[Solved]Autoupdate, Popups Problem!

Discussion in 'adware, spyware & hijack cleaning' started by thediningdead, Jul 11, 2004.

Thread Status:
Not open for further replies.
  1. thediningdead

    thediningdead Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    6
    I ran ad ware 6.0 and it got rid of a lot of malware on my computer. But when I tried to delete all the files, it said it couldn't delete a program called autoupdate. So, I went to my program files and deleted it myself. The problem is, it keeps on reinstalling it back into my computer. And I'm having so many popups appear now. Also, something very odd happenes when I click on a hyper link. The window will pop up a second and then disapear. A few days back it was doing this and I just re clicked the hyperlink and it would be ok. But as of today, it wont even let me click on a hyper link.

    I ran adware 6.0 and HijackThis. Here is my HyjackThis log file. Thanks in advance for the help.

    Logfile of HijackThis v1.97.7
    Scan saved at 2:04:16 PM, on 07/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\documents and settings\adrian\local settings\temp\va5F8Dw.exe
    C:\WINDOWS\System32\IEHost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common files\WinTools\WToolsA.exe
    C:\Program Files\Common files\WinTools\WToolsS.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AIM95\aim.exe
    C:\WINDOWS\System32\ssdquoui.exe
    C:\WINDOWS\System32\storstart.exe
    C:\Program Files\SysAI\SysAI.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50093
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll
    O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [va5F8Dw] C:\documents and settings\adrian\local settings\temp\va5F8Dw.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [57N3ZAW2N5SGR9] C:\WINDOWS\System32\Xej7.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [rq7V36V] ssdquoui.exe
    O4 - HKCU\..\Run: [pngfilt] C:\WINDOWS\System32\pngfilt.exe
    O4 - HKCU\..\Run: [a9o9RWZ7R] storstart.exe
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Encarta Encyclopedia (HKLM)
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Define (HKLM)
    O9 - Extra 'Tools' menuitem: Define (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot7_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
     
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Autoupdate, Popups Problem!

    Hi thediningdead

    Download the peper fix here. Make sure you are connected to the net and run it. If asked by your firewall for permission to access the net, please grant permission. Reboot and run it a second time while connected to the net.

    Download cwshredder here Close all browser windows and click on the fix/next button.

    Press Ctrl+Alt+Del and 'end task' on any of the follow that are present:
    WToolsA.exe


    Check the following items in HijackThis.
    Close all windows except HijackThis and click "Fix checked":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50093

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll
    O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [va5F8Dw] C:\documents and settings\adrian\local settings\temp\va5F8Dw.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [57N3ZAW2N5SGR9] C:\WINDOWS\System32\Xej7.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [rq7V36V] ssdquoui.exe
    O4 - HKCU\..\Run: [pngfilt] C:\WINDOWS\System32\pngfilt.exe
    O4 - HKCU\..\Run: [a9o9RWZ7R] storstart.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    NOTE....even in safe mode you may have to open taskmanager and end task on some of them before you can delete them.

    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following files\folders IF still present:

    C:\Program Files\Viewpoint <------folder
    C:\documents and settings\adrian\local settings\temp\va5F8Dw.exe
    C:\WINDOWS\System32\IEHost.exe
    C:\WINDOWS\System32\Xej7.exe
    C:\WINDOWS\System32\dp-him.exe
    C:\Program Files\Common files\WinTools <---------folder
    C:\Program Files\AutoUpdate
    C:\WINDOWS\System32\pngfilt.exe

    Then reboot and use AdAware as described :
    HERE

    Then use the Disk Cleanup Utility to empty all your Temp folders.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Problems gone?
     
  3. thediningdead

    thediningdead Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    6
    Re: Autoupdate, Popups Problem!

    Marianna, Thanks for everything! It seems to be working just fine. I'll give you a yell if anything else happens! You are awesome! Thanks!@!!!!!! :D :D
     
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Autoupdate, Popups Problem!

    HI thediningdead

    Thanks for your feedback ! Sure - maybe "smoke signals" are better :D

    Happy Safe Computing !
     
  5. thediningdead

    thediningdead Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    6
    ahh, well for one day everything was ok, but now I am having popups!

    i wil post my my hijackThis log

    Logfile of HijackThis v1.97.7
    Scan saved at 12:57:19 PM, on 07/13/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\LiveJournal\LiveJournal.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\WINDOWS\System32\kerin.exe
    C:\WINDOWS\System32\scrpro32.exe
    C:\Program Files\SysAI\SysAI.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [rq7V36V] kerin.exe
    O4 - HKCU\..\Run: [a9o9RWZ7R] scrpro32.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Encarta Encyclopedia (HKLM)
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Define (HKLM)
    O9 - Extra 'Tools' menuitem: Define (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot7_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

    thanks in advance!
     
  6. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: [NOT Solved!]Autoupdate, Popups Problem!

    Hi thediningdead

    I guess, you didn't delete everything :'(

    First update or download CWShredder to version 1.59.1
    CWShredder (http://www.spywareinfoforum.com/~merijn/files/CWShredder.exe)
    Use the Fix button and follow the instructions you will receive.

    Other download sites: http://www.net-integration.net/tools/hijackthis.html

    Press Ctrl+Alt+Del and 'end task' on any of the follow that are present:
    WToolsA.exe
    AutoUpdate.exe
    kerin.exe
    scrpro32.exe

    Check the following items in HijackThis.
    Close all windows except HijackThis and click "Fix checked":

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)

    O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [rq7V36V] kerin.exe
    O4 - HKCU\..\Run: [a9o9RWZ7R] scrpro32.exe

    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following items IF still present:

    Common files\WinTools <---------folder
    C:\Program Files\AutoUpdate <-------folder

    Then reboot and use AdAware as described :
    HERE

    and use SpybotS&D as described here

    Then use the Disk Cleanup Utility to empty all your Temp folders.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Go to WINDOWS UPDATE - NEW critical updates today !
     
  7. thediningdead

    thediningdead Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    6
    Re: [NOT Solved!]Autoupdate, Popups Problem!

    Thanks again. I did everything and I double checked. I hope everything works. I'll keep you updated. Did I tell you I love you? :) Thanks again :)

    :D
     
  8. thediningdead

    thediningdead Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    6
    Re: [NOT Solved!]Autoupdate, Popups Problem!

    Ok, everything went smooth but when I ran Spybot, it deleted most of the files but said it sould not delete the follwing files. I did it twice and it did the same thing

    DownloadWare
    Cydoor

    everything esle was ok. any advice on those two files?
     
  9. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: [NOT Solved!]Autoupdate, Popups Problem!

    Well, you should for sure get rid of "that stuff"!

    Have a look here:

    DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers.

    http://www.doxdesk.com/parasite/DownloadWare.html
    http://www.pestpatrol.com/PestInfo/d/downloadware.asp

    ............

    Cydoor

    Advertising Spyware: CyDoor CD_Load.exe and CD_Clint.dll

    http://cexx.org/cydoor.htm
    http://www.pestpatrol.com/PestInfo/C/Cydoor.asp
     
  10. thediningdead

    thediningdead Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    6
    Re: [NOT Solved!]Autoupdate, Popups Problem!

    Ok, i read a lot on that stuff. i did what it told me. so far so good. thanks again :)
     
  11. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: [NOT Solved!]Autoupdate, Popups Problem!

    Thanks for your feedback :)

    Happy Safe Surfing :)
     
Thread Status:
Not open for further replies.