I don't know what to do anymore

Discussion in 'adware, spyware & hijack cleaning' started by mrspydr, Apr 16, 2004.

Thread Status:
Not open for further replies.
  1. mrspydr

    mrspydr Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    19
    This is a neverending everytime i think i'm done something else comes back. Help ME PLEASE.
    Logfile of HijackThis v1.97.7
    Scan saved at 2:26:29 PM, on 4/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\WINDOWS\GWMDMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\SAP\FrontEnd\SAPgui\saplgpad.exe
    C:\Program Files\SAP\FrontEnd\SAPgui\sapfewgsrv.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\WINDOWS\System32\MAPISP32.EXE
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\jsipe\LOCALS~1\Temp\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 207.36.196.189 ieautosearch
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38016.5819444444
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi mrspydr,

    Welcome to Wilders.

    Before you start, please unzip or move HijackThis to a separate folder of its own. The program will make backups to the folder it's in. These easily get lost in a temporary folder or a folder with other programs.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 207.36.196.189 ieautosearch

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab

    Reboot.

    Now download Ad-Aware and double-click to install.
    Then follow the following steps:

    1.) Start Ad-Aware by double-clicking on its desktop icon.
    2.) Update Ad-aware by using its Globe icon.
    3.) After updating, close all IE windows, then close and restart Ad-aware.
    4.) Be sure the following items are checked under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
    "Unload recognized processes during scanning".
    5.) Be sure the following items are checked under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    "Automatically mark all objects in result list".
    "Automatically try to unregister objects prior to deletion".
    "XP/2000: Allow unloading explorer to unload shell extensions prior deletion" <-- Check only if you have Windows XP or 2000.
    "Let Windows remove files in use after reboot".
    6.) Press "Scan Now".
    7.) Check option "Use Custom scanning options".
    8.) Check option "Activate In-Depth Scan".
    9.) Press "Select drives\folders to scan".
    10.) Select the active partition which is usually C:
    11.) Press "Next" to let Ad-aware scan your drives...
    12.) If it finds "bad" files and registry keys, press "Next" again.
    13.) All items should be checked. if not right-click in that pane and choose "select all".
    14.) Press "next".
    15.) When it asks to remove all checked items, Press "OK".
    16.) You may now exit out of Ad-Aware and reboot your system. Then go to the next section for SpyBot S&D.

    Now download Spybot S&D and install by double-clicking on the downloaded file.
    Then follow the following steps:

    1.) Run Spybot S&D from desktop icon or Start menu.
    2.) Press "Search for updates" button to get list of updates available.
    3.) Press "Download updates" button.
    4.) Close all IE windows, then close and restart Spybot S&D.
    5.) Press "Check for problems" button.
    6.) Have SpyBot remove all it marks in red by pressing "Fix selected problems".
    7.) You may now exit out of Ad-Aware and reboot your system. Then go to the next section for CWShredder.

    Please download the latest copy of CWShredder and run by double-clicking the icon of the file you just downloaded.
    Click FIX and follow the instructions given.

    Now reboot your system and post a new HJT log.

    Regards,
    Kent
     
  3. mrspydr

    mrspydr Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    19
    Here is what i have now. I still get a sharewareonline.com page the first time i log on still. When i close it and log back in to ie i don't get it back but on a reboot i get it the first time i try to get online.
    Logfile of HijackThis v1.97.7
    Scan saved at 3:35:39 PM, on 4/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\WINDOWS\GWMDMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\system32\userinit.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\jsipe\LOCALS~1\Temp\HijackThis.exe

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38016.5819444444
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Download this zip: http://www.zero.vulc4n.com/downloads/pv.zip, unzip it to the desktop.
    Be sure to have at least 1 Internet Explorer open, then double click on the runme.bat.

    select option 2 internet explorer dll and press return
    Notepad will open with a log in it

    copy & paste the contents of that log back here in a reply
     
  5. mrspydr

    mrspydr Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    19
    HELP

    You have included too many images in your signature or in your previous post. Please go back and correct the problem and then continue again.

    Images include use of smilies, the vB code tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator.

    I keep getting this error when i try to post my log in response to a hijack.
     
  6. mrspydr

    mrspydr Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    19
    I ran it like you told me but i can not reply to you w/ the log. I get an error.


     
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    what error do you get

    if it is a message about too many images or smillies then
    press post reply and under additional options tick disable smillies and then post the log
     
  8. mrspydr

    mrspydr Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    19

    Module information for 'iexplore.exe'
    MODULE BASE SIZE PATH
    iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer
    ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) NT Layer DLL
    kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
    msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
    USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) Windows XP USER API Client DLL
    GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
    ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
    RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
    SHLWAPI.dll 70a70000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Light-weight Utility Library
    SHDOCVW.dll 769c0000 1343488 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1145 (xpsp2.021108-1929) Shell Doc Object and Control Library
    LPK.DLL 629c0000 32768 C:\WINDOWS\System32\LPK.DLL 5.1.2600.0 (xpclient.010817-114:cool: Language Pack
    USP10.dll 72fa0000 368640 C:\WINDOWS\System32\USP10.dll 1.0409.2600.1106 (xpsp1.020828-1920) Uniscribe Unicode script processor
    comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
    SHELL32.dll 773d0000 8331264 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Windows Shell Common Dll
    comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
    ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE for Windows
    uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme Library
    SynTPFcs.dll 63000000 81920 C:\WINDOWS\System32\SynTPFcs.dll 6.0.23 14Nov01 SynTPFcs
    VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-114:cool: Version Checking and File Installation Libraries
    BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library
    browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library
    appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
    CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
    OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
    COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
    WININET.dll 76200000 622592 C:\WINDOWS\system32\WININET.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet Extensions for Win32
    CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Crypto API32
    MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
    Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
    cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Client Side Caching UI
    CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-114:cool: Offline Network Agent
    SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
    urlmon.dll 760f0000 495616 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1143 (xpsp2.021108-1929) OLE32 Extensions for Win32
    shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-114:cool: Shell Doc Object and Control Library
    mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-114:cool: Multi Language Support DLL
    wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Socket 32-Bit DLL
    WS2_32.dll 71ab0000 81920 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.1240 (xpsp2.030618-0119) Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Socket 2.0 Helper for Windows NT
    mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-114:cool: Microsoft Windows Sockets 2.0 Service Provider
    wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Sockets Helper DLL
    RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Remote Access API
    rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
    NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
    TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows(TM) Telephony API Client DLL
    rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-114:cool: Routing Utilities
    WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
    serwvdrv.dll 5cd70000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-114:cool: Unimodem Serial Wave driver
    umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-114:cool: Unimodem Tranform Module
    sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
    msi.dll 17c0000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
    SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
    USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
    DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
    winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-114:cool: LDAP RnR Provider DLL
    WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
    rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-114:cool: Remote Access AutoDial Helper
    mshtml.dll 74810000 2846720 C:\WINDOWS\System32\mshtml.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft (R) HTML Viewer
    msimtf.dll 746f0000 155648 C:\WINDOWS\System32\msimtf.dll 5.1.2600.1106 (xpsp1.020828-1920) Active IMM Server DLL
    MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) MSCTF Server DLL
    IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows XP IMM32 API Client DLL
    jscript.dll 6b700000 589824 C:\WINDOWS\System32\jscript.dll 5.6.0.8513 Microsoft (r) JScript
    MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
    vbscript.dll 73300000 479232 C:\WINDOWS\System32\vbscript.dll 5.6.0.7426 Microsoft (r) VBScript
    Flash.ocx 10000000 1732608 C:\WINDOWS\System32\macromed\flash\Flash.ocx 7,0,19,0 Macromedia Flash Player 7.0 r19
    comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) Common Dialogs DLL
    wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-114:cool: WDM Audio driver mapper
    msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-114:cool: Microsoft Sound Mapper
    MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-114:cool: Microsoft ACM Audio Filter
    midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-114:cool: Microsoft MIDI Mapper
    dxtrans.dll 6bdd0000 208896 C:\WINDOWS\System32\dxtrans.dll 6.00.2800.1106 (xpsp1.020828-1920) DirectX Media -- DirectX Transform Core
    ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
    ddrawex.dll 6d430000 36864 C:\WINDOWS\System32\ddrawex.dll 5.1.2600.0 (xpclient.010817-114:cool: Direct Draw Ex
    DDRAW.dll 73760000 278528 C:\WINDOWS\System32\DDRAW.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft DirectDraw
    DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll 5.1.2600.0 (xpclient.010817-114:cool: DCI Manager
    dxtmsft.dll 6be10000 348160 C:\WINDOWS\System32\dxtmsft.dll 6.00.2800.1106 (xpsp1.020828-1920) DirectX Media -- Image DirectX Transforms
    iepeers.dll 66e50000 241664 C:\WINDOWS\System32\iepeers.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer Peer Objects
    WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spooler Driver
    msxml3.dll 72e00000 1134592 C:\WINDOWS\system32\msxml3.dll 8.30.9926.0 MSXML 3.0 SP 3
    imgutil.dll 66880000 40960 C:\WINDOWS\System32\imgutil.dll 6.00.2800.1106 (xpsp1.020828-1920) IE plugin image decoder support DLL
    Wbhook32.dll 11c00000 253952 C:\Program Files\Network Associates\VirusScan\Wbhook32.dll
    WbhkRes.dll 48c0000 36864 C:\Program Files\Network Associates\VirusScan\Res09\WbhkRes.dll
    NAKRNL32.DLL 48d0000 73728 C:\Program Files\Common Files\Network Associates\McPal\NAKRNL32.DLL 6.0.0.472 Kernel Services DLL
    NAUTIL32.DLL 4a00000 196608 C:\Program Files\Common Files\Network Associates\McPal\NAUTIL32.DLL 6.0.0.491 Utility Services DLL
    MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-114:cool: Multiple Provider Router DLL
    naUtlRes.dll 4b40000 20480 C:\Program Files\Common Files\Network Associates\McPal\Res0901\naUtlRes.dll 6.0.0.491 Core Resources DLL
    MCSCAN32.DLL 12000000 1839104 C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx\MCSCAN32.DLL 4.3.20 AV Scanning Engine
    naARCHIV.DLL 4c60000 319488 C:\Program Files\Common Files\Network Associates\McPal\naARCHIV.DLL 6.0.0.491 Compressed File Services DLL
    LZ32.dll 73dc0000 12288 C:\WINDOWS\system32\LZ32.dll 5.1.2600.0 (xpclient.010817-114:cool: LZ Expand/Compress API DLL
    NAEVENT.DLL 4dc0000 172032 C:\Program Files\Common Files\Network Associates\McPal\NAEVENT.DLL 6.0.0.491 Client Event Interface DLL
    naEvtRes.dll 4f00000 28672 C:\Program Files\Common Files\Network Associates\McPal\Res0901\naEvtRes.dll 6.0.0.491 Client Event Interface Resources
    VsUtil.dll 11400000 266240 C:\Program Files\Network Associates\VirusScan\VsUtil.dll
    VsutlRes.dll 5020000 90112 C:\Program Files\Network Associates\VirusScan\Res09\VsutlRes.dll
    NTClient.dll 11d00000 106496 C:\Program Files\Network Associates\VirusScan\NTClient.dll
    Syncutil.dll 11a00000 331776 C:\Program Files\Network Associates\VirusScan\Syncutil.dll
    resdll.dll 11700000 315392 C:\Program Files\Network Associates\VirusScan\Res09\resdll.dll
    AvParam.dll 13000000 53248 C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx\AvParam.dll 4.3.20 AV Scanning Engine
    MSJAVA.dll 7c000000 958464 C:\WINDOWS\System32\MSJAVA.dll 5.00.3810 Microsoft® VM
    VMHELPER.DLL 7c520000 294912 C:\WINDOWS\System32\VMHELPER.DLL 5.00.3810 Microsoft® VM Helper Library
    drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-114:cool: Microsoft Terminal Server Network Provider
    ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
    NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-114:cool: NT LM UI Common Code - GUI Classes
    NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-114:cool: NT LM UI Common Code - Networking classes
    NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-114:cool: Net Remote Admin Protocol DLL
    SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
    davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-114:cool: Web DAV Client DLL
    sti.dll 73ba0000 73728 C:\WINDOWS\System32\sti.dll 5.1.2600.1106 (xpsp1.020828-1920) Still Image Devices client DLL
    CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-114:cool: Configuration Manager Forwarder DLL
    mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft (R) HTML Editing Component
    ACTXPRXY.DLL 71d40000 110592 C:\WINDOWS\System32\ACTXPRXY.DLL 6.00.2600.0000 (XPClient.010817-114:cool: ActiveX Interface Marshaling Library
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    that's clean
    you haven't got the hijacker we thought you might have
     
