« previous next »
Pages: [1]

Author Topic: POPUP J?VAW.EXE - HJT LOG ATTACHED  (Read 2752 times)

Offline rudy33

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
POPUP J?VAW.EXE - HJT LOG ATTACHED
« on: May 07, 2005, 11:46:42 AM »
I have a firewall that alerts me anytime a program is trying to access the internet.  J?VAW.EXE will not stop so I probably should delet the program that its associated with.  Can you please help me.  I also have issues when starting window "disk not found" but do not know what disk - not sure if its associated with sound not working all the time.  So I probably have many issues.  I am running windows xp on Medion P4 with 2.4 mhz.

any guidance will be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:16:17 PM, on 05/07/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLServiceHost.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\DOCUMENTS AND SETTINGS\RUTH MCGRATH\DESKTOP\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {EBE851B3-E029-C985-7231-C0A9499E5BE6} - C:\WINDOWS\system32\tckzl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [C40yJ.exe] C:\documents and settings\olivia and becky\local settings\temp\C40yJ.exe
O4 - HKLM\..\Run: [4JATK3@4#AJHRM] C:\WINDOWS\system32\Voqv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102125364\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.37/aces...s-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.27/cana...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.1.27/chec...s-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/soli...2-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.27/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.27/harv...t-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.28/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.27/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.0.30/lott...o-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.34/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.30/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.2.25/popf...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.0.30/popp...2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.1.29/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.1.27/turb...1-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/worl...s-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - http://eformrs.com/FormOpen/RSFormsTV.cab
O16 - DPF: {0306F7BC-8EFB-4280-8512-461037071EBA} - http://undergroundlair.net/ph/pup.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - http://eformrs.com/FormOpen/Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {2EC07293-4DF5-11D5-992B-0001020FC1FC} (RSCompConvClient Class) - http://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - http://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://gosystemrs.fasttax.com/OCX/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/212fe581768d03...ip/RdxIE601.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - http://gosystemrs.fasttax.com/OCX/WebAttachments.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - http://gosystemrs.fasttax.com/OCX/webnotifier.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - http://gosystemrs.fasttax.com/OCX/Downloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://gosystemrs.fasttax.com/OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - http://gosystemrs.fasttax.com/OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - http://gosystemrs.fasttax.com/OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - http://eformrs.com/FormOpen/RSFormsDP.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://gosystemrs.fasttax.com/OCX/GRSClient2003/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) - http://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://gosystemrs.fasttax.com/OCX/vsflex7.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.Email Removed/onlinegames/bejewele...aploader_v7.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EEF6D730-3A44-11D4-B510-0050DA74F688} - http://eformrs.com/RSFConvert.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...453/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #1 on: May 07, 2005, 01:55:43 PM »
HI Rudy
You have a few problems with your log, but I want to check on one item
This entry in your log
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1

Is related too a screensaver you installed, the free version comes bundled with Ad-support software from GAIN
SPYWARE
If it's the paid version, supposedly it is OK

Can you open Hijackthis>>Open Misc tools Section>>Open Uninstall Manager>>
Click the SAVE LIST button
Save the list and post it back here
Then we'll get some fixes done on your computer to make it happier  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

EDIT>>Could you also
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad
In Notepad click FILE>>SAVE AS
Name the file as Export.bat

Save this file on the desktop
Double click on Export.bat, a text file will open, can you copy and paste that back here, thanks
Code: [Select]
dir C:\WINDOWS\System32\j?vaw.exe /a h > files.txt
notepad files.txt
« Last Edit: May 07, 2005, 02:01:35 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rudy33

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #2 on: May 07, 2005, 02:19:08 PM »
Here is the list from uninstall file you requested..

Adobe Acrobat 5.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
ArcSoft Panorama Maker 3
ArcSoft PhotoImpression
Butterfly Oasis Screensaver
CardRd81
CCHelp
CCScore
CR2
DivX Codec
DivX Player
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
eSyndicate
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
hp instant support
hp officejet d series
HP Photo Printing Software
HP Share-to-Web
Information about your PC
Java 2 Runtime Environment Standard Edition v1.3.1_04
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.0 (Symantec Corporation)
Lords of the Realm III
Macromedia Shockwave Player
McAfee Personal Firewall Express
McAfee SecurityCenter
McAfee VirusScan
Medion Flash XL
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office 97, Professional Edition
Microsoft Picture It! Photo 7.0
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works Suite Add-in for Microsoft Word
midADdle
Mozilla Firefox (1.0.2)
MUSICMATCH Jukebox
NavHelper
Nero - Burning Rom
Network Play System (Patching)
Notifier
NVIDIA Display Driver
NVIDIA Drivers
OTtBP
OTtBPSDK
PCDLNCH
pdfFactory
Power Cinema
PowerDVD
PowerProducer
QuickTime
RealPlayer
Realtek AC'97 Audio
RIA PDF Output Driver
RIA-Speedlink
RS 2002 Client
RS 2003 Client
Secure Delivery
SEP
SFR
SFR2
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
Spybot - Search & Destroy 1.3
Super nude patch 5
TaxCut 2003
TaxCut 2004
The Sims Hot Date Object Organizer 1.0
The Sims Menu Editor
The Sims Unleashed
The super nude patch 4.0
VCAMCEN
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
VPRINTOL
WildArcade
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB885932
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Messenger Explorer Ba
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #3 on: May 07, 2005, 03:35:55 PM »
Access your Add/Remove programs via Control panel and remove
eSyndicate
midADdle
NavHelper
SEP

As mentioned, if you downloaded the free screensaver
Butterfly Oasis Screensaver
I would remove it also
as it's ad-supported software and it's  affiliates are not ones you want on your computer
If it's the paid version, it appears to be ad-free

Viewpoints Manager was probably installed with AOL, although this is optional to remove
You should enter Windows Control Panel and if Viewpoint icon is found open it and disable the Updater

Restart your computer afterwards

Back in Windows

Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Run another scan with Hijackthis and post a fresh log afterwards

What happened to the text file from Export.bat????
Can you post it please
« Last Edit: May 07, 2005, 03:39:16 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rudy33

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #4 on: May 07, 2005, 09:02:29 PM »
Here is the 2nd log file after deleting and scanning as you instructed me to do.  I apologize for not seeing your request for Export.bat.  I am not sure what or where the CODE section that you want me to paste from.

Could not uninstall MIDADDLE - Unable to locate installation log file.

Still getting the errors when windows first opens "no disk found"  about three or four -I just click continue and they eventually go awy.

Thank you so much for your help.

Logfile of HijackThis v1.99.1
Scan saved at 9:52:12 PM, on 05/07/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Ruth McGrath\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [C40yJ.exe] C:\documents and settings\olivia and becky\local settings\temp\C40yJ.exe
O4 - HKLM\..\Run: [4JATK3@4#AJHRM] C:\WINDOWS\system32\Voqv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102125364\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.37/aces...s-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.27/cana...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.1.27/chec...s-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/soli...2-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.27/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.27/harv...t-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.28/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.27/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.0.30/lott...o-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.34/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.30/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.2.25/popf...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.0.30/popp...2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.1.29/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.1.27/turb...1-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/worl...s-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - http://eformrs.com/FormOpen/RSFormsTV.cab
O16 - DPF: {0306F7BC-8EFB-4280-8512-461037071EBA} - http://undergroundlair.net/ph/pup.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - http://eformrs.com/FormOpen/Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {2EC07293-4DF5-11D5-992B-0001020FC1FC} (RSCompConvClient Class) - http://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - http://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://gosystemrs.fasttax.com/OCX/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/212fe581768d03...ip/RdxIE601.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - http://gosystemrs.fasttax.com/OCX/WebAttachments.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - http://gosystemrs.fasttax.com/OCX/webnotifier.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - http://gosystemrs.fasttax.com/OCX/Downloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://gosystemrs.fasttax.com/OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - http://gosystemrs.fasttax.com/OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - http://gosystemrs.fasttax.com/OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - http://eformrs.com/FormOpen/RSFormsDP.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://gosystemrs.fasttax.com/OCX/GRSClient2003/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) - http://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://gosystemrs.fasttax.com/OCX/vsflex7.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.Email Removed/onlinegames/bejewele...aploader_v7.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EEF6D730-3A44-11D4-B510-0050DA74F688} - http://eformrs.com/RSFConvert.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...453/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #5 on: May 08, 2005, 04:46:22 PM »
Let's do the following

Download and save to desktop Peperfix.exe
We'll need this later

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup
Give the link time to load or try it twice, it may be busy
Install for now, don't run a scan yet

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, after the single post beep, or use the link
I supplied for a more detailed explanation

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [C40yJ.exe] C:\documents and settings\olivia and becky\local settings\temp\C40yJ.exe
O4 - HKLM\..\Run: [4JATK3@4#AJHRM] C:\WINDOWS\system32\Voqv.exe <--the file name voqv.exe may change, but the 4JATK#@---- should appear the same

O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1 <-fix this one if you remove the butterfly screensaver from add/remove programs
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/212fe581768d03...ip/RdxIE601.cab

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Decline to Log off

Open PEPERFIX.exe and click the Find and fix
Let it scan the computer

Restart the computer back to Normal mode

Post back a fresh Hijackthis log afterwards
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rudy33

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #6 on: May 09, 2005, 06:42:02 PM »
oK - done what you asked and here is the export.bat

Volume in drive C is LOCAL DISC
 Volume Serial Number is F843-4E75

 Directory of C:\WINDOWS\System32

05/17/02  06:04 PM            20,555 javaw.exe
03/17/05  10:08 AM           417,792 j?vaw.exe
               2 File(s)        438,347 bytes

 Directory of C:\Documents and Settings\Ruth McGrath\Desktop


Here is new Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 7:29:49 PM, on 05/09/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLHOS~1.EXE
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Documents and Settings\Ruth McGrath\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102125364\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.37/aces...s-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.27/cana...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.1.27/chec...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.41/chec...g-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/soli...2-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.27/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.27/harv...t-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.28/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.27/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.0.30/lott...o-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.34/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.30/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.2.25/popf...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.0.30/popp...2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.1.29/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.1.27/turb...1-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/worl...s-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - http://eformrs.com/FormOpen/RSFormsTV.cab
O16 - DPF: {0306F7BC-8EFB-4280-8512-461037071EBA} - http://undergroundlair.net/ph/pup.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - http://eformrs.com/FormOpen/Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {2EC07293-4DF5-11D5-992B-0001020FC1FC} (RSCompConvClient Class) - http://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - http://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://gosystemrs.fasttax.com/OCX/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - http://gosystemrs.fasttax.com/OCX/WebAttachments.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - http://gosystemrs.fasttax.com/OCX/webnotifier.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - http://gosystemrs.fasttax.com/OCX/Downloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://gosystemrs.fasttax.com/OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - http://gosystemrs.fasttax.com/OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - http://gosystemrs.fasttax.com/OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - http://eformrs.com/FormOpen/RSFormsDP.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://gosystemrs.fasttax.com/OCX/GRSClient2003/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) - http://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://gosystemrs.fasttax.com/OCX/vsflex7.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.Email Removed/onlinegames/bejewele...aploader_v7.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EEF6D730-3A44-11D4-B510-0050DA74F688} - http://eformrs.com/RSFConvert.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...453/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #7 on: May 10, 2005, 12:28:06 AM »
Print this out or save these instructions too  a Notepad file

Restart back to Safe mode

Navigate to this folder
C:\WINDOWS\System32
Open the System32 folder

We're looking for a bad file
05/17/02 06:04 PM 20,555 javaw.exe <-good guy
03/17/05 10:08 AM 417,792 j?vaw.exe <-bad guy

They both may have the same name as javaw.exe, the ? mark will not show
and they will have different icons

You just want to delete the bad guy
Right click on the file and left click properties
The bad javaw.exe will have a date of 03/17/05
and an approximate size of 408kb
Delete only that one

Restart back to Normal mode and post back a fresh hijackthis log
Also run Export.bat again and post the log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rudy33

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #8 on: May 10, 2005, 04:56:54 AM »
Good morning..
\
I've restarted in safemode and looked for the j?vaw.exe file and could not find - I even looked for an exe file with a date of 3/17/05 - then an .exe with 408kb that started with a "j".  Could not locate the "bad guy".  Is there another way ????

I feel like sherlock - although your the brains...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #9 on: May 10, 2005, 07:24:11 PM »
Remember, just because it has an .exe extension, the Icon may not look the same as other .exe files

In the system32 folder, try click on VIEW it the top toolbar
then select Details>>
On the right arrange by size and look for the approximate file size

When you find the one with the approximate size and date, you probably found the bad guy
Send it to the recycle bin for now
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rudy33

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #10 on: May 12, 2005, 05:22:28 AM »
I have looked through my system 32 folder for any file that is approx in size or date and can not find anything.   I am still getting the firewall flag for J?vaw.exe so I know it has to be there somewhere but I can't locate anything that is an .exe file with 400 - 480kb with a date remotely close to 3/17/02.  I am very frustrated.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #11 on: May 12, 2005, 08:58:26 AM »
Just double checking, but could you ensure you have Windows set to Show hidden files and folders and take another look
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

If you still can't find the file, as a last resort
I've used the uninstaller from Purityscan on a couple occasions
That's  what that file is probably related too

Could you download and save to desktop
PurityScan uninstaller

Double click on it and follow the prompts

Restart the computer

Post back a fresh Hijackthis log
Could you also Run Export.bat again and post the log it produces
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rudy33

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #12 on: May 12, 2005, 08:20:59 PM »
I think I found it - apparently it was hidden.

export.bat results

Volume in drive C is LOCAL DISC
 Volume Serial Number is F843-4E75

 Directory of C:\WINDOWS\System32

05/17/02  06:04 PM            20,555 javaw.exe
               1 File(s)         20,555 bytes

 Directory of C:\Documents and Settings\Ruth McGrath\Desktop


Results of hijack this

Logfile of HijackThis v1.99.1
Scan saved at 9:14:32 PM, on 05/12/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLServiceHost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Documents and Settings\Ruth McGrath\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102125364\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.37/aces...s-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.27/cana...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.1.27/chec...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.41/chec...g-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/soli...2-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.27/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.27/harv...t-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.28/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.27/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.0.30/lott...o-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.34/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.30/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.2.25/popf...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.0.30/popp...2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.1.29/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.1.27/turb...1-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/worl...s-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - http://eformrs.com/FormOpen/RSFormsTV.cab
O16 - DPF: {0306F7BC-8EFB-4280-8512-461037071EBA} - http://undergroundlair.net/ph/pup.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - http://eformrs.com/FormOpen/Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {2EC07293-4DF5-11D5-992B-0001020FC1FC} (RSCompConvClient Class) - http://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - http://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://gosystemrs.fasttax.com/OCX/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - http://gosystemrs.fasttax.com/OCX/WebAttachments.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - http://gosystemrs.fasttax.com/OCX/webnotifier.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - http://gosystemrs.fasttax.com/OCX/Downloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://gosystemrs.fasttax.com/OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - http://gosystemrs.fasttax.com/OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - http://gosystemrs.fasttax.com/OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - http://eformrs.com/FormOpen/RSFormsDP.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://gosystemrs.fasttax.com/OCX/GRSClient2003/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) - http://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://gosystemrs.fasttax.com/OCX/vsflex7.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.Email Removed/onlinegames/bejewele...aploader_v7.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EEF6D730-3A44-11D4-B510-0050DA74F688} - http://eformrs.com/RSFConvert.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...453/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #13 on: May 12, 2005, 10:16:07 PM »
Do another scan with Hijackthis and put a check next to these entries:

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O16 - DPF: {0306F7BC-8EFB-4280-8512-461037071EBA} - http://undergroundlair.net/ph/pup.CAB
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

Optionally, I would fix the next ones too, both considered resource hogs and not needed on startup
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Quote
File:   Findfast.exe

Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Quote
File:   Osa.exe Osa9.exe

Application which launches common MS Office components to help speed up the launch of Office programs.   It's somewhat of a resource hog  and some users claim there's no difference with or without it but it usually isn't required - Note:  if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show.

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart the computer

Back in Windows, let me know how everythings running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rudy33

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #14 on: May 13, 2005, 06:05:40 AM »
It seem to run great now.  No more J?vaw.exe trying to access the internet  and no message when windows start "no disk found"  I have also deleted alot of the applets for pogo games and yahoo - as yahoo is no longer on my computer.


Thank you sooooo much..........   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
POPUP J?VAW.EXE - HJT LOG ATTACHED
« Reply #15 on: May 13, 2005, 05:39:27 PM »
Seeing that everything is running better

You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
Once reenabled it will create a fresh restore point
How to Disable and Re-enable System Restore feature

Once back in Windows and System Restore is reenabled

You should set up protection against future attacks

SpywareBlaster 3.3 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer


IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection
IE-Spyad is compatible with Service Pack 2 as well
If your wondering
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »