Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Windows Me > Once again I've got spyware!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Once again I've got spyware!

Reply to Message Icon

Name: Nick_Relf
Date: October 11, 2004 at 02:17:51 Pacific
OS: ME
CPU/Ram: 256Mb
Comment:

Ok here it goes. I have 2 problems.

1. Every now and then, about once every 2 mins, a blank website comes up with the address in the title bar,

"http://www.ad-w-a-r-e.com/callback_ron.php?GUID={C1000E9F-F9A1-4196-AB7C-7535D45CF487}&country=GB&type=".

There's nothing to it, just a blank webpage with that address in and this text (but changes everytime it seems),

"sendExternalEvent('EVENT:IEBROWSER:www.automotive.com/redir/newcar.asp?src_id=2193&kw_camp=ron');".

2. Ok this problem may be a bit simpler. When a non-existant url is entered, I get the Page Cannot Be Displayed page, but then it automatically jumps to "http://www.spotresults.com/dns.php?url=MYSITE".

How can I clean these as they are really irritating. I've done the usual Spybot, HJT and Ad-Aware but with to avail. I cannot seem to be able to get rid of these.

Does anyone have any bright ideas??

Thanks a lot in advance :)



Sponsored Link
Ads by Google

Response Number 1
Name: Viking
Date: October 11, 2004 at 03:12:25 Pacific
Reply:

Run HijackThis 1.98.2, make sure it's installed in your program files. Run it and post a log.

Also make sure you're fully up to date with Ad-Aware SE and Spybot S&D and download and install SpywareBlaster 3.2, if you haven't already got it.

Download and run CWShredder 1.59.1 too, if you haven't already used that.


See the iDiOt walk
See the idiot TaLk

WaLk IdIoT WaLk


0

Response Number 2
Name: Nick_Relf
Date: October 11, 2004 at 03:38:41 Pacific
Reply:

Logfile of HijackThis v1.98.2
Scan saved at 11:39:53, on 11/10/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PQSC\PROGRAM\SCTRAY.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\HPZTSB05.exe
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.exe
C:\WINDOWS\UPDATETC.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.exe
C:\PROGRAM FILES\HIJACKTHIS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.btinternet.com:8080
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [tpcupdater] C:\WINDOWS\UPDATETC.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe

I'm currently in the progress of doing the other things you said. Please bare with me.

Thanks for your help.

Nick


0

Response Number 3
Name: Viking
Date: October 11, 2004 at 03:55:02 Pacific
Reply:

Ok, boot into safe mode and open up HJT and stick a checkmark next to these ...

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.btinternet.com:8080

O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch

and remove.

Reboot machine. Problem should be gone. Post new log file, specifying that the problem has, or has not, been resolved.

Make sure you have spywareblaster 3.2 installed from now on. Keep everything up to date.


See the iDiOt walk
See the idiot TaLk

WaLk IdIoT WaLk


0

Response Number 4
Name: Nick_Relf
Date: October 11, 2004 at 05:51:24 Pacific
Reply:

Ok here's the new log..The problems seems to have gone but 888.com pop up keeps appearing.

Logfile of HijackThis v1.98.2
Scan saved at 13:50:51, on 11/10/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\HIJACKTHIS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe

Thanks a lot.
Nick


0

Response Number 5
Name: Viking
Date: October 11, 2004 at 06:30:15 Pacific
Reply:

Ok, quickly boot back into safe mode and open HJT up save a log file, save it to the desktop.

Boot back into Windows and post that log file.


See the iDiOt walk
See the idiot TaLk

WaLk IdIoT WaLk


0

Related Posts

See More



Response Number 6
Name: Nick_Relf
Date: October 11, 2004 at 14:56:23 Pacific
Reply:

Ok here it is. By the way...problem number (1) and (2) still exist :( but the 888.com one has gone:)

Logfile of HijackThis v1.98.2
Scan saved at 22:54:24, on 11/10/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\HIJACKTHIS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe

Thanks a lot:)

Nick


0

Response Number 7
Name: Viking
Date: October 11, 2004 at 15:29:32 Pacific
Reply:

Then I suggest you do a full system online virus scan along with a Trojan scan. Because your log is clean and there's nothing left to remove ;)

I would seriously look at what you have installed on your computer too and fine tooth comb it using google. If you can't account for everything installed in add and remove programs and everything in your program files. Then you need to be asking questions about it.

Do all that first before you turn in one last log file.


See the iDiOt walk
See the idiot TaLk

WaLk IdIoT WaLk


0

Response Number 8
Name: Abnormal
Date: October 12, 2004 at 00:38:58 Pacific
Reply:

One more thing you can try, let us know
if it helped.

VX2 Cleaner
an Ad-Aware add on

http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml



0

Response Number 9
Name: Viking
Date: October 12, 2004 at 01:08:24 Pacific
Reply:

:) LOL. D'ya know what ? I deliberatley left the VX2 Cleaner out of it because I just couldn't see any VX2 connection.

But Abnormals right. It's last chance saloon, so you might as well download and install it, but get it from the Lavasoft support forums, I know it's the latest and works properly with Ad-Aware SE 1.05.

There have been (were) reported problems between two versions of the VX2 plugins that were available from either site. The old plugin didn't play nice with the new Ad-Aware SE, consequently didn't work at all or failed to work correctly sommetimes.

Read the page too, tells you how to use.

Like I said, I know this one works properly from this link ...

Lavasoft support forums -- Add Ons -- VX2 Cleaner


See the iDiOt walk
See the idiot TaLk

WaLk IdIoT WaLk


0

Response Number 10
Name: Viking
Date: October 12, 2004 at 01:46:50 Pacific
Reply:

Actually Nick, I can't remember if I made you install it the last time we went through this. So check you don't already have it. Look in the "Add-Ons" bit of the program.


See the iDiOt walk
See the idiot TaLk

WaLk IdIoT WaLk


0

Response Number 11
Name: Nick_Relf
Date: October 12, 2004 at 03:37:07 Pacific
Reply:

Sorry, confession time. I did use it last time, but removed it :(( Sorry. I'll install it again. Do I need to keep it?

One small thing, when using ad-aware, it brings up this VX2 program as a problem? Why's this?

I ran VX2, rebooted, scanned computer, rebooted, scanned computer again and it found 71 critical objects (all except one - a hijacker - were VX2). Why is this. Should I just ignore the VX2 problems or are they not actually problems.

I've saved a log of the scan if you're interested. Here it is:


Ad-Aware SE Build 1.05
Logfile Created on:12 October 2004 11:21:55
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R11 07.10.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):2 total references
Alexa(TAC index:5):1 total references
Hijacker.TopConverting(TAC index:5):9 total references
MRU List(TAC index:0):28 total references
NavExcel(TAC index:5):3 total references
Tracking Cookie(TAC index:3):4 total references
WinAD(TAC index:7):1 total references
VX2(TAC index:10):54 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


12-10-2004 11:21:55 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\common\open find\microsoft word\settings\new from existing document\file name mru
Description : list of "new from existing document" files used by microsoft word


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\smartftp\connection data
Description : list of recently accessed servers using smartftp


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291781175
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294943959
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.exe

#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294952155
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294954727
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.exe

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294852491
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [MSGPLUS.EXE]
FilePath : C:\PROGRAM FILES\MESSENGER PLUS! 3\
ProcessID : 4294860767
Threads : 1
Priority : Normal


#:7 [SSDPSRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294840587
Threads : 5
Priority : Normal
FileVersion : 4.90.3003.0
ProductVersion : 4.90.3003.0
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe

#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294840971
Threads : 18
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.exe

#:9 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294772371
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.exe

#:10 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294810391
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.exe

#:11 [SCTRAY.EXE]
FilePath : C:\PQSC\PROGRAM\
ProcessID : 4294719411
Threads : 2
Priority : Normal


#:12 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294706819
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.exe

#:13 [HPZTSB05.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294713851
Threads : 1
Priority : Normal
FileVersion : 2,121,0,0
ProductVersion : 2,121,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2002

#:14 [DRAGDIAG.EXE]
FilePath : C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\
ProcessID : 4294717103
Threads : 2
Priority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch

#:15 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294722623
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:16 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294753143
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:17 [SONYTRAY.EXE]
FilePath : C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\
ProcessID : 4294740647
Threads : 1
Priority : Normal


#:18 [MSNMSGR.EXE]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294648623
Threads : 4
Priority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:19 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294692519
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe

#:20 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294780839
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\topconverting

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\topconverting
Value : version

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\topconverting
Value : partner

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\topconverting
Value : id

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\topconverting
Value : InstallDir

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\topconverting
Value : updatetime

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\topconverting
Value : tetris

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navexcel

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 37


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@apmebf[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@apmebf.com/
Expires : 10-10-2009 22:46:38
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@versiontracker[1].txt
Category : Data Miner
Comment : Hits:29
Value : Cookie:default@versiontracker.com/
Expires : 12-10-2006 04:10:24
LastSync : Hits:29
UseCount : 0
Hits : 29

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 39

Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : HyTPLUG.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : RvCLTS5.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IpSETUP.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : RiCLTC5.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : HwTPLUG.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IyFRARED.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : UyBUI.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : CwDIAL32.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IiSETUP.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : Suntf16.dll
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IzFRARED.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : RjCLTC5.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : Stntf32.dll
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : Shntf32.dll
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IhFRARED.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IaFRARED.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : UvBUI.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IpFRARED.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IlSETUP.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : HkTPLUG.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IdSETUP.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : HgTPLUG.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : Srntf16.dll
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IxFRARED.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : HcTPLUG.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IkSETUP.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : HpTPLUG.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : Shntf16.dll
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : UbBUI.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IdFRARED.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\

VX2 Object Recognized!
Type : File
Data : IlFRARED.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\


Object "mxTarget.dll" found in this archive.

VX2 Object Recognized!
Type : File
Data : mxTarget.cab
Category : Malware
Comment : Object "mxTarget.dll" found in this archive.
Object : c:\WINDOWS\TEMP\

VX2 Object Recognized!
Type : File
Data : mxTarget.dll
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 0, 2, 4, 39
ProductVersion : 0, 2, 4, 39
ProductName : mxtarget
CompanyName : MX-Targeting
FileDescription : www.mx-targeting.com
InternalName : mxtarget
LegalCopyright : Copyright © 2004
OriginalFilename : mxtarget.dll
Comments : www.mx-targeting.com


180Solutions Object Recognized!
Type : File
Data : Del5341.TMP
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


Hijacker.TopConverting Object Recognized!
Type : File
Data : tcupdater[1].exe
Category : Malware
Comment :
Object : c:\WINDOWS\Temporary Internet Files\Content.IE5\CHKFIVST\
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : tpcupdater Application
FileDescription : tpcupdater MFC Application
InternalName : tpcupdater
LegalCopyright : Copyright (C) 2004
OriginalFilename : tpcupdater.exe


180Solutions Object Recognized!
Type : File
Data : 180ax[1].exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\Temporary Internet Files\Content.IE5\KBLBI6ZT\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@apmebf[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@versiontracker[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@versiontracker[1].txt

Hijacker.TopConverting Object Recognized!
Type : File
Data : updatetc.exe
Category : Malware
Comment :
Object : c:\WINDOWS\
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : tpcupdater Application
FileDescription : tpcupdater MFC Application
InternalName : tpcupdater
LegalCopyright : Copyright (C) 2004
OriginalFilename : tpcupdater.exe


VX2 Object Recognized!
Type : File
Data : ROCLTS5.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : SXNTF32.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : IKSETUP.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : IMSETUP.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : SZNTF32.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : UGBUI.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : IEFRARED.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : RHCLTS5.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : RCCLTS5.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : IBSETUP.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : IFSETUP.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : HHTPLUG.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : RECLTS5.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : IGFRARED.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : UWBUI.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : IBFRARED.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : MFLOCUSR.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : UQBUI.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : HFTPLUG.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : MULOCUSR.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\


Object "W0107641.CPY" found in this archive.

WinAD Object Recognized!
Type : File
Data : FS261.CAB
Category : Data Miner
Comment : Object "W0107641.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\

VX2 Object Recognized!
Type : File
Data : 07AFA0.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\000076\FILES\001\

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 100


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
13 entries scanned.
New critical objects:0
Objects found so far: 100


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\nhelper.dll

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\nhelper.dll
Value : AppID

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 102

11:24:49 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:54.10
Objects scanned:53613
Objects identified:74
Objects ignored:0
New critical objects:74


Thanks for your help :)
Nick


0

Response Number 12
Name: Nick_Relf
Date: October 12, 2004 at 03:40:21 Pacific
Reply:

It also seems like the problems are gone..but it'll take a bit of time to confirm that of course. I'll keep you posted here.

Thanks for all your help.
Nick


0

Response Number 13
Name: Viking
Date: October 12, 2004 at 05:07:21 Pacific
Reply:

Well that was the nature of the problem before wasn't it. Transient type problem. But that's the nature of spyware in general. Transient.

If you look back in this post. You resolved problems 1 & 2 but gained a pop up problem. next time you posted the orignal 1 & 2 were back and the pop up had gone.

It's very simple.

Disable system restore and run those online virus and trojan scans. Re-enable restore after.

Uninstall Ad-Aware SE Personal 1.05 reboot machine. Start again and re-install a new download.

Then, immediately after, install the VX2 Cleaner from that link I gave you in response # 9. Follow instructions for it.

When complete, and you see VX2 Cleaner installed in "Add-Ons" >> DON'T get CONFUSED by a RED CIRCLE with an X on it where it says >> VX2 Cleaner.

Highlight VX2 Cleaner by clicking on it and then click RUN TOOL.

Now UPDATE Ad-Aware SE 1.05. Now RUN the full Ad-Aware SE scan (not just running the VX2 Cleaner part of it, like I described).

**
DO NOT, I REPEAT, DO NOT post another Ad-Aware SE log file. >>>

At least till someone asks for one. :) :)

**

Your last HJT log file is clean, I'll be surprised if it doesn't stay that way. At least for the time being ;)


After you've done everything, run the machine and surf with it for 24 hours. Run Ad-Aware and Spybot again and all that should be there are cookies and minor s---.

Post back to this thread if you get anymore problems. Provided of course it hasn't dropped off to page 2.

See the iDiOt walk
See the idiot TaLk

WaLk IdIoT WaLk


0

Response Number 14
Name: Nick_Relf
Date: October 12, 2004 at 13:32:47 Pacific
Reply:

Well it's definatly gone.

I haven't seen it....thank goodness.

Thanks for all your help people. It was the VX2 that eventually did it i think.

Many thanks!!

Nick


0

Response Number 15
Name: Montana_Guy
Date: October 12, 2004 at 19:45:50 Pacific
Reply:

*whew* VERY GOOD gentlemen !! Had the same problems, and jumped right to the VX2 issue and things are back to normal. THANK YOU !!

VX2 Cleaner
an Ad-Aware add on

http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml



0

Response Number 16
Name: Viking
Date: October 13, 2004 at 02:56:03 Pacific
Reply:

Make sure you have the latest updated VX2 Cleaner along with ALL other updated Add-Ons for Ad-Aware SE that you install. ....

Lavasoft support forums >>> Lavasoft - Additional Tools, Add-ons and Language Files >>> Ad-Aware SE Add-ons.

You can get the direct downloads from there.


See the iDiOt walk
See the idiot TaLk

WaLk IdIoT WaLk


0

Response Number 17
Name: Viking
Date: October 13, 2004 at 09:08:23 Pacific
Reply:

LMAO :)

The Lavasoft forums have been hijacked or they forgot to pay the bill by the looks of it !

I suggest you wait till normal service has been resumed. Or try the original Lavasoftusa link, if you can't wait.

I wouldn't bother clicking on the support forums link if I were you.

See the iDiOt walk
See the idiot TaLk

WaLk IdIoT WaLk


0

Response Number 18
Name: Viking
Date: October 14, 2004 at 01:51:25 Pacific
Reply:

Lavasoft forums back up and running again. Add Ons available from the support forum.

All the Add ons from all the links are the current versions now.

So any VX2 Cleaner add on you get from Lavasoftusa, Lavasoft support forums, Majorgeeks or wherever should all carry the 1.03 version number.


See the iDiOt walk
See the idiot TaLk

WaLk IdIoT WaLk


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Windows Me Forum Home


Sponsored links
Ads by Google


Results for: Once again I've got spyware!
Restart not functioning ... !!! www.computing.net/answers/windows-me/restart-not-functioning-/22636.html

Need driver for ASUS cd rom drive.. www.computing.net/answers/windows-me/need-driver-for-asus-cd-rom-drive/29367.html

Something I've noticed with ME - Scandisk www.computing.net/answers/windows-me/something-ive-noticed-with-me-scandisk/1278.html