  10. mrspydr

    mrspydr Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    19

    I'm still getting pop up ads even when internet explorer is not on. I've run spybot, adware and all the fixes you guys have told me. Is there anything else i can do.
     
  11. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
  12. mrspydr

    mrspydr Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    19
    I'll try that one thanks.
    Here is the Host reader log
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host
    127.0.0.1 www.igetnet.com
    127.0.0.1 code.ignphrases.com
    127.0.0.1 clear-search.com
    127.0.0.1 r1.clrsch.com
    127.0.0.1 sds.clrsch.com
    127.0.0.1 status.clrsch.com
    127.0.0.1 www.clrsch.com
    127.0.0.1 clr-sch.com
    127.0.0.1 sds-qckads.com
    127.0.0.1 status.qckads.com
    207.36.196.189 auto.search.msn.com
    207.36.196.189 search.netscape.com
    207.36.196.189 ieautosearch
    w.clrsch.com


     
    Last edited: Apr 21, 2004
  13. mrspydr

    mrspydr Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    19
    This is the host reader log. I did the reset to default and when reboot it comes back.
     
  14. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    try using this one
    http://members.aol.com/toadbee/hoster.zip

    and tick every item in the hosts file and press delete

    then reboot and see if that cures it.

    please copy & paste the contents of the hosts file back here afterwards again please
     
Thread Status:
Not open for further replies.