1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help !! bi.exe, myway etc,etc

Discussion in 'Windows XP' started by motivated, Apr 19, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. motivated

    motivated Thread Starter

    Joined:
    Feb 7, 2004
    Messages:
    183
    I'm having some problems here !

    I've all these connections going on, so I ran Spybot-s&d and found a few things but nothing more than usual, so I downloaded Ad-Ware and that found a few more (97).

    Problem is every time after I visit a site if I run Ad-ware it finds a tracking cookie. I'm not sure if that has anything to do with just finding a programme in my root directory called bi.exe and a folder called My Way.

    A dear friend (or was) downloaded a programme and installed it called Direct Connect which if I go: start/settings/panel control/add remove programmes doesn't remove it so I just put it in the trash for now.

    I dont know what all the connections are in task manager so I'll just post everything from Ad-Ware and hope some-one can help from there. Please if you can help, make your instructions simple, I have never worked with my registry or Regedit.

    Thanks in advance :)


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Sunday, 18 April 2004 10:36:34 p.m.
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R296 16.04.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file


    18-04-2004 10:36:35 p.m. - Scan started. (Custom mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 17-04-2004 9:50:24 p.m.
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 17-04-2004 9:50:25 p.m.
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 17-04-2004 9:50:25 p.m.
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft
    Created on : 18/08/2001
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 18/08/2001

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 17-04-2004 9:50:25 p.m.
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 18/08/2001
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 29/08/2002 11:41:26 a.m.

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 17-04-2004 9:50:26 p.m.
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 18/08/2001
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 18/08/2001

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 17-04-2004 9:50:26 p.m.
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 18/08/2001
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 18/08/2001

    #:7 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 17-04-2004 9:50:27 p.m.
    BasePriority : Normal
    FileSize : 980 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft
    Created on : 27/12/2002 9:46:48 a.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 29/08/2002 11:41:24 a.m.

    #:8 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 17-04-2004 9:50:28 p.m.
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 18/08/2001
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 18/08/2001

    #:9 [avgcc32.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVG6\
    ThreadCreationTime : 17-04-2004 9:50:29 p.m.
    BasePriority : Normal
    FileSize : 396 KB
    FileVersion : 6, 0, 0, 427
    ProductVersion : 6, 0, 0, 0
    Copyright : Copyright
    CompanyName : GRISOFT s.r.o.
    FileDescription : AVG Control Center
    InternalName : AvgCC32
    OriginalFilename : AvgCC32.EXE
    ProductName : AVG Anti-Virus System
    Created on : 25/12/2002 11:09:16 p.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 12/02/2003 9:55:34 p.m.

    #:10 [msmsgs.exe]
    FilePath : C:\Program Files\Messenger\
    ThreadCreationTime : 17-04-2004 9:50:29 p.m.
    BasePriority : Normal
    FileSize : 1476 KB
    FileVersion : 4.7.0041
    ProductVersion : Version 4.7
    Copyright : Copyright (c) Microsoft Corporation 1997-2001
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msmsgs
    OriginalFilename : msmsgs.exe
    ProductName : Messenger
    Created on : 27/12/2002 10:14:46 a.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 29/08/2002 11:41:26 a.m.

    #:11 [wzqkpick.exe]
    FilePath : C:\Program Files\WinZip\
    ThreadCreationTime : 17-04-2004 9:50:29 p.m.
    BasePriority : Normal
    FileSize : 104 KB
    FileVersion : 1.0 (32-bit)
    ProductVersion : 8.1 (4319)
    Copyright : Copyright (c) WinZip Computing, Inc. 1991-2001 - All Rights Reserved
    CompanyName : WinZip Computing, Inc.
    FileDescription : WinZip Executable
    InternalName : WZQKPICK.EXE
    OriginalFilename : WZQKPICK.EXE
    ProductName : WinZip
    Created on : 26/12/2002 4:19:28 a.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 21/11/2002 8:10:00 p.m.

    #:12 [apache.exe]
    FilePath : C:\Program Files\Apache Group\Apache\
    ThreadCreationTime : 17-04-2004 9:50:34 p.m.
    BasePriority : Normal
    FileSize : 20 KB
    Created on : 17/06/2002 11:44:42 p.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 17/06/2002 11:44:42 p.m.

    #:13 [avgserv.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVG6\
    ThreadCreationTime : 17-04-2004 9:50:34 p.m.
    BasePriority : Normal
    FileSize : 20 KB
    FileVersion : 6.0.1.9
    ProductVersion : 6.0.1.9
    Copyright : Copyright (c) GRISOFT(c) SOFTWARE 1998-2001
    CompanyName : GRISOFT(c) SOFTWARE s.r.o
    FileDescription : AvgServ - displays notification message
    InternalName : AvgServ
    OriginalFilename : AvgServ
    ProductName : AVG6
    Created on : 25/12/2002 11:09:16 p.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 16/12/2002 6:00:00 p.m.

    #:14 [mysqld-nt.exe]
    FilePath : C:\mysql\bin\
    ThreadCreationTime : 17-04-2004 9:50:34 p.m.
    BasePriority : Normal
    FileSize : 1836 KB
    Created on : 31/12/2002 6:17:19 a.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 11/12/2002 12:04:34 a.m.

    #:15 [apache.exe]
    FilePath : C:\Program Files\Apache Group\Apache\
    ThreadCreationTime : 17-04-2004 9:50:35 p.m.
    BasePriority : Normal
    FileSize : 20 KB
    Created on : 17/06/2002 11:44:42 p.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 17/06/2002 11:44:42 p.m.

    #:16 [nvsvc32.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 17-04-2004 9:50:35 p.m.
    BasePriority : Normal
    FileSize : 60 KB
    FileVersion : 6.13.10.3100
    ProductVersion : 6.13.10.3100
    Copyright : (c) NVIDIA Corporation. All rights reserved.
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 31.00
    InternalName : NVSVC
    OriginalFilename : nvsvc32.exe
    ProductName : NVIDIA Driver Helper Service, Version 31.00
    Created on : 23/12/2002 11:59:11 p.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 30/07/2002 11:50:00 a.m.

    #:17 [outpost.exe]
    FilePath : C:\PROGRA~1\AGNITUM\OUTPOS~1.0\
    ThreadCreationTime : 17-04-2004 9:50:35 p.m.
    BasePriority : Normal
    FileSize : 77 KB
    FileVersion : 1.0.228
    ProductVersion : 1.0
    Copyright : (C) Agnitum, 1999-2001
    CompanyName : Agnitum
    FileDescription : Outpost Firewall main module
    InternalName : Outpost Firewall
    OriginalFilename : outpost.exe
    ProductName : Outpost Firewall
    Created on : 25/12/2002 11:24:07 p.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 20/02/2002 1:50:46 a.m.

    #:18 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 17-04-2004 9:50:39 p.m.
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 18/08/2001
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 18/08/2001

    #:19 [mailwasher.exe]
    FilePath : C:\Program Files\MailWasher\
    ThreadCreationTime : 18-04-2004 8:39:08 a.m.
    BasePriority : Normal
    FileSize : 1956 KB
    FileVersion : 1.32.8.1231
    ProductVersion : 1.0.0.0
    Copyright : 2001
    CompanyName : eCOSM
    FileDescription : MailWasher
    InternalName : MailWasher
    OriginalFilename : MailWasher.exe
    ProductName : MailWasher
    Created on : 26/12/2002 1:33:44 a.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 3/04/2002 2:31:26 a.m.

    #:20 [iexplore.exe]
    FilePath : C:\Program Files\Internet Explorer\
    ThreadCreationTime : 18-04-2004 8:41:25 a.m.
    BasePriority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Microsoft
    Created on : 27/12/2002 9:50:20 a.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 29/08/2002 11:41:26 a.m.

    #:21 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 18-04-2004 10:28:51 a.m.
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 17/04/2004 11:18:45 a.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 12/07/2003 10:00:20 a.m.

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    New.Net Object recognized!
    Type : File
    Data : ndnuninstall4_88.exe
    Object : C:\WINDOWS\
    FileSize : 43 KB
    Created on : 2/06/2003 4:37:34 p.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 2/06/2003 4:37:36 p.m.



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Object : C:\Documents and Settings\jas\Local Settings\Temp\Cookies\

    Created on : 15/04/2004 7:19:00 p.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 15/04/2004 7:19:02 p.m.



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Object : C:\Documents and Settings\jas\Local Settings\Temp\Cookies\

    Created on : 15/04/2004 9:03:43 p.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 15/04/2004 9:03:46 p.m.



    Cydoor Object recognized!
    Type : File
    Data : cd_clint.dll
    Object : C:\Documents and Settings\jas\Local Settings\Temp\
    FileSize : 151 KB
    FileVersion : 3, 2, 1, 0
    ProductVersion : 3, 2, 1, 0
    Copyright : Copyright (C) Cydoor Technologies, Inc. 1999-2001
    CompanyName : Cydoor Technologies, Inc.
    FileDescription : Cydoor Technologies ad-system
    InternalName : CD_Clint.dll
    OriginalFilename : CD_Clint.dll
    ProductName : Cydoor Technologies ad-system
    Created on : 7/06/2003 6:57:30 a.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 14/01/2002 1:57:00 a.m.



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Object : C:\Documents and Settings\jas\Cookies\

    Created on : 18/04/2004 8:41:36 a.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 18/04/2004 8:41:38 a.m.



    Disk scan result for C:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 5


    Deep scanning and examining files (D:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Disk scan result for D:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 5

    Possible Browser Hijack attempt Object recognized!
    Type : File
    Data : heritage.url
    Object : C:\Documents and Settings\jas\Favorites\Jas\
    FileSize : 1 KB
    Created on : 5/03/2004 6:24:03 a.m.
    Last accessed : 17/04/2004 12:00:00 p.m.
    Last modified : 5/03/2004 6:24:08 a.m.




    Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    1 entries scanned.
    New objects :0
    Objects found so far: 6




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 6


    10:44:53 p.m. Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:08:18:126
    Objects scanned :180012
    Objects identified :6
    Objects ignored :0
    New objects :6
     
  2. Lobos

    Lobos

    Joined:
    Mar 22, 2004
    Messages:
    248
    Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. Save it to it’s own folder (not temporary files or the desktop).
    Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.

    DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.
     
  3. motivated

    motivated Thread Starter

    Joined:
    Feb 7, 2004
    Messages:
    183
    Thanks for the reply

    Here we go:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:48:02 p.m., on 19/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Apache Group\Apache\Apache.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\Program Files\Apache Group\Apache\Apache.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MailWasher\MailWasher.exe
    C:\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.athleticstockexchange.com/exchange.html?sort=sport
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37617.0124537037
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{05F6FCE2-2B56-4766-8CF3-56B0B66AACC8}: NameServer = 203.96.152.12,203.96.152.4
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C24426A-7FA7-4730-896D-C5A3D169E8F2}: NameServer = 203.96.152.12,203.96.152.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{05F6FCE2-2B56-4766-8CF3-56B0B66AACC8}: NameServer = 203.96.152.12,203.96.152.4
     
  4. motivated

    motivated Thread Starter

    Joined:
    Feb 7, 2004
    Messages:
    183
    Would also appreciate knowing how to delete windows messenger permanently.

    Thanks again
     
  5. motivated

    motivated Thread Starter

    Joined:
    Feb 7, 2004
    Messages:
    183
    I forgot to say earlier:

    I went into System Volume Information folder /system_restore as my anti-virus was telling me I had something like 27gig on my hd when I knew I should only have about 10gig. There were several folders over 1gig and 1 @ 6gig and 1 @ 4gig, most were 27.8 mb.

    I removed all the folders with the exception of a restore point I knew (thought) to be good (one I created) and left one other restore point. When I went back later they had gone.

    Any ideas ??
     
