Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Excessive Pop-ups

  1. #11
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    Hi

    1. Download and unzip Avenger to your desktop. >
    2. Double click the Avenger.exe file
    3. Click OK
    4. Select Input script manually
    5. Click the Magnifying Glass icon
    6. Highlight the text in the code box below, & copy and paste it into the View/edit script box

    Code:
    Files to delete:
    C:\921_135b.exe
    C:\rorjxk.exe
    C:\WINNT\ms05691299766.exe
    C:\WINNT\dtgqj.dll
    C:\WINNT\srvitiynjg.exe
    C:\WINNT\ZGVmYXVsdA\t3pAsrpPxE.vbs 
    c:\winnt\system32\_mzu_stonedrv8.exe
    C:\WINNT\system32\SpoonUninstall.exe 
    C:\WINNT\system32\wnscptr.exe
    C:\WINNT\system32\winpfg32.sys
    C:\WINNT\system32\hfj2dfc3.sys
    C:\WINNT\system32drei.exe
    C:\WINNT\system32\lkyaekrrr.exe
    C:\WINNT\system32\drei.exe
    C:\WINNT\system32\lqe2z.dll
    C:\WINNT\system32\aybry.dll
    C:\WINNT\system32uaw5wah6a.exe
    C:\WINNT\system32\MZU_DRV.sys 
    
    Folders to delete:
    C:\Program Files\PSDream
    C:\Program Files\Common Files\uiwr
    7. Click Done
    8. Click the Traffic Light icon to start the program.
    9. click Yes to execute the script and click Yes when asked to reboot your computer
    10. Post the contents of the file C:\Avenger.txt


    After the reboot...

    find and delete the contents of the C:\WINNT\Temp folder (do NOT delete the folder itself)

    run hijackthis & post a new log .....

    Let me know if your problem is resolved ?

    Dont forget to Post the contents of the file C:\Avenger.txt

    steam
    Last edited by tashi; 2006-11-07 at 20:54. Reason: tool link removed now
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  2. #12
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default

    Here is the Avenger log-

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\mxwcfltw

    *******************

    Script file located at: \??\C:\WINNT\wkswfspn.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\921_135b.exe deleted successfully.


    File C:\rorjxk.exe not found!
    Deletion of file C:\rorjxk.exe failed!

    Could not process line:
    C:\rorjxk.exe
    Status: 0xc0000034



    File C:\WINNT\ms05691299766.exe not found!
    Deletion of file C:\WINNT\ms05691299766.exe failed!

    Could not process line:
    C:\WINNT\ms05691299766.exe
    Status: 0xc0000034

    File C:\WINNT\dtgqj.dll deleted successfully.
    File C:\WINNT\srvitiynjg.exe deleted successfully.
    File C:\WINNT\ZGVmYXVsdA\t3pAsrpPxE.vbs deleted successfully.


    File c:\winnt\system32\_mzu_stonedrv8.exe not found!
    Deletion of file c:\winnt\system32\_mzu_stonedrv8.exe failed!

    Could not process line:
    c:\winnt\system32\_mzu_stonedrv8.exe
    Status: 0xc0000034

    File C:\WINNT\system32\SpoonUninstall.exe deleted successfully.
    File C:\WINNT\system32\wnscptr.exe deleted successfully.
    File C:\WINNT\system32\winpfg32.sys deleted successfully.
    File C:\WINNT\system32\hfj2dfc3.sys deleted successfully.
    File C:\WINNT\system32drei.exe deleted successfully.
    File C:\WINNT\system32\lkyaekrrr.exe deleted successfully.
    File C:\WINNT\system32\drei.exe deleted successfully.
    File C:\WINNT\system32\lqe2z.dll deleted successfully.
    File C:\WINNT\system32\aybry.dll deleted successfully.
    File C:\WINNT\system32uaw5wah6a.exe deleted successfully.


    File C:\WINNT\system32\MZU_DRV.sys not found!
    Deletion of file C:\WINNT\system32\MZU_DRV.sys failed!

    Could not process line:
    C:\WINNT\system32\MZU_DRV.sys
    Status: 0xc0000034

    Folder C:\Program Files\PSDream deleted successfully.
    Folder C:\Program Files\Common Files\uiwr deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    My problem seems to be cured, I have not experienced any pop-ups in either Mozilla or Internet Explore. And I must say, thank you very much for your help, I am very grateful!

  3. #13
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default

    And a new HJT log-

    Logfile of HijackThis v1.99.1
    Scan saved at 5:42:20 PM, on 10/31/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\PhatNoise Media Manager\PNAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINNT\system32\wuauclt.exe
    E:\Program Files\Media Center\Media Jukebox.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152303970296
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe

  4. #14
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    You're very welcome

    Your log's clean now...

    Happy surfing

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •