 |  |  |  |  |  |  |  |
Still Having Run.DLL Problems
Thread Solved |
Hi ya all! I really appreciate the help I've gotten here! I have been running Spybot and Adawre alternatively and rebooting for days now and still finding junk. I almost feel like I'm learning all the Run.Dll errors that exist since I get so many of them through the day. My machine is limping and crawling and crashing still. . .although a little less. (I'm hopeful!) I had to do 2 hard reboots (yesterday and the day before), but overall, the situation is slowly improving. Norton, Spybot and Adaware have told me I have junk, some has been removed, I have 11 left and I tried again to clean but these are hanging tough: DSO Exploit, Look2Me and HunterBar (A browser toolbar and hijacker. Believed to be a drive-by download.) A few days ago, something took over my computer and for a couple of seconds, I was locked. It was really bad and I had to reboot out of it. I think is this pest. I tries to commandeer the computer. So, what's next? Any ideas?Thanks as always!
http://www.ieasysite.com/Delicioso
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
Some (extremely un-fun) info concerning Look2Me and its removal:
http://www.kephyr.com/spywarescanner...me/index.phtml
Hunterbar:
http://doxdesk.com/parasite/HuntBar.html
Have you gotten the absolutely most recent patches and fixes from Microsoft? If not, do so now- your system needs to be kept thoroughly up to date to lessen your vulnerability. Also, download and install SpywareBlaster if you haven't already; it blocks the installation of malicious programs which exploit ActiveX controls:
http://www.javacoolsoftware.com/spywareblaster.html
http://www.kephyr.com/spywarescanner...me/index.phtml
Hunterbar:
http://doxdesk.com/parasite/HuntBar.html
Have you gotten the absolutely most recent patches and fixes from Microsoft? If not, do so now- your system needs to be kept thoroughly up to date to lessen your vulnerability. Also, download and install SpywareBlaster if you haven't already; it blocks the installation of malicious programs which exploit ActiveX controls:
http://www.javacoolsoftware.com/spywareblaster.html
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Feb 2004
Posts: 9,984
Reputation: 
Solved Threads: 754
Can you download the following app & run it, making sure to have one internet exploder window open. Save the log & paste the results back here.
VX2Finder
VX2Finder
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
hi guys! Thanks for answering! My problems have increased since I last posted. I'm writing you from a borrowed computer. I cannot turn mine on, at least, not until I get help in shutting it off. Let me explain. I have followed advice the best I could. And although Norton no longer gives me a list of adware, Spybot and Ad-Aware do. No longer do they talk about HuntBar (I'm not sure) after the last cleaning. But they still insist that I have Look2Me and DSO Exploit. Well, for the last four days, I have been having less and less Rundll32 messages as I continued to run the anti-spyware but now, my machine won't shut down! When I try to shut down, it gives me a menu that says:
This program is not responding
If I insist, t gives me a blue screen that reads as follows:
Windows
An error has occurrred. To continue: Press Enter to return to Windows or Press Ctrl + Alt + Del to restart your computer. If you do this, you will lose any unsaved information in all open applications.
File name: VWI32 (05) +000012DO Error> OE: 0028 : C02A44A8
Press any key to continue
If I press enter, it will go into a black screen and do nothing. If I try to reboot, it will do the same and give me another blue screen saying the same thing, and continue that way until I, exhausted, shut if off cold. Or if I refuse to go that route, it will go sort of into hibernation and give me a black screen with a white blinking cursor on the upper left side of the screen and stay like that forever, it will not come out of that state, (at least I don't know how to take it out of it) no matter how many times I try. So, after having done 4 or 5 cold hard shutdowns in a row, you understand that I'm fearful of turning it on until I get some more info. I will keep these instructions, thou and apply them as soon as I get more input on how to safely shut down the machine.
I went to Microsoft and asked a lot of questions, but couldn-t find a thing. I' not a technician, so I guess, I don't know where to go and what to ask in the proper lingo that will get me anwers I can understand and implement.
I get very few attempts to communicate with my computer (the firewall warns me), so I think we are getting the amount of invaders down to a few, but these are really a problem. I also tried to do a Windows update, but Microsoft told me I had the latest ones and refused to do it. I was hoping that if something has gotten corrupted, I could get it repaired that way. I don-t have my Windows ME disks, all I have a re the recovery CDs that came with the computer and those would wipe out my hard drive (my sister used hers once and she was screaming afterwards, when she lost something valuable to her.) This is the first time I don't have my Windows as part of a separate software package, and I regret it.
Can anyone help me with this? I reallyneed to get into my machine! Thank you very, very much for the help you give!
Clotilde
This program is not responding
If I insist, t gives me a blue screen that reads as follows:
Windows
An error has occurrred. To continue: Press Enter to return to Windows or Press Ctrl + Alt + Del to restart your computer. If you do this, you will lose any unsaved information in all open applications.
File name: VWI32 (05) +000012DO Error> OE: 0028 : C02A44A8
Press any key to continue
If I press enter, it will go into a black screen and do nothing. If I try to reboot, it will do the same and give me another blue screen saying the same thing, and continue that way until I, exhausted, shut if off cold. Or if I refuse to go that route, it will go sort of into hibernation and give me a black screen with a white blinking cursor on the upper left side of the screen and stay like that forever, it will not come out of that state, (at least I don't know how to take it out of it) no matter how many times I try. So, after having done 4 or 5 cold hard shutdowns in a row, you understand that I'm fearful of turning it on until I get some more info. I will keep these instructions, thou and apply them as soon as I get more input on how to safely shut down the machine.
I went to Microsoft and asked a lot of questions, but couldn-t find a thing. I' not a technician, so I guess, I don't know where to go and what to ask in the proper lingo that will get me anwers I can understand and implement.
I get very few attempts to communicate with my computer (the firewall warns me), so I think we are getting the amount of invaders down to a few, but these are really a problem. I also tried to do a Windows update, but Microsoft told me I had the latest ones and refused to do it. I was hoping that if something has gotten corrupted, I could get it repaired that way. I don-t have my Windows ME disks, all I have a re the recovery CDs that came with the computer and those would wipe out my hard drive (my sister used hers once and she was screaming afterwards, when she lost something valuable to her.) This is the first time I don't have my Windows as part of a separate software package, and I regret it.
Can anyone help me with this? I reallyneed to get into my machine! Thank you very, very much for the help you give!
Clotilde
http://www.ieasysite.com/Delicioso
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
•
•
Join Date: Feb 2004
Posts: 9,984
Reputation:
Solved Threads: 754
You need to post a hijackthis log.
Download HijackThis from here & unzip it into it's own, permanent folder, (Not a temporary folder or the desktop & not directly on your hard drive).
If you have anything disabled in MsConfig, please re-enable it/them.
Start HJT & with all browser windows closed, press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
http://www.downloads.subratam.org/VX2Finder9x.exe
L2M files are slightly different in 9x,
1.) Scan with the finder, select files it finds and delete them.
2.) During the deletion the utility will end both Rundll32 & explorer.exe processes, so when all files are gone.
3.) Click the restore desktop button to get the desktop back.
4.) Click UserAgent$ to delete last registry item.
5.) Clear the contents of your C:\Windows\Temp folder
Download HijackThis from here & unzip it into it's own, permanent folder, (Not a temporary folder or the desktop & not directly on your hard drive).
If you have anything disabled in MsConfig, please re-enable it/them.
Start HJT & with all browser windows closed, press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
http://www.downloads.subratam.org/VX2Finder9x.exe
L2M files are slightly different in 9x,
1.) Scan with the finder, select files it finds and delete them.
2.) During the deletion the utility will end both Rundll32 & explorer.exe processes, so when all files are gone.
3.) Click the restore desktop button to get the desktop back.
4.) Click UserAgent$ to delete last registry item.
5.) Clear the contents of your C:\Windows\Temp folder
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Okay guys. I got Spywareblaster and SpywareGuard but it was after the fact. I will now download hijack this and see what happens. I was borrowing my sister's computer and waiting for what you guys would say about my shutdown cycle. Because I don't want to continue doing hard shutdowns but if I must, i must. Will post my log as soon as I can.
Thanks again!
Thanks again!
http://www.ieasysite.com/Delicioso
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
Here's my HijackThis log file:
Logfile of HijackThis v1.97.7
Scan saved at 5:08:37 PM, on 6/16/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\PROGRAM FILES\SEEK ADMIN BEND\SUPPORT COAL.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CampTrans] C:\PROGRA~1\Seek Admin Bend\SUPPORT COAL.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...8106.526712963
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
Can you see what's not letting me shutdown?
I'm now going to the VX2Finder place.
Thanks! (hopefully you'll have all the info you need)
Logfile of HijackThis v1.97.7
Scan saved at 5:08:37 PM, on 6/16/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\PROGRAM FILES\SEEK ADMIN BEND\SUPPORT COAL.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CampTrans] C:\PROGRA~1\Seek Admin Bend\SUPPORT COAL.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...8106.526712963
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
Can you see what's not letting me shutdown?
I'm now going to the VX2Finder place.
Thanks! (hopefully you'll have all the info you need)
http://www.ieasysite.com/Delicioso
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
Crunchie, I downloaded VX2Finder and when I tried to run it (I have Windows ME), it said that it's currently only for NT systems and refused to run. so I guess, I'll have to remove it. I hope Add/Remove will do.
http://www.ieasysite.com/Delicioso
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
Crunchie, this link is down:
Hunterbar:
http://doxdesk.com/parasite/HuntBar.html
I got the information on Look2Me. Thank you!
Hunterbar:
http://doxdesk.com/parasite/HuntBar.html
I got the information on Look2Me. Thank you!
http://www.ieasysite.com/Delicioso
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
Delicioso (Another Name for Delicious!)
Zesty Mediterranean/Caribbean-style cooking for vegans and vegetarians! :cool:
http://groups.msn.com/VegetarianExchange
http://www.frontiernet.net/~rexfam
Christian encouragement for the cloudy days in your life. :D
•
•
Join Date: Feb 2004
Posts: 9,984
Reputation:
Solved Threads: 754
I posted the first VX2Finder link B4 I knew you had W9X. The second link is for your system.
Wintools removal here.
Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
O4 - HKLM\..\Run: [CampTrans] C:\PROGRA~1\Seek Admin Bend\SUPPORT COAL.exe
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\PROGRA~1\Seek Admin Bend< folder
Reboot normally.
Lop.com uninstaller.
http://lop.com/new_uninstall.exe
Try this too as you may have an old variant of look2me.
Please download Kill2Me from here & run it to remove Look2Me from your computer.
Wintools removal here.
Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
O4 - HKLM\..\Run: [CampTrans] C:\PROGRA~1\Seek Admin Bend\SUPPORT COAL.exe
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\PROGRA~1\Seek Admin Bend< folder
Reboot normally.
Lop.com uninstaller.
http://lop.com/new_uninstall.exe
Try this too as you may have an old variant of look2me.
Please download Kill2Me from here & run it to remove Look2Me from your computer.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
 |
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: vulcanjedi: Sites that load about:blank
- Next Thread: Friends HJT log,
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercials conficker connect control crosssitescripting cyber cyberwarfare ddos domains e-mafia education email europe facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday
