WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Pop-ups, spyware and error messages
Started by
stewie
, Jan 07 2006 01:40 PM
-
This topic is locked
15 replies to this topic
#1
stewie
-
- New Member
-
- 7 posts
New Member
Posted 07 January 2006 - 01:40 PM
Register to Remove
#2
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 13 January 2006 - 07:16 PM
Hello stewie, welcome to the forum
Click the link and Download, Install, Update and run a full scan.
[url=http://free.grisoft.com/softw/70free/setup/avg71free_371a669.exe[/url]
Empty Recycle Bin
Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment
Click the link and Download, Install, Update and run a full scan.
[url=http://free.grisoft.com/softw/70free/setup/avg71free_371a669.exe[/url]
Empty Recycle Bin
Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to 
for the help you received.
Proud graduate of TC/WTT Classroom
#3
stewie
-
- New Member
-
- 7 posts
New Member
Posted 15 January 2006 - 07:25 PM
Thanks for the info. LDTate. I've downloaded the link, updated, reboot, ran it, my recycle bin was empty, ran HJT and here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 8:15:52 PM, on 15/01/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\G-VGA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\IUCPXL32.EXE
C:\WINDOWS\SYSTEM\AHZQFP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\ALARM.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\DAD9.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRAM FILES\COMET\BIN\AUTOSEARCH.DLL (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\APRPS\CXTPLS.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\SYSTEM\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [q99U37R] IUCPXL32.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\NGUCYH.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\AHZQFP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Boiah] C:\PROGRAM FILES\VEVTAXY\SBEH.EXE
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_ME.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe /AtBootTime
O4 - Startup: Reboot.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
I'm not getting pop-ups right now, I was getting some errors when my computer froze and I would Ctrl ALT DEL. It was either Kernel32, CXTPLS, or MSGRSV not responding messages, however they're not there right now.
I was also getting a cyberlink folder window pop-up and it doesn't do it anymore. Bottom-line, my computer is behaving pretty well right now.
Logfile of HijackThis v1.99.1
Scan saved at 8:15:52 PM, on 15/01/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\G-VGA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\IUCPXL32.EXE
C:\WINDOWS\SYSTEM\AHZQFP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\ALARM.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\DAD9.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRAM FILES\COMET\BIN\AUTOSEARCH.DLL (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\APRPS\CXTPLS.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\SYSTEM\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [q99U37R] IUCPXL32.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\NGUCYH.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\AHZQFP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Boiah] C:\PROGRAM FILES\VEVTAXY\SBEH.EXE
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_ME.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe /AtBootTime
O4 - Startup: Reboot.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
I'm not getting pop-ups right now, I was getting some errors when my computer froze and I would Ctrl ALT DEL. It was either Kernel32, CXTPLS, or MSGRSV not responding messages, however they're not there right now.
I was also getting a cyberlink folder window pop-up and it doesn't do it anymore. Bottom-line, my computer is behaving pretty well right now.
#4
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 15 January 2006 - 09:30 PM
I suggest you do this:
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRAM FILES\COMET\BIN\AUTOSEARCH.DLL (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\APRPS\CXTPLS.DLL (file missing)
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O4 - HKLM\..\Run: [q99U37R] IUCPXL32.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\NGUCYH.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\AHZQFP.exe
O4 - HKLM\..\Run: [Boiah] C:\PROGRAM FILES\VEVTAXY\SBEH.EXE
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these Folders if listed:
C:\PROGRAM FILES\VEVTAXY
c:\Program Files\AutoUpdate
Delete these Files if listed:
C:\WINDOWS\SYSTEM\IUCPXL32.EXE
C:\WINDOWS\SYSTEM\NGUCYH.exe
C:\WINDOWS\SYSTEM\AHZQFP.EXE
C:\WINDOWS\SYSUPD.EXE
1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.
Restart your computer.
Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRAM FILES\COMET\BIN\AUTOSEARCH.DLL (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\APRPS\CXTPLS.DLL (file missing)
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O4 - HKLM\..\Run: [q99U37R] IUCPXL32.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\NGUCYH.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\AHZQFP.exe
O4 - HKLM\..\Run: [Boiah] C:\PROGRAM FILES\VEVTAXY\SBEH.EXE
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these Folders if listed:
C:\PROGRAM FILES\VEVTAXY
c:\Program Files\AutoUpdate
Delete these Files if listed:
C:\WINDOWS\SYSTEM\IUCPXL32.EXE
C:\WINDOWS\SYSTEM\NGUCYH.exe
C:\WINDOWS\SYSTEM\AHZQFP.EXE
C:\WINDOWS\SYSUPD.EXE
1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.
Restart your computer.
Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#5
stewie
-
- New Member
-
- 7 posts
New Member
Posted 17 January 2006 - 12:23 PM
Alright LDTate,
Your advice is paying off big time. I ran HJT, hit none of the above, did system scan only, put a check on all of them except this one which I couldn't find:
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe
however, I also found and deleted: C:\WINDOWS\SYSTEM\IUCPXL32.EXE
Closed all windows and browsers except HJT and clicked Fix checked,
cleaned my C DRIVE - disk cleanup, reboot, here is my new log file:
Logfile of HijackThis v1.99.1
Scan saved at 1:08:38 PM, on 17/01/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\G-VGA.EXE
C:\PROGRAM FILES\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\IUCPXL32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\ALARM.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\DAD9.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\SYSTEM\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_ME.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AutoLoaderq2qo1JMkZKNO] "C:\WINDOWS\SYSTEM\IUCPXL32.EXE" /ExeName="CXTPLS" /HideDir /PC="CP.IST2.ME" /ShowLegalNote="nonbranded" /UninstallName="CtxPls"
O4 - HKLM\..\Run: [q99U37R] IUCPXL32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe /AtBootTime
O4 - Startup: Reboot.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
Result:
The only thing that seems to keep popping-up at start-up is a window with CYBERLINK showing two folders:
Common: when clicked shows "updateIPR" file and
Shared Files: when clicked shows another three folders "Audio filter", "Nav filter", and "Video filter" as well as 57 other individual files which indicate as type of file: AX. Some of these end in .dll
By the way, I really appreciate your help. This site is and your time and assistance is of great value. That being said, I will definetly be making a donation!
Thank you,
#6
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 January 2006 - 03:57 PM
That file is OK.
Software name: UpdateIPR
Company name: Cyberlink Corporation
Company website: http://www.gocyberlink.com
Is part of products: Cyberlink PowerDVD
Lets leave those others alone also.
I suggest you do this:
Open a Command Prompt window (from Start->Programs->Accessories) and copy / paste the following commands:
cd %WinDir%\System
regsvr32 /u C:\Program Files\CxtPls\CxtPls.dll
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
O4 - HKLM\..\Run: [AutoLoaderq2qo1JMkZKNO] "C:\WINDOWS\SYSTEM\IUCPXL32.EXE" /ExeName="CXTPLS" /HideDir /PC="CP.IST2.ME" /ShowLegalNote="nonbranded" /UninstallName="CtxPls"
O4 - HKLM\..\Run: [q99U37R] IUCPXL32.EXE
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these Files if listed:
CXTPLS
C:\WINDOWS\SYSTEM\IUCPXL32.EXE
1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.
Restart your computer.
Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
Software name: UpdateIPR
Company name: Cyberlink Corporation
Company website: http://www.gocyberlink.com
Is part of products: Cyberlink PowerDVD
Lets leave those others alone also.
I suggest you do this:
Open a Command Prompt window (from Start->Programs->Accessories) and copy / paste the following commands:
cd %WinDir%\System
regsvr32 /u C:\Program Files\CxtPls\CxtPls.dll
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
O4 - HKLM\..\Run: [AutoLoaderq2qo1JMkZKNO] "C:\WINDOWS\SYSTEM\IUCPXL32.EXE" /ExeName="CXTPLS" /HideDir /PC="CP.IST2.ME" /ShowLegalNote="nonbranded" /UninstallName="CtxPls"
O4 - HKLM\..\Run: [q99U37R] IUCPXL32.EXE
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these Files if listed:
CXTPLS
C:\WINDOWS\SYSTEM\IUCPXL32.EXE
1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.
Restart your computer.
Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#7
stewie
-
- New Member
-
- 7 posts
New Member
Posted 17 January 2006 - 05:52 PM
LDTate,
I've just noticed that my outlook express 6 doesn't load. Here's the error message:
"Outlook express could not be started because MSOE.DLL could not be loaded".
I've tried re-running the installation since I don't have the installation CD, and I get two other error messages:
"C:\program files\outlook express\OEMIG50.exe - A device attached to the system is not functioning" and
"Error starting program - The OEMIG50.EXE file is linked to missing export ADVAPI32.DLL: Reg override predefkey"
I haven't gone ahead yet with your recent suggestions. How should I deal with this?
Thanks.
#8
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 January 2006 - 06:05 PM
Do the fix, then we'll see if we can find anything about the Outlook problem. The infection you have is alot more serious the Outlook.
cxtpls - cxtpls.exe - Process Information
Process File: cxtpls or cxtpls.exe
Process Name: Apropos Media Spyware/Adware
Description:
cxtpls.exe is a process associated with an adware/spyware from Apropos Media. This process may display advertisments on your desktop and transmit personal data to an online location. This process should be removed to protect your personal privacy.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#9
stewie
-
- New Member
-
- 7 posts
New Member
Posted 18 January 2006 - 08:11 PM
Sounds like a plan LDTate,
I received an error message after entering in command prompt: cd %WinDir%\System
regsvr32 /u C:\Program Files\CxtPls\CxtPls.dll.
The error message was: "Regsvr32 Loadlibrary("C:\program") Failed one of the library files needed to run this application cannot be found"
I was able to delete "O4 - HKLM\..\Run: [q99U37R] IUCPXL32.EXE"
I was not able to find and delete: "O4 - HKLM\..\Run: [AutoLoaderq2qo1JMkZKNO] "C:\WINDOWS\SYSTEM\IUCPXL32.EXE" /ExeName="CXTPLS" /HideDir /PC="CP.IST2.ME" /ShowLegalNote="nonbranded" /UninstallName="CtxPls"
Here's my new log:
Logfile of HijackThis v1.99.1
Scan saved at 8:56:23 PM, on 18/01/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\G-VGA.EXE
C:\PROGRAM FILES\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\ALARM.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\DAD9.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTS.SCR
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MINICLIPTOOLBAR - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MINICLIPTOOLBAR - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\SYSTEM\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_ME.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe /AtBootTime
O4 - Startup: Reboot.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} (MINICLIPTOOLBAR) - http://www.miniclip....cliptoolbar.cab
Cheers!
I received an error message after entering in command prompt: cd %WinDir%\System
regsvr32 /u C:\Program Files\CxtPls\CxtPls.dll.
The error message was: "Regsvr32 Loadlibrary("C:\program") Failed one of the library files needed to run this application cannot be found"
I was able to delete "O4 - HKLM\..\Run: [q99U37R] IUCPXL32.EXE"
I was not able to find and delete: "O4 - HKLM\..\Run: [AutoLoaderq2qo1JMkZKNO] "C:\WINDOWS\SYSTEM\IUCPXL32.EXE" /ExeName="CXTPLS" /HideDir /PC="CP.IST2.ME" /ShowLegalNote="nonbranded" /UninstallName="CtxPls"
Here's my new log:
Logfile of HijackThis v1.99.1
Scan saved at 8:56:23 PM, on 18/01/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\G-VGA.EXE
C:\PROGRAM FILES\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\ALARM.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\DAD9.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTS.SCR
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MINICLIPTOOLBAR - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MINICLIPTOOLBAR - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\SYSTEM\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_ME.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe /AtBootTime
O4 - Startup: Reboot.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} (MINICLIPTOOLBAR) - http://www.miniclip....cliptoolbar.cab
Cheers!
#10
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 18 January 2006 - 08:15 PM
Good Job
Looks good 
How is it running any issues?
Do the following:
In Windows, on the Windows desktop, double-click the My Computer icon.
On the Tools menu, click Folder Options.
On the View tab, check Hide file extensions for known file types.
Then, under the "Hidden files" folder, uncheck Show hidden files and folders.
Click Apply.
Click OK.
To disable Windows Me System Restore
Click Start > Settings > Control Panel.
Double-click the System icon.
--------------------------------------------------------------------------------
Note: If the System icon is not visible, click "View all Control Panel options" to display it.
--------------------------------------------------------------------------------
On the Performance tab click File System.
Click the Troubleshooting tab, and then check Disable System Restore.
Click OK. Click Yes, when you are prompted to restart Windows.
Now enable.
To enable Windows Me System Restore
Click Start > Settings > Control Panel.
Double-click System.
On the Performance tab click File System.
On the Troubleshooting tab, uncheck Disable System Restore.
Click OK. Click Yes, when you are prompted to restart Windows.
If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.
It is critical to have both a firewall and anti virus to protect your system.
Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on.
Safe Surfing.
Looks good
How is it running any issues?Do the following:
In Windows, on the Windows desktop, double-click the My Computer icon.
On the Tools menu, click Folder Options.
On the View tab, check Hide file extensions for known file types.
Then, under the "Hidden files" folder, uncheck Show hidden files and folders.
Click Apply.
Click OK.
To disable Windows Me System Restore
Click Start > Settings > Control Panel.
Double-click the System icon.
--------------------------------------------------------------------------------
Note: If the System icon is not visible, click "View all Control Panel options" to display it.
--------------------------------------------------------------------------------
On the Performance tab click File System.
Click the Troubleshooting tab, and then check Disable System Restore.
Click OK. Click Yes, when you are prompted to restart Windows.
Now enable.
To enable Windows Me System Restore
Click Start > Settings > Control Panel.
Double-click System.
On the Performance tab click File System.
On the Troubleshooting tab, uncheck Disable System Restore.
Click OK. Click Yes, when you are prompted to restart Windows.
If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.
It is critical to have both a firewall and anti virus to protect your system.
Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on.
Safe Surfing.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
Register to Remove
#11
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 18 January 2006 - 08:20 PM
After you remove the Windows Address Book from a computer that runs Microsoft Windows Millennium Edition (Me), the following error message may appear when you try to start Outlook Express 6:
Outlook Express could not be started because MSOE.DLL could not be loaded
Back to the top
CAUSE
This behavior can occur because the Windows Address Book is required for Outlook Express to run.
Back to the top
WORKAROUND
To work around this behavior, install the Windows Address Book: 1. Click Start, point to Settings, and then click Control Panel.
2. Click Add/Remove Programs, click the Windows Setup tab, and then click to select the Address Book check box.
3. Click OK, and then click Yes to restart the computer.
4. Start Outlook Express.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#12
stewie
-
- New Member
-
- 7 posts
New Member
Posted 19 January 2006 - 05:26 PM
Except for Outlook Express, everything seems to be working great! Thanks for your help on this.
Unfortunately, when I click the address book and OK or apply, it doesn't allow me to install it. I get the following message:
copying files....
The file `9xmig.dll`was not found. Windows needs the disk labeled Windows Millennium edition to continue. This disk may be provided by your computer or device.
error details....
The file was not found (error#2)
Setup could not finish opening a file on the source disk.
source file: C:\windows\INF\9xmig.dll
destination file: C\program files\ outlook express\9xmig.dll=precopy1.cab
I click on OK and it doesn't respond, I click on skip file and get bigfoot.bmp not found, click on OK doesn't work, skip file brings me to another error message, until about five error messages down the line neither OK nor skip file works.
#13
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 19 January 2006 - 05:34 PM
Do you have your windows CD?
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#15
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 21 January 2006 - 09:07 AM
Sorry I'm not able to help you with Outlook. You might try and use Google and search for answers there.
Your PC appears to be free of Spyware/Malware
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
