calling all adware, so it seems

Computing.Net > Forums > Windows XP > calling all adware, so it seems

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

calling all adware, so it seems

Name: CMartin
Date: January 22, 2004 at 18:35:08 Pacific
OS: XP
CPU/Ram: 3ghz / 1024mb

Comment:

please help... I don't know how this started. This didn't happen on my last computer that was exactly the same (same internet connection, same sites visited) only it was older (300mhz, 96mb) and had NO virus protection.
I bought this computer 2 weeks ago and within 24 hours the problems started. I've run CWShredder, Adaware, Spybot and Norton countless times since then. They usually find something and delete it only to have it return a little later.
Even if I don't open a web browser all day, I'll have more adwarez by that evening.
I apologize if this is a repeat post. I don't know enough glean the info I need browsing the other treads.
Thanks in advance.
Without further ado, please help:
Logfile of HijackThis v1.97.5
Scan saved at 9:29:19 PM, on 1/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\mqzfhmsy.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\jqngtzjk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\WinZip\WZQKPICK.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\martin\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {0176DFCF-9FC2-469B-9BEE-8213DF2903BF} - C:\WINDOWS\hgnpqrcq.dll
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DB43794-DAC1-419F-99FF-A59384BF049E} - C:\WINDOWS\System32\dxmagsf.dll (file missing)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: searchsprint - {AEE46806-2C5A-4A4E-A5DD-B4531F64A187} - C:\WINDOWS\dsnmkgda.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [zowldbzt] C:\WINDOWS\mqzfhmsy.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [4SJ#8Y745N9X#@] C:\WINDOWS\System32\Qkd3GHW.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [mhbnmnvh] C:\WINDOWS\jqngtzjk.exe
O4 - HKLM\..\Run: [Tat] C:\WINDOWS\system32\pgtools\tatss.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38004.7536921296
O16 - DPF: {F420A442-7538-48DF-A3F1-C55BDE3BBB56} (jimmyload.jimmycont) - http://www.roings.com/sec.cab

Sponsored Link

Ads by Google

Response Number 1

Name: Hooner
Date: January 22, 2004 at 22:15:42 Pacific

Reply:

You wont get a reply in this forum, we're all sick and tired of HJT logs.

Response Number 2

Name: CMartin
Date: January 23, 2004 at 05:59:13 Pacific

Reply:

Thank you for your candor.
How (or where) should I present my problem?

Response Number 3

Name: andyhargreaves
Date: January 23, 2004 at 07:32:48 Pacific

Reply:

Perhaps a little more helpful suggestion...
I think you need to install/enable a little protection before attempting a cure. Either use the WinXP built in firewall or install ZoneAlarm (free - download.com). Set the firewall up with maximum security, whilst disconnected from the web. Restart the PC and remain disconnected from the web. Now run all the virus and adware programmes (check they are all genuine, and not spyware infested... - I use only FSecure for virus and AdAware - no problems) and restart the PC again. Make sure the firewall is running and maximum protection is enabled before reconnecting to the web.
Post more details (your connection and type etc if possible) if the problems continue. Or email me.
Andy

Response Number 4

Name: andyhargreaves
Date: January 23, 2004 at 07:34:02 Pacific

Reply:

Sorry, forgot to add, make sure your virus protecton DATs are up to date.....

Response Number 5

Name: Abnormal
Date: January 23, 2004 at 10:15:14 Pacific

Reply:

CMartin, you have the peper trojan, along
with others that can't be removed the
easy way. Best bet is to post in the
security and virus forum, it will get
more attention there.
Info on the peper trojan, by a member
of spywareinfo.com
http://www.mjc1.com/files/peperpage/

One more thing to try;
Download Ad-Aware and update it.
http://www.lavasoftusa.com/support/download/
From lavasoft faqs.
Use the Custom Scan with Memory and Both registry scans ON for your first scan.
I keep it at that setting.
Also.... make sure that you activate IN-DEPTH scanning before you proceed.
Actually you should always use IN-DEPTH scanning whichever mode you choose.
This will be made a default setting in Ad-aware 6.2 when released.
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
"Unload recognized processes during scanning."
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
"Let Windows remove files in use after reboot."
Next...
Run Ad-aware 6.
Mark the objects you wish to eliminate for removal. All would be my choice.
Make a Quarantine only if you do not have the Auto-Quarantine option ON.
Then choose to Next to remove the chosen objects.
Finally.....Reboot
Do that, and post a new log in the security
forum, some guys that are one up on me,
can help.

excel find all and delete This entry is not running from the System32 folder, so it is probably nasty I have switched keyboards, so i know the keyboards are working from using t	it asked me what program to open it with so i used one from the list and no give permissins to network drive so that all users share it on windows 2003 how to set a background image in html so it fits all different sizes of scr
See More

Response Number 6

Name: Abnormal
Date: January 23, 2004 at 16:23:18 Pacific

Reply:

I found an uninstaller for the peper trojan.
From members at spywareinfo.
http://mjc1.com/files/peperpage/uninst.exe
http://zerosrealm.com/downloads/uninst.exe

Sponsored Link

Ads by Google

How can I browse Temp. In...

Win Explorer connects to ...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows XP Forum Home

Sponsored links

Ads by Google

Results for: calling all adware, so it seems

wierd lockups from outta the blue

Summary

www.computing.net/answers/windows-xp/wierd-lockups-from-outta-the-blue/69858.html

Calling all Video Capture geeks

Summary

www.computing.net/answers/windows-xp/calling-all-video-capture-geeks/133877.html

CDR101 Not ready reading drive E:

Summary

www.computing.net/answers/windows-xp/cdr101-not-ready-reading-drive-e/83524.html

From the Geek Dictionary
craptacular - Your day has gone down the tubes but you still have a good attitude about i...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History

Recent Posts
Back to the Future Crysis Mod

Copying Dynamic Folder

All in one printer

Passing parameter in Batch File through VB6

Switch to router connection!?

All Awaiting Reply

Tom's News
Microsoft Fires Back at Xbox Live Lawsuit

Xbox 360 is Now Four Years Old

Star Trek Online Goes Open Beta in January

AOL Getting New Logos Made From Random Stuff

AT&T Sets the Coverage Map Record Straight

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE