Need help with QOOLOGIC/freezing/errors/possible worm... Have HJT log.

ChemicalIronyChemicalIrony
edited January 2006 in Spyware & Virus Removal
Yesterday, and well into the morning today, I have been working on my husband's computer, deleting adware, spyware, the occasional worm, and ad residuelingering ad residue. I managed to get rid of a ton of stuff, but now there are more error messages than before, specifically with the files I was told to delete by other misc. websites. I realize this means that I haven't gotten rid of the whole program quite yet. A lot of the problem is within the registry, and I don't have a clue where to go to get rid of that stuff.
I'm pretty sure I have the Trojan QOOLOGIC and a I may still have a worm. Here is a list of all the current errors and stuff.

OLD problems:
As soon as the computer turns on, it runs a hardware check. It gives the error message:
"ERROR
02B0: Diskette drive A error"
Jon says this has happened since he kicked it out of frustration(yeah...I know...). After Windows loads, but before the Windows Explorer/Desktop loads, A message pops up:
"To finish setting up harware, you must restart your computer.
Do you want to restart?"
This message has been appearing ever since he installed a new sound card. The sound card works fine. After you hit NO and the Desktop appears, you get these RUNDLL messages:
"C:\WINDOWS\SYSTEM\DATADX.DLL
The system cannot find the path specified."
"C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL
The system cannot find the the file specified."

NEW:
Now that I've deleted several things, I get these RUNDLL errors. "The system cannot find the file specified":
CFGMGR52.DLL
VIDCTRL.DLL
E6F1873B.DLL
AUNPS2.DLL

Here is my HIJACK THIS Log. Naturally, half the programs listed don't even show up in the tasklist. I do have MSIE, but it acts up a lot, and it is a 6.something. I can't really upgrade because of all the freezing.

Logfile of HijackThis v1.99.1
Scan saved at 3:50:46 AM, on 12/29/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\ELITEKKO32.EXE
C:\WINDOWS\DDPPDD.EXE
C:\WINDOWS\SYSTEM\ELITESRJ32.EXE
C:\WINDOWS\ETB\POKAPOKA79.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1546 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc?u=1546 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1546 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.otelco.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc?u=1546 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc?u=1546 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.deviantart.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9EC46D79-30B9-D2AF-99D9-E94B5E5A076F} - C:\WINDOWS\Bzpyyozw.dll
F1 - win.ini: run=c:\windows\options\cabs\cyxid98.exe hpfsched
O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
O2 - BHO: (no name) - {7D118378-175F-FF90-ABDE-5CD81C505BC6} - C:\WINDOWS\Bzpyyozw.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\ONLINE SERVICES\PRODIGY\BIN\PIDUNHK.EXE"
O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: C:\WINDOWS\TEMP\B.EXE
O4 - HKLM\..\Run: [e4c886eda7bf] C:\WINDOWS\SYSTEM\ADVAPI32.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [PaintingRoom evidence monitor] "C:\Program Files\PaintingRoom\paintingroom.exe" -trayevidence
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [7G8MTPO8] \Progra~1\7G8MTPO8\7G8MTPO8.exe
O4 - HKLM\..\Run: [ifstaz] C:\WINDOWS\ifstaz.exe
O4 - HKLM\..\Run: [JPLVDLL] C:\WINDOWS\JPLVDLL.EXE
O4 - HKLM\..\Run: [MZFAENC] C:\WINDOWS\MZFAENC.EXE
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [sac] c:\program files\180searchassistant\sac.exe
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEKKO32.EXE
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\snuninst.exe
O4 - HKLM\..\Run: [tvs_b] c:\Program Files\tvs\tvs_ln.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\ddppdd.exe reg_run
O4 - HKLM\..\Run: [PNPCHK] PNPCHK.EXE
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\SYSTEM\ELITESRJ32.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\ETB\POKAPOKA79.EXE
O4 - HKLM\..\RunServices: [azmodem] WINMODEM.101\azexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [Opbp] C:\WINDOWS\Application Data\shas.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [iMesh] C:\PROGRAM FILES\IMESH\IMESH5\IMESH.EXE
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\PROGRAM FILES\SPYWARE CLEANER\SPYWARECLEANER.Exe" /boot
O4 - Startup: ctaa.exe
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)



Thank you so much for even reading this big mess!
If it is even possible, after you post, E-mail me your response (SHORT-MEDIA freezes our computer far too quickly.) The address is ManiacalDefect@aol.com.

Comments

  • TroganTrogan London, UK
    edited December 2005
    Hi, Welcome to Short-Media :)

    There are alot of infections in your HJT log, so we will do things one at a time. I'l do my best to help you :)
    --

    Update Ad-Aware and SpyBot but don't scan yet.

    You may want to print these instructions or save them as you'll have no internet connection once in Safe Mode

    Follow these steps.

    Step 1
    Go to Add/Remove programs in Control Panel and look for the following

    SearchUpgrader
    VBOUNCER
    WildTangent
    PaintingRoom evidence monitor
    Media Access
    tvs

    If found, please uninstall.


    Step 2
    Download CWShredder from here. Check for updates and EXIT


    Step 3
    View hidden files and folders - explained here

    Go into Safe Mode - explained here


    Step 4
    Once in Safe Mode, open CWShredder and click the FIX button. Close ALL browsers first. Run the scan twice

    Step 5
    Check the following in HJT and click 'Fix Checked' - Close ALL open Browsers first

    F1 - win.ini: run=c:\windows\options\cabs\cyxid98.exe hpfsched


    Step 6
    Find and Delete the following:

    c:\windows\options\cabs\cyxid98.exe << this file


    Step 7
    Now run Ad-Aware and SpyBot. Remove everything they find.


    Step 8
    Reboot into Normal Mode and post a new HJT log :)
  • ChemicalIronyChemicalIrony
    edited December 2005
    I followed the directions, but I had a problem with with a CoolWWWSearch.BadZoneMap file not deleting in SpyBot. I did remove several more programs and files, however. Some of the same errors are there, but there is a new one. The new Startup error list is this:
    C:\WINDOWS\SYSTEM\DATADX.DLL
    CFGMGR52
    E6F1873B.DLL
    AUNPS2.DLL
    D0CE0C16B1 (New)

    There is still a lot of freezing. The new HJT log is:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:25:51 AM, on 12/30/05
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\JPLVDLL.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\WINDOWS\START MENU\PROGRAMS\STARTUP\CTAA.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1546 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc?u=1546 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1546 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.otelco.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc?u=1546 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc?u=1546 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.deviantart.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9EC46D79-30B9-D2AF-99D9-E94B5E5A076F} - C:\WINDOWS\Bzpyyozw.dll
    O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
    O2 - BHO: (no name) - {7D118378-175F-FF90-ABDE-5CD81C505BC6} - C:\WINDOWS\Bzpyyozw.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\ONLINE SERVICES\PRODIGY\BIN\PIDUNHK.EXE"
    O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: C:\WINDOWS\TEMP\B.EXE
    O4 - HKLM\..\Run: [e4c886eda7bf] C:\WINDOWS\SYSTEM\ADVAPI32.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [PaintingRoom evidence monitor] "C:\Program Files\PaintingRoom\paintingroom.exe" -trayevidence
    O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
    O4 - HKLM\..\Run: [7G8MTPO8] \Progra~1\7G8MTPO8\7G8MTPO8.exe
    O4 - HKLM\..\Run: [ifstaz] C:\WINDOWS\ifstaz.exe
    O4 - HKLM\..\Run: [JPLVDLL] C:\WINDOWS\JPLVDLL.EXE
    O4 - HKLM\..\Run: [MZFAENC] C:\WINDOWS\MZFAENC.EXE
    O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
    O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
    O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\snuninst.exe
    O4 - HKLM\..\Run: [tvs_b] c:\Program Files\tvs\tvs_ln.exe
    O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
    O4 - HKLM\..\Run: [PNPCHK] PNPCHK.EXE
    O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\SYSTEM\ELITESRJ32.EXE
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\ddppdd.exe reg_run
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\RunServices: [azmodem] WINMODEM.101\azexe.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKCU\..\Run: [Opbp] C:\WINDOWS\Application Data\shas.exe
    O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
    O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
    O4 - HKCU\..\Run: [iMesh] C:\PROGRAM FILES\IMESH\IMESH5\IMESH.EXE
    O4 - HKCU\..\Run: [Spyware Cleaner] "C:\PROGRAM FILES\SPYWARE CLEANER\SPYWARECLEANER.Exe" /boot
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: ctaa.exe
    O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Again, thank you for your time!
  • TroganTrogan London, UK
    edited December 2005
    It is important that you use a software firewall, to prevent unauthorised traffic both out of and into your computer.
    Your log doesn't show a firewall running. If you have disabled it, please re-enable it.
    If you do not have a firewall installed, please download and instal one of these excellent (and free) products: Zone Alarm or Sygate
    It is important to note that you should only have one firewall installed at a time, but you can download both to your Desktop and install each in turn to see which one you prefer.
    --


    You are missing one important program on your computer: An Anti-Virus.
    You need to install an Anti-Virus program as soon as you can and run a complete scan of the computer.
    I suggest one of these (both have relatively small demands on the computer):

    Nod32 : http://www.nod32.com/home/home.htm
    or
    AVG Anti-Virus (Free version available) http://free.grisoft.com/doc/1

    Choose one, install it, and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.
  • ChemicalIronyChemicalIrony
    edited December 2005
    Okay..it took a while, but I finally downloaded a firewall and antivirus. It took a while because of the freezing. After I finished installation, I ran the firewall, AVG, Spybot and AdAware. The AVG prog found a virus and there were a total of 454 files infected (all temp files, etc.), but only 452 files were removed. The Spybot still will not delete CoolWWWSearch.BadZoneMap.
    I still have a freezing problem, although it is not nearly as severe. (I'm on this site, aren't I? =D I've been on here for 30 min.)
    I have a question about some programs. Do you know what jplvdll, aticwd32, and loadqm are? My computer does not have these programs at home, so I'm not sure what they are for. (I'm concerned about loadqm because there were files from QuickMedia on here; qm = QuickMedia? )

    Here is the HJT log now.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:34:50 PM, on 12/31/05
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\JPLVDLL.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGINET.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1546 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc?u=1546 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1546 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.otelco.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc?u=1546 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc?u=1546 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.deviantart.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9EC46D79-30B9-D2AF-99D9-E94B5E5A076F} - C:\WINDOWS\Bzpyyozw.dll
    O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
    O2 - BHO: (no name) - {7D118378-175F-FF90-ABDE-5CD81C505BC6} - C:\WINDOWS\Bzpyyozw.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\ONLINE SERVICES\PRODIGY\BIN\PIDUNHK.EXE"
    O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: C:\WINDOWS\TEMP\B.EXE
    O4 - HKLM\..\Run: [e4c886eda7bf] C:\WINDOWS\SYSTEM\ADVAPI32.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [PaintingRoom evidence monitor] "C:\Program Files\PaintingRoom\paintingroom.exe" -trayevidence
    O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
    O4 - HKLM\..\Run: [7G8MTPO8] \Progra~1\7G8MTPO8\7G8MTPO8.exe
    O4 - HKLM\..\Run: [ifstaz] C:\WINDOWS\ifstaz.exe
    O4 - HKLM\..\Run: [JPLVDLL] C:\WINDOWS\JPLVDLL.EXE
    O4 - HKLM\..\Run: [MZFAENC] C:\WINDOWS\MZFAENC.EXE
    O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
    O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
    O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\snuninst.exe
    O4 - HKLM\..\Run: [tvs_b] c:\Program Files\tvs\tvs_ln.exe
    O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
    O4 - HKLM\..\Run: [PNPCHK] PNPCHK.EXE
    O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\SYSTEM\ELITESRJ32.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [azmodem] WINMODEM.101\azexe.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKCU\..\Run: [Opbp] C:\WINDOWS\Application Data\shas.exe
    O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
    O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
    O4 - HKCU\..\Run: [iMesh] C:\PROGRAM FILES\IMESH\IMESH5\IMESH.EXE
    O4 - HKCU\..\Run: [Spyware Cleaner] "C:\PROGRAM FILES\SPYWARE CLEANER\SPYWARECLEANER.Exe" /boot
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37500.cab
  • TroganTrogan London, UK
    edited January 2006
    Please print out or copy this page to Notepad . Make sure to work through the steps in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fix.
    • Download DSRFIX from HERE onto your Desktop.
      • Unzip and EXTRACT the files to your Desktop.
      • The program creates and names the new folder to house the files.
      • DO NOT RUN IT YET
    • Download Cleanup from Here (Alternate site if the above is not working Go Here)
      • A window will open and choose SAVE, then DESKTOP as the destination.
      • On your Desktop, click on Cleanup40.exe icon.
      • Then, click RUN and place a checkmark beside "I Agree"
      • Then click NEXT followed by START and OK.
      • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
      • Click OK
      • DO NOT RUN IT YET
    • CLOSE INTERNET EXPLORER, if it is open
    • Open the folder dsrfix
      • Double click on the dsrfix batch file( the one with the little gear in it )
      • Once dsrfix has completed it will close on its own
    • Please restart HJT, put a checkmark next to the following items, and with all windows closed except for HJT, click “Fix Checked” and EXIT the program.

      R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1546 (obfuscated)
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc?u=1546 (obfuscated)
      R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1546 (obfuscated)
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc?u=1546 (obfuscated)
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc?u=1546 (obfuscated)
      R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

      O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)

      O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

      O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
      O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
      O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
      O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16

    • Run Cleanup
      • Click on the "Cleanup" button and let it run.
      • Once its done, close the program.
    • REBOOT your system.
    • Please restart HJT and post back a fresh HJT log for review.
  • ChemicalIronyChemicalIrony
    edited January 2006
    Sorry it took so long for me to actually follow the instructions you sent me. I was back at home for a while. I'll only be here for a few more hours, but I really appreciate the improvements done with this computer so far. I've been using it for almost 5 hours now, and it's only froze on me twice! (That's good if you can't tell by my typed-up joy.)

    For all the extra files, such as AIM (which is missing a file) and Yahoo! messenger, I'm going to try to clean them up, too, so I won't have my feelings hurt if you tell me to get rid of files from them. They are just using up space, because my husband doesn't use them anymore.

    I was quite shocked to see how much MB the CleanUp! program freed. I did not find "O4 - HKLM\..\Run: [Dinst} C:\WINDOWS\dinst.exe", so I am assuming I have already removed it with my tinkering about. However, I may have overlooked it. Anyway, here is the new HJT log.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:53:30 AM, on 1/11/06
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\JPLVDLL.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.otelco.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.deviantart.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7D118378-175F-FF90-ABDE-5CD81C505BC6} - C:\WINDOWS\Bzpyyozw.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\ONLINE SERVICES\PRODIGY\BIN\PIDUNHK.EXE"
    O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: C:\WINDOWS\TEMP\B.EXE
    O4 - HKLM\..\Run: [e4c886eda7bf] C:\WINDOWS\SYSTEM\ADVAPI32.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [PaintingRoom evidence monitor] "C:\Program Files\PaintingRoom\paintingroom.exe" -trayevidence
    O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
    O4 - HKLM\..\Run: [7G8MTPO8] \Progra~1\7G8MTPO8\7G8MTPO8.exe
    O4 - HKLM\..\Run: [ifstaz] C:\WINDOWS\ifstaz.exe
    O4 - HKLM\..\Run: [JPLVDLL] C:\WINDOWS\JPLVDLL.EXE
    O4 - HKLM\..\Run: [MZFAENC] C:\WINDOWS\MZFAENC.EXE
    O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
    O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
    O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\snuninst.exe
    O4 - HKLM\..\Run: [tvs_b] c:\Program Files\tvs\tvs_ln.exe
    O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
    O4 - HKLM\..\Run: [PNPCHK] PNPCHK.EXE
    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\SYSTEM\ELITESRJ32.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [azmodem] WINMODEM.101\azexe.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKCU\..\Run: [Opbp] C:\WINDOWS\Application Data\shas.exe
    O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
    O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
    O4 - HKCU\..\Run: [iMesh] C:\PROGRAM FILES\IMESH\IMESH5\IMESH.EXE
    O4 - HKCU\..\Run: [Spyware Cleaner] "C:\PROGRAM FILES\SPYWARE CLEANER\SPYWARECLEANER.Exe" /boot
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37500.cab
  • TroganTrogan London, UK
    edited January 2006
    No problem for the delay.

    There are still alot of junk in the log that needs removing.

    Can you please do the following:


    Go to Add/Remove programs in Control Panel and look for the following

    SearchUpgrader
    Desktop Search
    PaintingRoom evidence monitor
    Media Access
    DR_S


    If found, please uninstall.
    ===

    Please download the free Ad-Aware SE and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

    1) Run Ad-Aware, and click Check for updates now.

    2) Select Configurations (click the Gear wheel at the top) as follows:
    • General Button > Safety & Settings: Check (Green) all three.
    • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
    Click Proceed.
    3) To start the scan, Click > "Scan Now" at left
    • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
    • Select "Search for low-risk threats"
    • Select "Perform full system scan"
    • Click Next
    4) When the scan has completed, select Next.
    • In the Scanning Results window, select the "Critical Objects" tab.
    • Right-click on the screen and choose "Select all objects"
    • Click Next to remove the infections found, and click OK to the prompt.
    • Restart the computer.


    Download Spybot S & D from here.
    1. Download and Install Spybot S&D (if you haven't already), accept the Default Settings
    2. In the Menu Bar at the top of the Spybot window you will see 'Mode'.
      Make certain that 'default mode' has a check mark beside it.
    3. Close ALL windows except Spybot S&D
    4. Click the button to ‘Search for Updates’ then download and install the updates.
    5. Next click the button ‘Check for Problems'
    6. When Spybot is complete, it will be showing ‘RED’ entries, bold 'BLACK' entries and ‘GREEN’ entries in the window
    7. Make certain there is a check mark beside all of the RED entries ONLY.
    8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
    9. REBOOT normally to complete the scan and clear memory.
    ===

    Please run these scans:

    BitDefender Free Online Virus Scan
    http://www.bitdefender.com/scan/licence.php
    Make sure you tick AutoClean under Scan Options.

    Panda ActiveScan
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm
    Make sure you tick Disinfect automatically under Scan Options.

    Save a report and then post them here along with a new HJT log :)
This discussion has been closed.