4F6AA4} - C:\WINDOWS\system32\mplszpva.dll (file missing)
    O2 - BHO: (no name) - {C92A75BD-C859-E58B-2EE0-B59E8A1551B3} - C:\WINDOWS\system32\zisjl.dll (file missing)
    O2 - BHO: (no name) - {CF545E64-ECD4-C501-F7BA-902CF21D04B1} - C:\WINDOWS\system32\kkfvykkf.dll (file missing)
    O2 - BHO: (no name) - {D935D4AF-790B-44AE-39C4-44CFAF410BA5} - C:\WINDOWS\system32\otnstwv.dll (file missing)
    O2 - BHO: (no name) - {F78163FC-9054-F1F2-3B86-F5F41FBF23A0} - C:\WINDOWS\system32\gfocew.dll (file missing)
    O2 - BHO: (no name) - {F80745CC-E568-D0CD-03D2-85B3CB547CF7} - C:\WINDOWS\system32\zisjl.dll (file missing)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [DbaD] C:\WINDOWS\unvxyj.exe
    O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aÆ+À¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\unvxyj.exe
    O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aüžõgFC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\unvxyj.exe
    O4 - HKLM\..\Run: [ilqv] C:\WINDOWS\ilqv.exe
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Fivs] C:\WINDOWS\system32\r?ndll.exe
    O4 - HKCU\..\Run: [Waoe] "C:\DOCUME~1\Nick\MYDOCU~1\FNTS~1\dexplore.exe " -vt ndrv
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: STK017 PNP Monitor.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119130434484
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63B66D8E-90A7-4924-BFC3-E387F9F84AB8}: NameServer = 85.255.113.146,85.255.112.66
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F8CA9051-8056-488D-B4BE-9D1C474B77CD}: NameServer = 85.255.113.146,85.255.112.66
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
    O20 - AppInit_DLLs:
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 12991 bytes

    Thats the logfile.

    And they're still popping up.

    How do I do boot scan?

  11. #11
    Driver Terrier NooNoo's Avatar
    Join Date
    Dec 2000
    Location
    UK
    Posts
    31,824
    Well you have a lovely bunch of spyware there...

    Boot to safe mode, run hijack this again to remind you where this stuff is
    find and delete the file C:\WINDOWS\system32\r?ndll.exe

    Check the following in hijack this and click fix.

    R3 - URLSearchHook: (no name) - <default> - (no file)
    R3 - URLSearchHook: (no name) - {BB127645-9AF4-B971-D659-BB3EB35376E7} - (no file)
    R3 - URLSearchHook: (no name) - {74B570E8-9159-BAD5-2C02-BECE1CC9E3ED} - (no file)
    R3 - URLSearchHook: (no name) - {90FD2B62-9FD5-E657-A4AB-E4CB5CEC5BB0} - (no file)
    R3 - URLSearchHook: (no name) - {A1D01B13-B2E4-D311-8999-D4E61DAD76F4} - C:\WINDOWS\system32\hhopcal.dll (file missing)
    R3 - URLSearchHook: (no name) - {3A8BA5B8-4109-62DF-7F73-3CB67B6BA0B0} - (no file)
    R3 - URLSearchHook: (no name) - {2964EF48-01AE-7B7D-8B71-2C27C290B9BB} - (no file)
    R3 - URLSearchHook: (no name) - {721D3383-DC62-F5E4-4ED0-F3CAEC53E2BC} - (no file)
    R3 - URLSearchHook: (no name) - {4446F6F2-4F19-3791-3787-3346E4ECD4BA} - (no file)
    R3 - URLSearchHook: (no name) - {CF545E64-ECD4-C501-F7BA-902CF21D04B1} - C:\WINDOWS\system32\kkfvykkf.dll (file missing)
    R3 - URLSearchHook: (no name) - {E3CD3D3A-D388-AB58-F83A-F8EA6EC573E3} - (no file)



    R3 - URLSearchHook: (no name) - {37BF35C1-8928-F7F9-0E91-F24A44F7A0E6} - (no file)
    R3 - URLSearchHook: (no name) - {66E13397-8C23-F9A2-0E91-F24A44F7A4EB} - (no file)
    R3 - URLSearchHook: (no name) - {57CC03E6-A112-CCE4-23A3-C26705B689AF} - C:\WINDOWS\system32\hiik.dll (file missing)
    R3 - URLSearchHook: (no name) - {B92CA628-43C4-644D-BEC2-37B6DBE52CB0} - (no file)
    R3 - URLSearchHook: (no name) - {88019659-6EF5-510B-93F0-079B9AA401F4} - C:\WINDOWS\system32\ves.dll (file missing)
    R3 - URLSearchHook: (no name) - {B9F6B803-0DBA-7365-938E-732252FC7EE7} - (no file)
    R3 - URLSearchHook: (no name) - {3532F630-1AD7-6603-A0A9-6143C415F7BF} - (no file)
    R3 - URLSearchHook: (no name) - {ED12E38D-5532-71BE-14F6-74E2EE0073B2} - (no file)
    R3 - URLSearchHook: (no name) - {A594F136-1881-3506-A4AF-641331AD6BB3} - (no file)
    R3 - URLSearchHook: (no name) - {E818E4DE-543A-71E8-14F6-74E2EE0026E1} - (no file)
    R3 - URLSearchHook: (no name) - {D935D4AF-790B-44AE-39C4-44CFAF410BA5} - C:\WINDOWS\system32\otnstwv.dll (file missing)
    R3 - URLSearchHook: (no name) - {2414801E-68FE-1671-81D9-1634E371E5E3} - (no file)
    R3 - URLSearchHook: (no name) - {354F81DA-3332-17EF-4CF5-14D4BDB7A9E8} - (no file)
    R3 - URLSearchHook: (no name) - {997A23EF-9D51-E7D1-7BE6-B59E89145FB1} - (no file)
    R3 - URLSearchHook: (no name) - {75BC74EB-9804-BAD5-2C53-BECE1C9DEDB2} - (no file)
    R3 - URLSearchHook: (no name) - {A6301A43-F8FD-D77B-DEAC-D128925567EF} - (no file)
    R3 - URLSearchHook: (no name) - {A2611F4D-FEFB-D57B-DCAC-D128930332ED} - C:\WINDOWS\system32\nskfj.dll (file missing)
    R3 - URLSearchHook: (no name) - {B720C70F-2DBB-5133-9EA8-5150D48729E3} -
    C:\WINDOWS\system32\uycb.dll (file missing)
    O2 - BHO: (no name) - {0682A7F5-0252-6CA0-6FF3-628D18CFD2AB} - C:\WINDOWS\system32\zojf.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0D79FC42-1280-3177-A4DA-33C6FE6492C9} - C:\WINDOWS\system32\dbjeeiu.dll (file missing)
    O2 - BHO: (no name) - {3854CC42-3FB3-0443-89EA-03EBCE54BFF9} - C:\WINDOWS\system32\dbjeeiu.dll (file missing)
    O2 - BHO: (no name) - {424085C2-2261-46C8-07B0-16AADA9094AA} - C:\WINDOWS\system32\agloromt.dll (file missing)
    O2 - BHO: (no name) - {503CB28B-4B24-2C81-4465-7B1CF1FBD3FA} - C:\WINDOWS\system32\kxxe.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {556DC645-64E8-5C1F-D788-508EA8CED5AD} - C:\WINDOWS\system32\eyt.dll (file missing)
    O2 - BHO: (no name) - {57CC03E6-A112-CCE4-23A3-C26705B689AF} - C:\WINDOWS\system32\hiik.dll (file missing)
    O2 - BHO: (no name) - {6440F634-49D9-6959-FABA-60A3E98FF8E9} - C:\WINDOWS\system32\eyt.dll (file missing)
    O2 - BHO: (no name) - {6511828B-6617-19B5-6955-4B31C1CBFECA} - C:\WINDOWS\system32\kxxe.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7FB03851-98A5-FF53-9B0B-F8342038FAFC} - C:\WINDOWS\system32\iai.dll (file missing)
    O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
    O2 - BHO: (no name) - {88019659-6EF5-510B-93F0-079B9AA401F4} - C:\WINDOWS\system32\ves.dll (file missing)
    O2 - BHO: (no name) - {947E5F87-FB73-99DE-4A41-9912B2411DA3} - C:\WINDOWS\system32\nni.dll (file missing)
    O2 - BHO: (no name) - {9594F8DF-403E-6DE2-4465-6853368357E4} - C:\WINDOWS\system32\orr.dll (file missing)
    O2 - BHO: (no name) - {A1D01B13-B2E4-D311-8999-D4E61DAD76F4} - C:\WINDOWS\system32\hhopcal.dll (file missing)
    O2 - BHO: (no name) - {A2611F4D-FEFB-D57B-DCAC-D128930332ED} - C:\WINDOWS\system32\nskfj.dll (file missing)
    O2 - BHO: (no name) - {A4B9C8AE-6D0F-58A4-6957-587E77C27AA0} - C:\WINDOWS\system32\orr.dll (file missing)
    O2 - BHO: (no name) - {AC6C4354-B4A1-8203-9CAB-D766F65A27A0} - C:\WINDOWS\system32\haddy.dll (file missing)
    O2 - BHO: (no name) - {B720C70F-2DBB-5133-9EA8-5150D48729E3} - C:\WINDOWS\system32\uycb.dll (file missing)
    O2 - BHO: (no name) - {B899FC3D-5D95-396B-F656-3DE80E4F6AA4} - C:\WINDOWS\system32\mplszpva.dll (file missing)
    O2 - BHO: (no name) - {C92A75BD-C859-E58B-2EE0-B59E8A1551B3} - C:\WINDOWS\system32\zisjl.dll (file missing)
    O2 - BHO: (no name) - {CF545E64-ECD4-C501-F7BA-902CF21D04B1} - C:\WINDOWS\system32\kkfvykkf.dll (file missing)
    O2 - BHO: (no name) - {D935D4AF-790B-44AE-39C4-44CFAF410BA5} - C:\WINDOWS\system32\otnstwv.dll (file missing)
    O2 - BHO: (no name) - {F78163FC-9054-F1F2-3B86-F5F41FBF23A0} - C:\WINDOWS\system32\gfocew.dll (file missing)
    O2 - BHO: (no name) - {F80745CC-E568-D0CD-03D2-85B3CB547CF7} - C:\WINDOWS\system32\zisjl.dll (file missing)

    O4 - HKLM\..\Run: [DbaD] C:\WINDOWS\unvxyj.exe
    O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aÆ+À¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\unvxyj.exe
    O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aüžõgFC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\unvxyj.exe
    O4 - HKLM\..\Run: [ilqv] C:\WINDOWS\ilqv.exe
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto


    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

    O17 - HKLM\System\CCS\Services\Tcpip\..\{63B66D8E-90A7-4924-BFC3-E387F9F84AB8}: NameServer = 85.255.113.146,85.255.112.66
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F8CA9051-8056-488D-B4BE-9D1C474B77CD}: NameServer = 85.255.113.146,85.255.112.66
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66

    Now got to http://housecall.trendmicro.com and run a full scan... AVG you may as well uninstall as it is doing absolutely nothing for you right now... you need the new 7.5 version.
    Never, ever approach a computer saying or even thinking "I will just do this quickly."

  12. #12
    Driver Terrier NooNoo's Avatar
    Join Date
    Dec 2000
    Location
    UK
    Posts
    31,824
    Quote Originally Posted by Rorschach
    HijackThis will tell you what's wrong with your pc.
    sorry to post this here, but i couldn't pm you NooNoo, do you need any HJT/PC Security helpers?

    also to original poster, if you download, install and update this program
    http://free.grisoft.com/doc/20/lng/us/tpl/v5
    and do a full system scan in safe mode, should help keep your pc clean.

    Welcome to Windrivers Rorschach

    The more the merrier! And now you should be able to pm me.
    Never, ever approach a computer saying or even thinking "I will just do this quickly."

  13. #13
    Registered User slgrieb's Avatar
    Join Date
    Feb 2003
    Posts
    4,103
    latrelus, just what sort of options are you setting on your customized scans? Much more of this should have already been detected and removed, I'd think. I didn't see where you said that you had disabled System Restore during any of these scans. Did I also miss the part where you ran them in Safe Mode?

    What AV software are you using. Frankly, since you have AVG, try something a bit more effective like a trial download of NOD32, or an online scan from Trend Micro or BitDefender.

  14. #14
    Registered User
    Join Date
    Feb 2007
    Posts
    32
    Yes, I have disabled system restore and these tests have been run in safe mode.

  15. #15
    Driver Terrier NooNoo's Avatar
    Join Date
    Dec 2000
    Location
    UK
    Posts
    31,824
    did you carry out the deletions I suggested above?
    Never, ever approach a computer saying or even thinking "I will just do this quickly."

Similar Threads

  1. Copy/Paste in a DOS Prompt window
    By confus-ed in forum Tech Tips
    Replies: 7
    Last Post: November 4th, 2004, 11:26 PM
  2. Getting Outlook to open URL's in new window.
    By riddellcomp in forum Microsoft Office
    Replies: 3
    Last Post: June 28th, 2004, 04:03 AM
  3. Can't close the active window???
    By pinhead in forum Tech-To-Tech
    Replies: 1
    Last Post: June 11th, 2004, 09:53 AM
  4. wrong window size
    By Visgothy in forum Windows 95/98/98SE/ME
    Replies: 4
    Last Post: June 18th, 2002, 01:46 PM
  5. Window / Window 98 folders
    By HMG1K in forum Windows 95/98/98SE/ME
    Replies: 4
    Last Post: April 29th, 2001, 08:17 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •