Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

possible infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

possible infection

Unread postby P;3 » November 18th, 2006, 7:08 pm

sorry to bother you all but I have been unable to use my "M" key without the internet browser minimalising ; I have had a pop-under on here which I got rid of twice by using ctrl;del

I also had the desktop icons darkening when I pressed the m button

I have rebooted and emptied my recycle bin which is where i put the suspicious item

is all now clean please?




Logfile of HijackThis v1.99.1
Scan saved at 23:05:23, on 18/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MAILWASHER\MAILWASHER.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talkgas.net/
F1 - win.ini: run=C:\WINDOWS\hpfsched.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O9 - Extra button: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL
O9 - Extra 'Tools' menuitem: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab


thanks for you time :oops:
P;3
Regular Member
 
Posts: 664
Joined: May 28th, 2005, 5:02 am
Advertisement
Register to Remove

Unread postby random/random » November 18th, 2006, 7:18 pm

Looks clean, it sounds like the windows key has got stuck.

Tap it quite rapidly and hard for a short period-this should free it.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby P;3 » November 18th, 2006, 7:33 pm

thanks for the speedy reply; I think it was/is a bit more concerning than that as, strangely , when I first tried to log in here to put my log on, even putting in my password, none of which part has an" m" in it , got the screan minimalising

I even opened two screans to try and cheet it and fool it into behaving itself, but it minimalised both

I have asked the person whose screan shot I was looking at to seek assistance to ensure his pc is clean

at the moment all my keys seem to be ok ; however, it felt like a keyboard and desk icon take over and I had an icon in the top left of my screan and one in the bottom right of my screan change to a dark colour alternately when I used the m key ; what that means I have no idea except that I coudl not log in nor use the computer :cry:
P;3
Regular Member
 
Posts: 664
Joined: May 28th, 2005, 5:02 am

Unread postby random/random » November 19th, 2006, 7:07 am

Windows key+D will also minimize windows

Windows key+various letter will highlight icons on the desktop beginning with that letter

If you still have the problem, the perhaps it would be a good idea to try a new keyboard.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby P;3 » November 19th, 2006, 10:38 am

random/random wrote:Windows key+D will also minimize windows

Windows key+various letter will highlight icons on the desktop beginning with that letter

If you still have the problem, the perhaps it would be a good idea to try a new keyboard.


actually do not think that that was the issue

only using the m key ( and no other key ) would minimalise any web page open , and also minimalised my OE page when I attempted to write an e mail ; I have thrown all my scans at it and emptied the recycle bin; all seems ok now and I am thinking that my merely doing a ctrl and del on the pop under thing instead of clicking on the x to remove it may have averted more problems from developing


thanks for reviewing the log for me so promptly after I finally managed to beat the page closures and the log in problems ;)
P;3
Regular Member
 
Posts: 664
Joined: May 28th, 2005, 5:02 am

Unread postby NonSuch » November 20th, 2006, 6:34 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby NonSuch » November 22nd, 2006, 4:48 pm

This topic has been reopened at the request of the topic originator.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby P;3 » November 22nd, 2006, 5:04 pm

my appologies at having this thread reopened but the problem with the intrusive window has recurred

I am suspicious that the issue has originated via the amazon site which is the only place I have been other than my normal sites; I even had an e mail linking me to a part of the amazon site to show me my order and even that link gave me the intrusive window

I have scanned with stinger, and trend housecall and it is clean ; spybot shows clean

I hav yet to scan with adaware and a 2

I have also experienced links in my OE e mails NOT linking to the forum pages of PCA

I had wondered whether I need to put a log on here with hidden files etc showing? and am becoming reluctant to use the pc unitl I find the cause of this

any help , advise etc gratefully received please


I have not been to the amazon site to day yet the ad window reappeared oddly when I changed windows on the pca site

help would be appreciated please and thanks
P;3
Regular Member
 
Posts: 664
Joined: May 28th, 2005, 5:02 am

Unread postby random/random » November 22nd, 2006, 6:14 pm

Have you tried a different keyboard?
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby P;3 » November 22nd, 2006, 6:37 pm

I dont think it is anything to do with the keyboard; I have so far run a trend scan ; spybot is clean, as is stinger;

I have noticed an odd address in my scroll down visited web sites of


http://www.bluetack.co.uk

which is one address I do not recognise

I have had my links in my OE refusing to link to the pca site

I have updated and will run a full a2 scan and adaware

I am feeling that something has somehow got attached to me that needs gotten rid of as I am not sure what efffect it is having on my pc;
P;3
Regular Member
 
Posts: 664
Joined: May 28th, 2005, 5:02 am

Unread postby P;3 » November 22nd, 2006, 10:56 pm

having just had a repeat of the offending item and looking for the address of it im my Guard IE

it seems to be

img-pcdn.adtech.de/apps/314/ad123577ost3szIsq442879vI8id2//index-html ( if I have copied that right from the listing )

which my guard ie had as an item waiting for autorirization ;

that time I got it by merely loading pca site unlogged in and merely refreshing the page

I have removed the unwanted "ad" by my ctrl alt del;



it feels as though there is something insipid on here and I am at present surfing very carefully as it feels as though something has gotten attached to me that should not be here


what also concers me a bit is that I had gone to the amazon site to purchase something and did get as far as putting my debit card details into the secure server web site; I have since returned to remove my order



I have yet to do my adaware scan but my A2 scan came up with nothing unexpected

thansk for your continued help with this
P;3
Regular Member
 
Posts: 664
Joined: May 28th, 2005, 5:02 am

Unread postby random/random » November 23rd, 2006, 1:01 pm

http://www.bluetack.co.uk is definitely a safe site

img-pcdn.adtech.de/apps/314/ad123577ost3szIsq442879vI8id2//index-html is just an advert from an ad server.

I am very sure your present problems are not being caused by malware-I would suggest asking at a general computer problems forum such as computertrouble for help.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby P;3 » November 23rd, 2006, 2:44 pm

seems as though someone on the pca site has also been smitten with it
I have now run adaware. spybot, stinger. trend , avg; all come up as clean

so how does one get rid of this critter? which is, to state the obvious , NOT WANTED, nor welcom on my pc :angryfire:

I am having to constantly watch my system tray to see if it has reappeared :twisted:
P;3
Regular Member
 
Posts: 664
Joined: May 28th, 2005, 5:02 am

Unread postby random/random » November 24th, 2006, 5:44 pm

As I have already said this problem does not appear to be caused by malware, and I suggest asking in a forum for general computer problems.

If you wish I can ask for another helper to take this topic.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby P;3 » November 25th, 2006, 4:20 am

random/random wrote:As I have already said this problem does not appear to be caused by malware, and I suggest asking in a forum for general computer problems.

If you wish I can ask for another helper to take this topic.


there seems to be a very persistent item being used on another forum , apparently benign, BUT, in my case , overintrusive and interfeering; if this recurrs I will have to think of other measures to deal with it


If you wish I can ask for another helper to take this topic




as you say, it does not seem to be malaware related as all my scans have run clean; if I encounter further problems or computer disruption that might be infection related I"ll seek advise again

many thanks for volunteering to have a look at this issue with/for me


this can be archived please;
and

thanks for support received random/random; much appreciated
P3




:read2:
P;3
Regular Member
 
Posts: 664
Joined: May 28th, 2005, 5:02 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware