Computer Hope

Software => Computer viruses and spyware => Topic started by: green tea on January 08, 2008, 01:08:12 AM

Title: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 08, 2008, 01:08:12 AM
I guess I'm the latest person to need help!

The problem started Sunday afternoon. I was just browsing a forum I frequent for years, and then a bunch of popups started appearing. I kept seeing "Internet speed monitor..." and "Root.Stardoor", etc. These made my computer so slow and I tried exiting each one, but every couple of minutes more would show up.

I also noticed a new folder appear in My Document. I tried deleting that but it wouldn't let me, saying the application is in use. Then I checked the Start Up section, to see if anything new was installed. Turns out 2 programs installed by themselves "ISM" and "Outerinfo" I uninstalled both of them, and restarted my computer.

I even had problems starting my computer. It would boot for a little bit and then the screen would be black, and then it started up again. So I tried the "last known good configuration" and "safe mode". I had to alternate between the two (AND turn the power switch off) multiple times before successfully getting into my computer again.

The Internet speed monitor was gone, but the "Root.Stardoor" ads kept showing up once in a while. And then I left for work today thinking everything was ok.
................

I come home and then noticed a couple ads had popped up. The Root.Stardoor and a couple less indecent ads. So I started yahoo-ing for some answers. I ended up d/l SUPERANTISPYWARE (aka SAS for short) and ran that. I did a complete scan and found 500 infected files!!!!! So I quarantined that and restarted my computer. I had the same rebooting problems as the other times I restarted my pc *sigh*

And then I ran the SuperAntiSpyware again, and found 20 more infected. I removed everything that was in the Quaratine, and did a third scan. Found 40 infected. All of these were "ADWARE..." and "TROJANS"

The popups are less now, but everytime I open a new IE browser, an ad (ie: IMVU) would pop up. I'm currently have the free version of SAS running. I know that for the premium SAS, there's the real time ad blocker but I was wondering if there was anything I could do to get rid of these spywares/viruses for free first??

A couple basic info--I have Windows XP and use Internet Explorer. I always worry that my pc is going to die on me, and I suck at all the tech aspect of computers, so please help.

Your assistance is highly appreciated!!
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: dairyman on January 08, 2008, 01:14:10 AM
Please read this post (http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095) and supply the logs.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: unlovedwarrior on January 08, 2008, 01:34:34 AM
get spybot search and destroy

delete the files sas quaretined and rerun the scan

get spyblaster and update it

get rogue remover and update it and remove what it finds

get pocket killbox and browse to the folder you want to remove select remove on reboot  then ok apply then restart

run your antivirus if you have one if not get avg free and update and remove..

do all of this in safe mode (reboot and press f8 and select safe mode)

do all of this and report back what the programs find and if killbox deleted the folder

and i use sas free and love it

just my 2 cents

unlovedwarrior
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 08, 2008, 07:56:50 PM
Ok, just got home. Here are the SuperAntiSpyware logs

I actually scanned with SAS 3 times prior to finding out about this forum, but I'm going to include those logs as well just so you can see what happened with my pc :)



[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 08, 2008, 07:58:49 PM
And here is the ESET log. I will get the Hijackthis log up later tonight.


[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 08, 2008, 08:11:22 PM
Print out these instructions as we will need to close every window that is open later in the fix.

Download VundoFix:
http://www.atribune.org/content/view/24/2/

    * Double-click VundoFix.exe to run it.
    * When VundoFix re-opens, click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

***************************************************
1. Download VirtumundoBegone (http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe) and save it to your desktop.

2. Now reboot into Safe Mode.

         1. This can be done tapping the F8 key as soon as you start your computer

         2. You will be brought to a menu where you can choose to boot into safe mode.

         3. Select safe mode with networking using your arrow keys on the keyboard and then press enter.

         4. When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps,

3. Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.

4. Exit when it has finished, and reboot back to normal mode.

*************************************************
Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
and post its log
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 08, 2008, 09:39:42 PM
Hi Broni, thanks for helping.

I had some questions before I follow your instructions. Do I still need to do Update my Java (Step 5 of Evilfantasy's things to do before posting) before I d/l the VundoFix?

Also, I'm having lots of trouble whenever I restart my computer. It won't run fully and stops in the middle of the Windows screen (before the login screen). My monitor would say "No signal" and the blackens out, then the pc would shut down and restart over again. That's when I have to do the "safe mode" or "prior good configuration" mode.

My other question was right after I'm done with VundoFix, do I reboot to normal mode, or safe mode (before proceeding to VirtumundoBegone)?

Hope this makes sense.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 08, 2008, 09:55:27 PM
Quote
Do I still need to do Update my Java
Yes.
Quote
That's when I have to do the "safe mode" or "prior good configuration" mode.
...and what you do?

VirtumundoBegone should be run from Safe Mode.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 08, 2008, 10:04:12 PM
Quote from: Broni on January 08, 2008, 09:55:27 PM
Quote
Do I still need to do Update my Java
Yes.
Quote
That's when I have to do the "safe mode" or "prior good configuration" mode.
...and what you do?

How to explain.. when I had trouble fully restarting my pc, I try getting to Safe Mode, and then restarting my pc again from there. This worked sometimes, and but other times didn't work. I had to restart to Last Known Good Configuration. So basically, I had to alternate between those 2 modes when I tried restarting these last 2 days (whenever I needed to reboot).


I just checked the Add/Remove screen, and do not see any Java related items at all. Is that possible??
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 08, 2008, 10:17:14 PM
Maybe, you don't have Java installed. Get it here: http://www.java.com/en/download/index.jsp

Don't use Last Known Good Configuration anymore, because it brings you back to old infected state.

Run everything in Safe Mode from now on, until I tell you otherwise.

While in Safe mode, run again ESET on-line, Superantispyware, then VundoFix, and VirtumundoBegone

When you're done, try to run HijackThis from Normal Mode. If you still won't be able to, run it from Safe Mode.

Don't use Last Known Good Configuration
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 08, 2008, 10:39:43 PM
Java 6 has been installed.

About 10 minutes ago, I d/led VundoFix, but then the screen went blank and all the icons on my desktop are gone. All I see now is my wallpaper, the start menu, and clock (that whole bottom taskbar).

And then I just did Control Alt Delete, and only saw this Internet Page.

I'm going to restart now, and go to safe mode.

Should I go to just "Safe Mode", or "Safe Mode with Networking"

Awaiting your reply before I reboot. Thanks
....................

On a side note, my screen goes blank onces in a while, and the the items in my bar gets moved around (like iTunes was at the front but now its the back, any My Documents folders that are open get closed,etc).
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 08, 2008, 10:46:59 PM
Quote
Should I go to just "Safe Mode", or "Safe Mode with Networking"
It doesn't matter.
Go, before things will get worse.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: unlovedwarrior on January 08, 2008, 10:55:36 PM
also while in safe mode try chkdsk /f (notice the space between the k and the /)
a black box will pop up and ask to do it on next restart enter y and press enter
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 08, 2008, 11:31:56 PM
Quote from: unlovedwarrior on January 08, 2008, 10:55:36 PM
also while in safe mode try chkdsk /f (notice the space between the k and the /)
a black box will pop up and ask to do it on next restart enter y and press enter

Hi, thanks for helping too. I was trying to get all the logs done, so I didn't follow the recommendation in your initial post. Hopefully, we don't have to do that.

Can you elaborate on the "chkdsk /f" process. What does this do, and where exactly do I go to enter that? I need all the detailed steps you can give me.
...........

Update: I'm currently in Safe mode and halfway done with ESET scan. It found 8 threats so far
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 08, 2008, 11:43:26 PM
ESET scan done. Here is the new log

But now I'm trying to run SuperAntispyware, but when I click on it, it says searching.. Then this window pops up-- "Problem with Shortcut: The item 'SUPERAntiSpyware.exe' that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly.   Nearest match based on size, date, type: ..... Do you want to fix this shortcut to point to this target or do you just want to delete it?"

So I tried installing it again, but it says "Window Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assist."

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: unlovedwarrior on January 09, 2008, 01:06:30 AM
run my suggest in the run box

start run

go to all programs and try sas

chkdsk /f checks your index and coorects any problems after your done restart your computer and redo the scans also install avg antispyware update and scan
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 09, 2008, 01:43:43 AM
unlovedworrior, we appreciate the help but you are trying to do repairs on infected files. It kinda defeats the purpose........

green tea you have something going on that I think is a fairly new infection. In the ESET log notice this entry C:\Program Files\QuickTime\qttask     .exe <<-- The space between qttask and .exe


Download  RenV.exe (http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe) to your Desktop
Note: The RenV.exe may look like it is doing nothing. Just let it run as it will complete and produce the log.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 09, 2008, 07:05:30 PM
Proceed with evilfantasy's advice, skip Superantispyware, and continue with other programs.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 07:49:19 PM
Hi guys, I rebooted to normal mode after my last post, and had to reinstall SuperAntiSpyware again. Then after that, I rebooted to safe mode and did the SAS scan overnight.

It completed and here is the new SAS log.

I can only work on this during the evening (since I work during the day), so I really appreciate the fact that Broni's in the same timezone as me, and dedicating time to helping us. The same goes to all you guys as well. :D

I will start working on Evilfantasy's suggestion.

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 07:55:33 PM
Quote from: evilfantasy on January 09, 2008, 01:43:43 AM

Note: The RenV.exe may look like it is doing nothing. Just let it run as it will complete and produce the log.

Ok, just did this. A log appeared instantly after I clicked "Run". Does that mean everything is fine or do I have to leave that log open for a while?

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 09, 2008, 08:04:12 PM
RenV didn't show anything, please right click and delete it from the desktop.

I think Broni may agree it is a good time for a Hijackthis log.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 08:13:49 PM
Currently running Vundofix. I will follow through with VirtumundoBegone, and then do the Hijackthis log (as initially suggested by Broni).

Please let me know if I should do otherwise. Thanks
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 09:35:57 PM
Ugh, I did the remove Vundo, but it says one of the files couldn't be remove, and that it had to reboot. So I did that, but I couldn't get back into Safe mode.

I did the F8 tapping, but it just rebooted normally. I tried restarting several times but it loaded normally.

So I login into my normal computer mode, and the Vundofix window appeared. I forgot to do "Scan for Vundo" again, but instead just did "Remove Vundo". Then it told me to reboot.

And same scenario, I can't get back to safe mode.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 09, 2008, 09:54:35 PM
Look in C:\vundofix.txt for the log.

Go ahead and post a Hijackthis log also.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 09:57:39 PM
Here is the Vundofix log.

I will now run Hijackthis in normal computer mode

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 10:01:50 PM
And here is the Hijackthis log

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 09, 2008, 10:16:08 PM
You have a nasty one on there for sure.

If you already have combofix delete it and download a new copy.

Please download Combofix by sUBs from either  here (http://"http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe") or  here (http://"http://subs.geekstogo.com/ComboFix.exe")

IMPORTANT - Combofix.exe MUST be saved to your your Desktop.Do not mouseclick combofix's window while it's running.
The scan will temporarily disable your desktop.
If interrupted it may leave your computer frozen.
If this occurs, please reboot to restore the desktop.

Next post
combofix log
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 09, 2008, 10:18:22 PM
You didn't use Last Known Good Configuration, at any point,  did you?
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 10:24:46 PM
I have never used Combofix before. How can I check to see if all the antivirus/antispyware programs are disabled? I just exited SAS, and the Norton Antivirus icon that usually appears in my taskbar did not appear when I login this time.

Quote from: Broni on January 09, 2008, 10:18:22 PM
You didn't use Last Known Good Configuration, at any point,  did you?

No, I've been in safe mode all this time. Except now I'm back in normal mode, since I couldn't get into Safe mode. Is there any other way to go to safe mode if the F8 key doesn't work?

.................

Going to do Combofix now
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 10:59:45 PM
Sorry guys, more problems. I ran Combofix, and then it told me to allow it to reboot. So I didn't touch anything and let the computer reboot.

I login and the Combofix screen said it was now Preparing a log, and not to run any programs. I was waiting for the result, when this window "RUNDLL" pops up saying that that particular program was not found. Also, SuperAntiSpyware started up automatically. AND then I got an alert from Norton Antivirus saying that "Malicious Script detected", that "your computer is halted and needs to do something about this script: C:\ComboFix\SvcDrv.vbs"

I don't know what to do. Is there a way to disable the Antivirus/antimalware programs and KEEP them disable even after the computer reboots??
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 09, 2008, 11:04:36 PM
Forget those.
Let's see, if we can get rid of bad guys through HJT.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 09, 2008, 11:09:40 PM
Go Start>Run, type in:
services.msc
Click OK.
Services window will open.
Look for Viewpoint Manager Service
Right click on it, click Stop
Right click again, click Properties, and under Startup type set it to Disable from drop-down menu

Go Start>Control Panel>Add\Remove, and:
Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar

Restart computer. Post new HJT log.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 09, 2008, 11:10:29 PM
I'll be back in 10-15 minutes.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 09, 2008, 11:12:19 PM
Go to C\:Combofix and look for the log in there.

If it isn't there then run it again with Norton turned off.

Taken From BleepingComputer

NORTON ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a (http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/norton.png) sign.You succesfully disabled the Norton Antivirus Guard.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 11:25:07 PM
Quote from: evilfantasy on January 09, 2008, 11:12:19 PM
Go to C\:Combofix and look for the log in there.

If it isn't there then run it again with Norton turned off.

Taken From BleepingComputer

NORTON ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a (http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/norton.png) sign.
  • right-click it -> chose "Disable Auto-Protect."
  • select a duration of 5 hours (this assures no interference with the cleanup of your pc)
  • click "Ok."
  • a popup will warn that protection will now be disabled and the sign will now look like this: (http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/norton_disabled.png)
You succesfully disabled the Norton Antivirus Guard.

Found the log for ComboFix. There was also another txt file called "pend" where I found the ComboFix txt file, so I included it.

I looked on my taskbar/system tray and all I see is the time (currently 22:20), the SuperAntispyware icon, Intervideo WinCinema Manager (which I never use), Safely Remove Hardware icon, and the Volume icon.

Also, when I disabled SAS before running Combofix, the Norton Antivirus icon was not on the taskbar either, which is why I was surprised to see the Norton Alert pop up after the reboot.

So is there any other way to disable Norton?? Should I uninstall SAS just in case?
........

Again, I apologize for all these questions, but should I be following both your and Broni's instructions. Are they going to complement each other??

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 09, 2008, 11:41:30 PM
Is that the whole combofix log?

It is cut off at the bottom. (the first one)
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 11:45:47 PM
Yeah that's it... I think it was cut off since ComboFix was preparing the log, and Norton Alert popped up and SAS started up by itself.

.........

I just uninstalled Viewpoint Manager and Viewpoint Media Player. Right now, I'm waiting to find a way to disable Norton and SAS so they won't interfere if I need to Combofix again.


Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 09, 2008, 11:51:20 PM
When you get Norton disabled, run combofix again and post the whole log it gives you.

You can stop Norton in the services if the tray icon has disappeared. Just remember to turn it back on after we are done.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 09, 2008, 11:55:50 PM
See but that's the thing. I didn't see the Norton icon so I assumed it was off. But when I ran ComboFix and rebooted, Norton just detected ComboFix and said it was a bad script.

So I'm sure I can't use ComboFix again unless Norton and SAS are really disabled until I enable them again.

........

Also, when I rebooted to Normal mode today, this thing popped up each time after I login.

RUNDLL with the message "Error loading C:\WINDOWS\system32\tpueedfx.dll

The specified module could not be found"

What the heck is this??
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 12:34:15 AM
Update: I went into SAS and change my preferences so that it doesn't automatically start when Windows start.

And then I went to Start>Run, and used "services.msc". I looked for Norton, and click "stop", and "disabled" it's automatic startup.

I'm going to run ComboFix again, hopefully reboot with a new log, and then do another Hijackthis log.

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 10, 2008, 12:40:31 AM
C:\WINDOWS\system32\tpueedfx.dll is a left from the vundo, which is why I need the whole combofix log.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 12:48:57 AM
I try Combofix again and the Norton alert came up again. So I rebooted again, just to make sure all the changes are in place.

Here is another Hijackthis log

And I will try the Combofix again.

....

Also, don't know if this is important for later, but I cannot use my CD and DVD drive at all (even prior to getting the popups, adwares, etc). So if I have to remove anything, and restore them later, I cannot use backup cds, etc.

The only way I can transfer data is with my Ipod, through a usb (or d/l the software from the web).
....

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 12:58:59 AM
Darn it, the Norton Alert popped up again when I tried running ComboFix.

Guess changing its status to "stopped" and disabling it's from auto start in the SERVICE WINDOW didn't work.

Hopefully, we can find a way around this, or find the solution in HJT.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 10, 2008, 01:05:23 AM
Open HijackThis and select Do a system scan only then place a check mark next to:

O4 - HKLM\..\Run: [1cbf3279] rundll32.exe "C:\WINDOWS\system32\tpueedfx.dll",b
O4 - Global Startup: MA111 Configuration Utility.lnk = ?

Close all windows except for HijackThis and click Fix checked

Exit Hijackthis.

Locate and delete the file tpueedfx.dll  located at:

C:\WINDOWS\system32\tpueedfx.dll


Please download DrWeb CureIt (http://freedrweb.com/) & save it to your desktop.

Scan with DrWeb-CureIt as follows:[/COLOR].
Next post please add:
Dr Web log
New Hijackthis log
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 01:16:23 AM
Quote from: evilfantasy on January 10, 2008, 01:05:23 AM
Exit Hijackthis.

Locate and delete the file tpueedfx.dll  located at:

C:\WINDOWS\system32\tpueedfx.dll


Where exactly do I go to delete this?


Also, I only have 1.11 gb of space left. Does this matter at all?
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 10, 2008, 01:23:40 AM
Go to My Computer->Tools->Folder Options->View tab:
The double click My Computer on the desktop. Double click C:\ to open it. Then open System32 folder.

Look for tpueedfx.dll and right click it and choose delete.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 01:37:43 AM
Am looking through all the folders in system32.

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 10, 2008, 01:50:05 AM
Just go ahead and run the Dr Web for now, We will see if it comes back in the next Hijackthis log,

Next post please add:
Dr Web log
New Hijackthis log
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 08:17:33 AM
Morning, I ran this overnight, and when I went to sleep, it was halfway done. I just turned my screen on and the computer rebooted by itself, so I didn't get a chance to save the report.

Is there a way I can get Dr Web log from last night?

Oh yes, when I logged in, that annoying RUNDLL popup for tpueed.fx.dll didn't show up. :)

And here is the new HJT log in the meantime.


[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 10, 2008, 10:57:42 AM
Look in c:\DoctorWeb\CureIt.log for the Dr Web log.

The Hijackthis log looks fine.

Once we see the Dr Web log (if there) we can probably wrap this up.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 07:28:07 PM
Hi, I went into the C drive but don't see any DoctorWeb folder at all

What should I do? And it's really good to see "wrap up" in your post. Let's hope it's true ;)
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 10, 2008, 07:58:55 PM
How is the computer now?
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 08:24:18 PM
Running quite well. It's been rebooting smoothly since yesterday, and now when I login, I don't have to wait forever for the computer to load. I had a bunch of unnecessary icons in my taskbar (before the infection), and I always exited those the moment I could.

Now, the taskbar only has the "Safely remove hardware" and Volume icons.

Also, when I open a new IE window, no popups. And I keep checking to see if anything's been installed without my knowing, and nada.

Seems ok for now. ;D
.....

Should I go back and reselect "Hide protected operating system files, etc" and unselect "Show hidden files and folders"?
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 10, 2008, 08:35:06 PM
Quote
Should I go back and reselect "Hide protected operating system files, etc" and unselect "Show hidden files and folders"?

No we will take care of that now.


Go to Start > Run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

----------

Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally.

Please download OTMoveIt2 by OldTimer  OTMoveIt2.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
----------

To learn more about how to protect yourself while on the internet read this article by Tony Klien:  So how did I get infected in the first place? (http://www.castlecops.com/postlite7736-.html)


Let us know if anything else comes up.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 08:47:22 PM
Ok, uninstalled Combofix. How do I reset the clock setting and reset System Restore again? I just went into My Computer and its back to the default selections (hide protected operating system files, hide file extensions for known file types, etc).

And for the OTMoiveIt2 program, do I delete everything on the list. Would it include stuff like iTunes, etc?

Do I do all this and then reboot?
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 10, 2008, 09:04:00 PM
Combofix reset everything for you so nothing to do there.

As for OTMoveIt this is the list that it should produce to remove.

Can you copy and paste the list in the next reply that shows where it is wanting to remove iTunes.

[nobackups]
avenger.zip     <Avenger by Swandog46>
Avenger
avenger.txt
bfu.zip         <BFU by Merijn>
BFU
combofix.exe    <ComboFix by sUBs>
QooBox
ComboFix*.txt
catchme.exe
nircmd.exe
swreg.exe
Swxcacls.exe
Swsc.exe
dss.exe         <Deckard's System Scanner by Deckard>
Deckard
FindAWF.exe     <FindAWF by noahdfear>
AWF.txt
fixwareout.exe  <FixWareout by LonnyRJones>
fixwareout
fsbl.exe        <F-Secure BlackLight>
fsbl*.log
gmer.exe        <GMER by Gmer>
gmer.dll
gmer.ini
gmer.log
gmer_uninstall.cmd
gmer.sys
gmer            <delete service>
haxfix.exe      <Haxfix by Markie>
haxfix.txt
killbox.exe     <Killbox by Option^Explicit>
!Killbox
NoLop.exe       <NoLop by ?>
NoLop.txt
NoLopOLD.txt
delete.bat
OTMoveIt.exe    <OTMoveIt by OldTimer>
OTMoveIt2.exe
_OTMoveIt
rustbfix.exe    <Rustbfix by Ejvindh>
Rustbfix
sdfix.exe       <SDFix by Andy_Manchesta>
SDFix
SmitfraudFix.exe <SmitfraudFix by S!Ri>
SmitfraudFix
rapport.txt
SysInsite       <System Insite by Bobbi Flekman>
VundoFix.exe    <VundoFix by Atribune>
VundoFix Backups
vundofix.txt
vundofix.vft
win32delfkil.exe <WinDelfKil by Markie>
_backupD
windelf.txt
winpfind.exe    <WinPfind by OldTimer>
WinPfind
winpfind3u.exe  <WinPFind3 by OldTimer>
WinPFind3u
winpfind35u.exe  <WinPFind35 by OldTimer>
WinPFind35u
cleanup.txt
[deleteself]

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 11:10:46 PM
Oh, there's no list saying iTunes was going to be removed. I asked because I was worry that OTMoveIt might delete EVERYTHING.

.....
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 10, 2008, 11:20:02 PM
It just takes out what could be damaging if not used for the right purposes.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 10, 2008, 11:23:07 PM
Just ran OTMoveIt2 and after the cleanup, it said it needed to reboot. I clicked ok, and the computer rebooted BUT it didn't reboot properly. It shut down in the middle of the reboot. But the next reboot was fine.

However, once I logged in, a screen titled "VPN Client"with this message: "usage: vpngui [-c l -sc [-d] [-user <username>] [-pwd<password> l -eraseuserpwd]] <connection entry"

I used VPN a couple years ago at my school, but haven't used it since. I guess the cleanup wiped the password away?
............

Anyways, CCleaner, SuperAntispyware, VundoFix, VirtumundoBegone, Hijackthis, and all the logs I saved on the desktop are still here.

Don't have to worry about them right?

.......

Also, the clock still has not changed back to normal. It's still showing 22:25 for me. How to change?

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 10, 2008, 11:55:48 PM
You can delete the logs you no longer need them.

Why the clock is set to 24hr format I don't know. I didn't know it had that ability. Let me look around and find out how to get it back to normal.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 11, 2008, 12:15:44 AM
Thanks, I hope you can find a solution. Combofix changed it when it first did the scan, but it didn't change back once the scan was done and the computer rebooted. I think that the whole Norton alert popup/SAS starting automatically really screwed up that Combofix.

Anywho, good night. I'll talk to you guys tomorrow evening.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 12, 2008, 01:06:38 PM
Help again! For two nights now, the computer has rebooted by itself, and when I login, I keep seeing "your computer has recovered from a serious recovery, etc".

And then I did the send error report to Windows and got this. http://wer.microsoft.com/responses/Response.aspx/134/en-us/5.1.2600.2.00010300.2.0?SGD=bff61f81-0c47-4358-a95a-3e8179907d01#here

It seemed to be better before I did the OTMoveIt. Any suggestions?
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 12, 2008, 01:20:55 PM
Quote
Problem caused by computer hardware

It is a hardware issue.

OTMoveIt just removed any programs removed that we used so it is unlikely that that is the cause.

Try to get an error number and post in the hardware forum as they have more knowledge there and will give more specific advice.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 04:09:42 AM
Ok I will do that. How do I get the error #?

Also, prior to making this thread, I had downloaded and installed Antispyware to scan my pc. I found out that you had to pay if you wanted to use the full service, so I ditched that and installed Superantispyware instead. I uninstalled Antispyware BUT I just caught it running just now

It started scanning, but I'm surprised (maybe a bit worried) that it's running on its own. Can I get rid of it completely??? I double checked my Add/Remove section and it is not on the list.
....

And any luck finding out about how to change the clock back to default?
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 13, 2008, 10:45:01 AM
I will need a Hijackthis log to see what all is running.

No I haven't seen any way to get the clock back yet. Sorry.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 12:36:12 PM
Here's the new HJT log

I uninstalled VPN Client since I don't use it anymore, and the error that Ive been mentioning related to it (upon logging in) is gone. And I "shutdown" Antispyware the moment I saw it scanning.

And the computer didn't reboot by itself last night. Gotta say, I'm relieved not seeing "your system has recovered from as serious error".



[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 13, 2008, 12:54:25 PM
The only thing I see running as far as antispyware is SuperAntispyware.

What is the full name of the other one. Is it just antispyware?
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 05:48:14 PM
Yes, it's just "Antispyware". The icon for it has rainbow colors.

I forgot where I downloaded it from, but I was searching around for help, and I saw it in a list of suggested things to use to check for spywares.

So I used it, but it only did the scanning. If you wanted to remove all the stuff it found, you had to pay for it.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 13, 2008, 06:06:18 PM
Can you post a screenshot of the icon?
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 09:29:10 PM
This is the best I could do.

(http://i2.photobucket.com/albums/y21/chungie/Tech/IMG_5524.jpg)

And I cannot remember where I had found a link to this program in the first place, nor can I remember the exact website where I d/l the program. :(
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 13, 2008, 09:37:01 PM
Same icon here:
http://www.antispyware.com/
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 09:42:18 PM
*smacks head* Yes, I think that's the site.

I was searching for "Antispyware.exe" on yahoo but didn't see anything relevant in the search results.

Now this thing looks official, but how come it didn't uninstall completely?
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 13, 2008, 09:50:34 PM
It is official, but Antispyware. com is on Eric Howes' Rogue/Suspect Anti-Spyware List. Yes, the whole site is listed, lol. Neither IE of Firefox will let me connect to the site due to my security settings.


Download  SmitfraudFix (by S!Ri) (http://"http://siri.urz.free.fr/Fix/SmitfraudFix.zip") to your Desktop.
http://www.beyondlogic.org/consulting/processutil/processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)


Next post
rapport.txt log
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 13, 2008, 09:53:20 PM
On the other hand, Site Advisor lists it as green.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 13, 2008, 09:56:02 PM
Quote from: Broni on January 13, 2008, 09:53:20 PM
On the other hand, Site Advisor lists it as green.

Good point. Reading the reviews is telling though.

I'm going to go put in my .02 cents now.

EDIT: There I told them lol.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: Broni on January 13, 2008, 10:00:17 PM
You're very right. I didn't read those, until you pointed it out.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 10:07:37 PM
^What's going on?

I just ran SmitfraudFix as advised, and here is the rapport log.

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 13, 2008, 10:16:40 PM
Try running combofix again.

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)IMPORTANT - Combofix.exe MUST be saved to your your Desktop.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 10:20:49 PM
Remember the problem I had with Norton Alert interfering with ComboFix. I can't use it unless Norton is completely off, but I have no clue how to do that.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 13, 2008, 10:33:35 PM
If you can't get that to run then lets try this.


Download  Deckard's System Scanner (DSS) (http://"http://www.geekstogo.com/forum/index.php?automodule=downloads&req=download&code=confirm_download&id=19") to your Desktop.
Note: You must be logged onto an account with administrator privileges.[/COLOR]
What DSS will do:-
Next post
Deckards main and extra text logs

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 10:39:31 PM
I was able to successfully use ComboFix!

I opened up Norton, and finally noticed the "Script blocking" section, so I went into Options, and unselected "Script Block". And that did the trick ;)

Now hopefully, the clock will be back to normal and solve this one and for all.

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: dairyman on January 13, 2008, 11:00:54 PM
Quote
On the other hand, Site Advisor lists it as green.

McAfee is going to be flaming when I'm done with them. Two systems (mine and an old Windows ME computer) running McAfee products and both of them had an infection. Now that I have AVG Anti-virus and Spybot S&D, my computer is absolutely free of viruses and spyware. (also thanks to Broni and evilfantasy for helping). Leaving a comment right now. (I think they rate the website red if a certain number of people rate it red)

-- edit --

Now this is interesting, after seeing how many members rated this red, they changed the rating of serial99 from green to red.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 13, 2008, 11:18:45 PM
Thank goodness it ran!!!!


Delete these files/folders, as follows:

1. Please open Notepad it must be Notepad, not Wordpad.
2. Copy the text below by highlighting all the text and pressing Ctrl+C

Quote
Folder::
C:\Program Files\AntiSpywareApp
C:\Documents and Settings\User\Application Data\AntiSpyware
C:\WINDOWS\VXNlcg

File::
C:\WINDOWS\NirCmd.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\uxvbbaud.ini

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiSpyware"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript.gif)

ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

---------------

Download  RenV.exe (http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe) to your Desktop

Double click on RenV.exe
The program will search your System drive to locate any .exe files with spaces in the name, and will produce a log.
Save the log as Log.txt on your Desktop
Please attach this file to your reply

---------------

Next post
Combofix log
RenV log

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 11:34:45 PM
Quote from: evilfantasy on January 13, 2008, 11:18:45 PM
Thank goodness it ran!!!!


Delete these files/folders, as follows:

1. Please open Notepad it must be Notepad, not Wordpad.
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
[

Just to make sure, there should be a space between notepad and .exe??
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 13, 2008, 11:43:51 PM
Quote
Just to make sure, there should be a space between notepad and .exe??

NO..... NO space at all!!!


Good eyes, I am updating my notes and need to fix that.

Thank you!!!!!
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 11:48:30 PM
Haha, eversince I've been on this forum, I feel like I should take a computer science or programming course. You guys are that inspiring  ;D

And yes, I'm reading your every word, since I'm paranoid about not screwing my pc up.

Ok, time to do this
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 13, 2008, 11:58:22 PM
Ok, here are the latest ComboFix and RenV logs

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 12:17:12 AM
Good job!!!!

Still a few to delete.

Make sure hidden files and folders are showing and delete these files/folder (in bold)
C:\WINDOWS\imsins.BAK
C:\Program Files\AntiSpywareApp\AntiSpyware .ex << Delete the file and folder.


* Copy the entire contents of the quote Box below to Notepad.
** It MUST be Notepad
* Name the file as Log.txt
* Change the Save as Type to All Files
* and Save it on the Desktop

Quote
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy .exe
C:\Program Files\Creative\ShareDLL\CtNotify .exe
C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd .exe
C:\Program Files\SymNetDrv\SNDMon .exe
C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

Refering to the picture below, drag Log.txt into RenV.exe and attach the resulting report to your reply.

(http://img.photobucket.com/albums/v666/sUBs/RenV.gif)
Next post
RenV log

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 12:25:55 AM
Quote from: evilfantasy on January 14, 2008, 12:17:12 AM
Good job!!!!

Still a few to delete.

Make sure hidden files and folders are showing and delete these files/folder (in bold)
C:\WINDOWS\imsins.BAK
C:\Program Files\AntiSpywareApp\AntiSpyware .ex << Delete the file and folder.


I see imsins.BAK and imsins.log, should I delete both of them?

And I'm in the Program Files folder, but do not see a AntiSpywareApp folder.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 12:30:37 AM
Yes they should both go. They are leftovers of one of the infections.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 12:35:23 AM
Ok, deleted the two imsins file and emptied my recycle bin.

I did a search for the Antispyware one in my Search box, and got these results. I don't know if any of them are relevant to this or not

(http://i2.photobucket.com/albums/y21/chungie/Tech/IMG_5526.jpg)
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 12:41:30 AM
One is the windows prefetch which we will be cleaning shortly, and the other (qoobox) is the combofix backup files, which we will delete later.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 12:44:10 AM
So, should I go ahead and do the part about creating and dragging that log into RenV? Or should I keep looking for the C:\Program Files\AntiSpywareApp\AntiSpyware .ex


Quote from: evilfantasy on January 14, 2008, 12:17:12 AM
Good job!!!!

Still a few to delete.

Make sure hidden files and folders are showing and delete these files/folder (in bold)
C:\WINDOWS\imsins.BAK
C:\Program Files\AntiSpywareApp\AntiSpyware .ex << Delete the file and folder.


* Copy the entire contents of the quote Box below to Notepad.
** It MUST be Notepad
* Name the file as Log.txt
* Change the Save as Type to All Files
* and Save it on the Desktop

Quote
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy .exe
C:\Program Files\Creative\ShareDLL\CtNotify .exe
C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd .exe
C:\Program Files\SymNetDrv\SNDMon .exe
C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

Refering to the picture below, drag Log.txt into RenV.exe and attach the resulting report to your reply.

(http://img.photobucket.com/albums/v666/sUBs/RenV.gif)
    -


Next post
RenV log


Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 12:49:21 AM
You do have hidden files and folders enabled?

If you cant find them then just do the RenV step.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 12:51:16 AM
Yes, "Show hidden files and folders" is selected, and "hide extensions..." and "hide protected operating system files" are unselected.

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 12:52:59 AM
They are probably not there now. You searched and only found the two mentioned so I am pretty sure they are gone already.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 12:54:58 AM
Ok here is the RenV log

How much longer are you going to stay up?

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 12:59:29 AM
I will be up until we run the next scan which will take a while.

Create another notepad file and copy this file path into it. 
Name it Log.txt (replace the old one)

Quote
C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100 .EXE

Drag the file into RenV.exe

Post the log.

You can just copy and paste it.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 01:05:40 AM
Code: [Select]
Ran on 2008-01-14 -  0:04:43.95

----a-w            77,887 2008-01-08 15:27:09  C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100 .EXE

 Entries:                1  (1)
 Directories:            0  Files:             1
 Bytes:             77,887  Blocks:          153
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 01:13:42 AM
OK, try to find the QFSCHD100 .EXE and delete it.

C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100 .EXE

Next:

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

 Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.[/LIST]
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
(http://img.photobucket.com/albums/v666/sUBs/Kas-SaveReport-1.gif)
(http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif)
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please attach the Kaspersky Online Scanner Report in your next post.



----------

Next post
Kaspersky log[/color]

This scan will take a while, so i will see it in the morning or whenever you get ot posted.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 01:27:34 AM
Ok, I deleted C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100 .EXE
and ran the ATF cleaner.

I will do the Kaspersky log tomorrow evening since I want to be awake when it does the scan. No more overnight scans for me!

Thanks EvilF, I'll talk to you tomorrow
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 01:31:23 AM
No problem we will start again tomorrow.

Later....
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 09:59:38 PM
Question, when you say run Kaspersky with Internet Explorer, do I save the program to my desktop?

Or do I just click Run without clicking "Save" first?

or do I use the "Kaspersky File Scanner" located on the bottom of the page, under the section OTHER TOOLS??
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 10:11:30 PM
Follow the link http://usa.kaspersky.com/products_services/free-virus-scanner.php

You have to use the Internet Explorer browser because it runs in the browser, it isn't going to install anything but an ActiveX control. Everything is done right in the browser window. Firefox and the other browsers don't use ActiveX so it will not work with them.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 10:15:29 PM
I did click on that link, but there was no activeX prompt or anything.

And I only use IE.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 10:17:05 PM
I fixed it, for some reason this forum likes to munge my links when I post them.

Should work now.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 10:20:35 PM
yeah I noticed the " " screwing the links up, but I can get to the site just fine. But still nothing asking me to install ActiveX
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 10:24:11 PM
On the main page it says Download Now under the magnifying glass, click that.

It looks like the instructions are slightly out of date, I will need to update them. Saving the log instructions are still the same though.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 10:27:21 PM
So I should save it to my desktop and run it from there?

Thanks for your patience
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 10:29:32 PM
It isn't going to install anything to the desktop, it all happens in the browser, just click Run or Install (can't remember which) when the prompt comes up and it will go to a different page to start the scan.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 10:34:11 PM
When I click D/L now, a window pops up with Run/Save/Cancel options. I clicked Run and it's d/l the program to a temp folder

And now it has a "Location to save files" window up, with this folder automatically being chosen C:\KAV\SOS6.0\english

So it looks like it's not going to scan in the IE browser.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 10:37:01 PM
OK, not my night, sorry.

Use this link, it is correct to the instructions on the other page. Click accept.

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 14, 2008, 10:43:02 PM
Ok great, will do that in a minute.

But a question first, do I need to worry about/delete this first? KAV6.0.3.837_SOSEN.EXE-1EF839F8.pf

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 14, 2008, 10:44:37 PM
You can delete it, it will not do any harm but is doing no good there.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 15, 2008, 01:16:22 AM
Here is my Kaspersky log and good night. We'll do more stuff tomorrow, thanks

[file cleanup - saving space - attachment deleted by admin]
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 15, 2008, 02:00:55 AM
Took a while, but it was worth it. We are close now.

Locate and delete these files.

C:\Documents and Settings\User\My Documents\Download\WinZix-2.1-setup-0514.exe

C:\Documents and Settings\User\My Documents\Download\WinZix-2.1-setup-0514.exe

The file name may be slightly different, the Kscan log was sort of messed up. Delete anything that has to do with WinZix-2.1-setup-0514.exe

Then run ATF-Cleaner again.

Let me know how the computer is now.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 15, 2008, 09:26:06 PM
Found the Winzix and deleted it. I checked the date when I d/l that file and it was from July 2007. Don't remember why I needed that for but I didn't think it was bad.

And ATF Cleaner just cleared 77 mbs.

My pc seems fine. It hasn't restarted since I caught and closed Antispyware.exe from running. ^_^

Do we need to do OTMoveIt2 again? Gotta say, I'm afraid that we'll repeat the cycle (and then the pc reboot without my knowing, etc).

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 16, 2008, 11:28:33 AM
Cleanup

Time to do some cleanup and secure the work you have done.
(http://i154.photobucket.com/albums/s258/evilfantasy69/combofixu-1.jpg)

-

Please download OTMoveIt2 by OldTimer  OTMoveIt2.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

Here are some great tools to help you keep from getting infected again.

 Spybot Search & Destroy (http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1) - A safe and effective spyware scanner.
*  Official Spybot Tutorial (http://www.safer-networking.org/en/tutorial/index.html)
*  Spybot FAQ (http://www.safer-networking.org/en/faq/index.html)

 AVG Anti-Spyware Free Edition (http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0) - Very reliable with a high detection rate.
*  AVG Anti-Spyware User Manual (http://free.grisoft.com/doc/5390/us/frt/0?prd=asf)

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*  SpywareBlaster Tutorial (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

 Comodo BOClean (http://www.comodo.com/boclean/CBO_download.html) - Stops trojans and many more malicious attacks.

Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over.
*  Click here (http://www.freebyte.com/antivirus/#freefirewalls) for a list of free firewalls.

UPDATE UPDATE UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer.
*  Help with Windows updates (http://support.microsoft.com/?scid=ph;en-us;6527)

Learn more about how to protect yourself while on the internet read this article by Tony Klien:  So how did I get infected in the first place? (http://www.castlecops.com/postlite7736-.html)

Let us know if anything else comes up.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 17, 2008, 12:37:18 AM
Uninstalled Combofix like you said, but the clock is still in that weird format. It's 23:34 right now :-\

And then after I used OTMoveIt, I was prompted to reboot my pc. Upon rebooting, the computer stopped functioning (the monitor said "no signal") and the computer turned off and restarted.

I went to safe mode, and then restarted from there. So upon logging in Normal Mode, the "Your computer has recovered from a serious error" window pops up.

My OTMoveit hates my pc, or maybe I hate OTMoveit, OR maybe I should get a new pc *shrug* :'(

But hopefully everything else is ok.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: dairyman on January 17, 2008, 04:02:20 AM
Quote from: green tea on January 17, 2008, 12:37:18 AM
but the clock is still in that weird format. It's 23:34 right now :-\

Click on Start, click on Control Panel, click on Regional and Language Options and click on the "Regional Options" tab. Click Customize. Click on the Time tab, click on the Time format drop-down box and choose h:mm:ss tt. Make sure the AM symbol is set to AM and PM set to PM. Click Apply and click OK. Click OK on the Regional and Language Options dialog.

Good luck   ;)
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 17, 2008, 07:03:56 AM
I don't know why OTmoveIt is doing that with your computer. Hopefully everything is OK now.

Thanks Dairyman.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on January 17, 2008, 10:23:06 PM
I don't know either Evil. I'll be looking to you guys for advice on the best pc to get later on ;)

Quote from: dairyman on January 17, 2008, 04:02:20 AM
Quote from: green tea on January 17, 2008, 12:37:18 AM
but the clock is still in that weird format. It's 23:34 right now :-\

Click on Start, click on Control Panel, click on Regional and Language Options and click on the "Regional Options" tab. Click Customize. Click on the Time tab, click on the Time format drop-down box and choose h:mm:ss tt. Make sure the AM symbol is set to AM and PM set to PM. Click Apply and click OK. Click OK on the Regional and Language Options dialog.

Good luck   ;)

Sweet!! It works, thank you!

I love this place. I learn something new about the computer everytime ^__^

Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on January 17, 2008, 10:34:00 PM
Glad it worked, I had never seen that either.

Safe surfing...............
Title: Trouble with loading Yahoo.com
Post by: green tea on February 09, 2008, 09:13:29 PM
Hey guys..

Does using ATF Cleaner a lot effect the memory?? For the past 2-3 weeks, I've been having trouble loading Yahoo.com. Usually that loads instantly since I have cable. But now, the screen just stays blank and takes FOREVER. At first, I was hoping it was just Yahoo doing a maintenance check or something, but then it loads just fine at work. And most of the other websites I go to loads ok.

And recently, I would open IE and go to a website, but then the browser closes, and a popup will appear with the following message: "The instruction @ "0x7e1t9afc" referenced memory at "0x01fa6ec8" memory could not be "red" Click ok to terminate program"

I'm not sure what's going on, so I thought I'd ask here first
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on February 09, 2008, 09:39:13 PM
It shouldn't effect the memory although it does clean the Prefetch which isn't advised to do on a regular basis. You can uncheck the Prefetch option before running ATF Cleaner.

CCleaner is a safer alternative for a daily cleaner. It has a setting to clean Old Prefetch Data but must be enabled under Advanced Options.

Quote
Cleaning the Prefetch folder in Windows XP/Vista is a Myth and will reduce performance. The Prefetch folder is self cleaning at 128 entries by Windows. When the 128 limit is reached Windows will keep the 32 most used prefetch files. Cleaning the folder before this will cripple Windows load and all application load times.
Full Article (http://lifehacker.com/software/windows/tweak-windows-prefetch-for-a-faster-startup-201453.php)


Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: green tea on February 09, 2008, 09:48:46 PM
Haven't heard of Prefetch before this.. I should have asked about the effects of using some of these programs before using them every now and then.

So it looks like I have to let Yahoo load twice before it goes back to normal. I guess it makes sense since one of the comments on that article said the load time could go up 100% *doh*
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on February 09, 2008, 09:53:24 PM
It is also a good idea to restart the computer immediately after doing a thorough cleaning, with either ATF or CCleaner.
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: don19wil49 on February 10, 2008, 06:25:06 AM
I have a Dell and run windows XP. In the tasktray a red X keeps popping up announcing that my computer is infected and wants me to buy a certain antispyware. How do I get this annoyance out of my tasktray
Title: Re: Help!! How to stop all the Popups, Adwares and Trojans??!!!
Post by: evilfantasy on February 10, 2008, 10:04:39 AM
Don19wil49 you will need to read  this post (http://www.computerhope.com/forum/index.php/topic,46313.0.html) and start a new thread with the information.