  6. motivated

    motivated Thread Starter

    Joined:
    Feb 7, 2004
    Messages:
    183
  7. Lobos

    Lobos

    Joined:
    Mar 22, 2004
    Messages:
    248
    ok run hjt put a check next to these close all browsers and hit fix

    R3 - Default URLSearchHook is missing



    now for windows messenger

    Make sure your Internet Explorer, Outlook Express, Windows Messenger and other programs are closed before doing this

    1) Click on Start, Run
    2) Type the following (or cut and paste it) into the Run line

    RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

    3) Click on OK


    now for the windows messener service

    1. Click Start->Settings ->Control Panel
    2. Click Performance and Maintenance
    3. Click Administrative Tools
    4. Double click Services Scroll
    5. down and highlight "Messenger"
    6. Right-click the highlighted line and choose Properties.
    7. Click the STOP button.
    8. Select Disable or Manual in the Startup Type scroll bar
    9. Click OK
     
  8. motivated

    motivated Thread Starter

    Joined:
    Feb 7, 2004
    Messages:
    183
    Thanks for your reply Lobos, much appreciated.

    You say: ok run hjt put a check next to these close all browsers and hit fix

    I note you use "these", then you listed: R3 - Default URLSearchHook is missing

    One Item ???

    I deleted it anyway, but I still have something, but not as much (I think). Anyway Ad-Ware is still finding tracking cookies, so heres my NEW log from HijackThis:

    Logfile of HijackThis v1.97.7
    Scan saved at 8:40:36 p.m., on 21/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Apache Group\Apache\Apache.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\Program Files\Apache Group\Apache\Apache.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MailWasher\MailWasher.exe
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.athleticstockexchange.com/exchange.html?sort=sport
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37617.0124537037
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{05F6FCE2-2B56-4766-8CF3-56B0B66AACC8}: NameServer = 203.96.152.12,203.96.152.4
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C24426A-7FA7-4730-896D-C5A3D169E8F2}: NameServer = 203.96.152.12,203.96.152.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{05F6FCE2-2B56-4766-8CF3-56B0B66AACC8}: NameServer = 203.96.152.12,203.96.152.4
     
  9. motivated

    motivated Thread Starter

    Joined:
    Feb 7, 2004
    Messages:
    183
    bump again
     
  10. motivated

    motivated Thread Starter

    Joined:
    Feb 7, 2004
    Messages:
    183
    With every scan using Ad-Ware or Spybot I find these tracking cookies from Commission Junction.

    If I clean them out, as soon as I visit another site they are back.

    Any help ??
     
  11. Lobos

    Lobos

    Joined:
    Mar 22, 2004
    Messages:
    248
  12. allen2680

    allen2680

    Joined:
    Apr 22, 2004
    Messages:
    1
    sounds like you have the same problem that i had/have. I think what you need to do is after you run ad-aware, find the exact location of each and every file no matter if you need to print it out or write it down. After you have this info, you need to delete all files and registry keys associated with the files. DO NOT delete file from the registry if you do not know what they are.
     
  13. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,947
    First Name:
    James
    The cookies reminds the site of your preference, username and password (ie this site) that needs to be remembered etc. These cookies will always be there if you go to a site that uses cookies.

    What exactly is the problem? Bi.exe is a problem, but it should have been in the logfile :confused:

    Regarding the Windows Messenger, do you mean MSN Messenger or the annoying Windows Messenging Services that makes ad pop-ups?

    If the latter, it's found in Control Panel > Administrative Tools > Services.

    Scroll down to Messenger and right click > properties. Select Disabled for Startup type and you can also press Stop.. Apply and those messages will be stopped.
     
  14. Lobos

    Lobos

    Joined:
    Mar 22, 2004
    Messages:
    248
    in post 7

    will tell you how to get rid of windows messenger the chat service ( not msn messenger)
    and messenger services with the pop-ups

    the first one is windows messenger the chat service

    and the second one is the pop-ups

    and tidas is correct bi.exe is not a good file delete if you have it
    and the my way folder id say delete it
     
  15. motivated

    motivated Thread Starter

    Joined:
    Feb 7, 2004
    Messages:
    183
    Thanks guys.

    I removed the pop-ups long ago, it was the chat service I wanted to remove (done, thanks Lobos)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221824

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice