I've done all the steps in the sticky at the top of this message board saying to do all those steps before posting a HJT log and all the steps from the "how to remove Begin2Search / Coolwebsearch and other nasties" thread. After all this about every 5 minutes I will get an IE pop up with an adress beginning with ad.XXXXX This is even though I don't have any IE windows open and I exclusively use FF. Please help this has been bothering me for weeks and I still can't fix it. Attached is my HJT log.
My HJT log for IE pop-ups even though only using FF
- Thread starter Fatguyenalilcoa
- Start date
howard_hopkinso
Posts: 21,238 +17
New HJT log
I did the 2 things you said. The first one found some files which I removed but the second program didn't find any files. Heres the new HJT log from safe mode and after turning off system restore
I did the 2 things you said. The first one found some files which I removed but the second program didn't find any files. Heres the new HJT log from safe mode and after turning off system restore
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Network
CMAPP
Weather
PartyGaming\PartyPoker
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
161C1B1A1C191A.exe
ipnetwork.exe
pshwr.exe
cmappstub.exe
rukmm.exe
mc-58-12-0000106.exe
svchostsys.exe
Weather.exe
RunApp.exe
Close task manager.
Click start/run and type regsvr32 /u C:\WINDOWS\system32\fpdrnznx.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.
Do the same for these files as well.
regsvr32 /u C:\WINDOWS\Lhupmbkl.dll
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0<Only fix this, if you haven`t set this proxy yourself, or you don`t know 2what it is.
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {2335EA94-74D6-46B4-BA93-8567DAC6CC9B} - C:\WINDOWS\system32\fpdrnznx.dll
O2 - BHO: (no name) - {2BDD0B40-46DF-B498-05BF-85477B0A0FE2} - C:\WINDOWS\Lhupmbkl.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll (file missing)
O4 - HKLM\..\Run: [C6CCCBCACCC9CAC9] 161C1B1A1C191A.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [cmappstub] C:\Program Files\CMAPP\cmappstub.exe -run
O4 - HKCU\..\Run: [rukm] C:\Program Files\Common Files\rukm\rukmm.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1121388702343
Fix all 018 entries.
O20 - AppInit_DLLs: Runner.dll,nemeilpb.dll,Runner.dll,Runner.dll,cmstart.dll,Runner.dll,cmstart.dll ,EQMini.dll,SDRunner.dll,Runner.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
C:\Program Files\Weather\Weather.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\Common Files\mc-58-12-0000106.exe
C:\Program Files\Common Files\rukm\rukmm.exe
C:\Program Files\CMAPP\cmappstub.exe -run
C:\WINDOWS\system32\pshwr.exe
C:\Program Files\Network\ipnetwork.exe
161C1B1A1C191A.exe you will need to do a search of your system to find this file.
C:\WINDOWS\Lhupmbkl.dll
C:\WINDOWS\system32\fpdrnznx.dll
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Network
CMAPP
Weather
PartyGaming\PartyPoker
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
161C1B1A1C191A.exe
ipnetwork.exe
pshwr.exe
cmappstub.exe
rukmm.exe
mc-58-12-0000106.exe
svchostsys.exe
Weather.exe
RunApp.exe
Close task manager.
Click start/run and type regsvr32 /u C:\WINDOWS\system32\fpdrnznx.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.
Do the same for these files as well.
regsvr32 /u C:\WINDOWS\Lhupmbkl.dll
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0<Only fix this, if you haven`t set this proxy yourself, or you don`t know 2what it is.
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {2335EA94-74D6-46B4-BA93-8567DAC6CC9B} - C:\WINDOWS\system32\fpdrnznx.dll
O2 - BHO: (no name) - {2BDD0B40-46DF-B498-05BF-85477B0A0FE2} - C:\WINDOWS\Lhupmbkl.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll (file missing)
O4 - HKLM\..\Run: [C6CCCBCACCC9CAC9] 161C1B1A1C191A.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [cmappstub] C:\Program Files\CMAPP\cmappstub.exe -run
O4 - HKCU\..\Run: [rukm] C:\Program Files\Common Files\rukm\rukmm.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1121388702343
Fix all 018 entries.
O20 - AppInit_DLLs: Runner.dll,nemeilpb.dll,Runner.dll,Runner.dll,cmstart.dll,Runner.dll,cmstart.dll ,EQMini.dll,SDRunner.dll,Runner.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
C:\Program Files\Weather\Weather.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\Common Files\mc-58-12-0000106.exe
C:\Program Files\Common Files\rukm\rukmm.exe
C:\Program Files\CMAPP\cmappstub.exe -run
C:\WINDOWS\system32\pshwr.exe
C:\Program Files\Network\ipnetwork.exe
161C1B1A1C191A.exe you will need to do a search of your system to find this file.
C:\WINDOWS\Lhupmbkl.dll
C:\WINDOWS\system32\fpdrnznx.dll
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
Updated HJT log
Ok, I followed your instructions exactly and here's my new HJT log.
Ok, I followed your instructions exactly and here's my new HJT log.
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
svchostsys.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\Program Files\Common Files\svchostsys\svchostsys.exe
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
svchostsys.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\Program Files\Common Files\svchostsys\svchostsys.exe
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
