Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Right Church, Wrong Pew


  • This topic is locked This topic is locked

#16
goodwrenchpete

goodwrenchpete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ilago

I am still unable to run Findit9xME. I have deleted all Findit files and notepad and downloaded both again with same results of 9 .txt messages and message "cannot find file output.txt [or one of its files"

Sorry
Peter
  • 0

Advertisements


#17
goodwrenchpete

goodwrenchpete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi ilago

Something very BAD seems to have occurred. After replying to you last night my PC desktop froze, I restarted and now all I have is a dark screen that says something like disk missing or misinstalled, please reinstall and push any key. [I am using my PC at work to communicate with you] I am going to try to reinstall ME from reinstallation disk later today.
I will be in touch.

Thanks
Peter
  • 0

#18
ilago

ilago

    Visiting Staff

  • Visiting Consultant
  • 363 posts
Hi pete

Sorry to hear that. Please let me know how you go and if you still need help
  • 0

#19
goodwrenchpete

goodwrenchpete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi ilago

I reinstalled ME and updated everything? and run ad-aware, spybot etc. I am still unable to run the findit9xME. I didn't know if maybe after this last incident you want to see another log? or what?

Let me know how to proceed and thanks again for the help and patience.

Peter
  • 0

#20
ilago

ilago

    Visiting Staff

  • Visiting Consultant
  • 363 posts
Hi pete

Have you visited Windows Update to get all the patches that would have been lost through a re-install yet. If you haven't, do that first then do another HijackThis log and we'll see what's happening now.
  • 0

#21
goodwrenchpete

goodwrenchpete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi ilago

I think everything is updated. Attached is my latest log. Thanks again for the help and advice.

Peter

Logfile of HijackThis v1.99.1
Scan saved at 7:41:42 PM, on 04/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SFITA.EXE
C:\PROGRAM FILES\SF\SF.EXE
C:\WINDOWS\APPLICATION DATA\RAAT.EXE
C:\PROGRAM FILES\DELL\SOLUTION CENTER\SERVICE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\MY DOCUMENTS\HIJACKTHIS FOLDER\MODULES.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\SEARCH3.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [98D0CE0C16B1] D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WildTangent CDA] C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [saie] c:\windows\system\saie.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [creativemp3] C:\WINDOWS\Application Data\Open ford\sixthmetabyte.exe
O4 - HKCU\..\Run: [SYSMONNT] C:\WINDOWS\SYSTEM\SYSMONNT
O4 - HKCU\..\Run: [Brxayzlp] C:\WINDOWS\SYSTEM\bjmno.exe
O4 - HKCU\..\Run: [Lrrn] C:\WINDOWS\Application Data\btws.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [Trrt] C:\WINDOWS\Application Data\raat.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Dell Service.lnk = C:\Program Files\Dell\Solution Center\Service.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell..../SysProfLCD.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} (CountSpies.SpyCounter) - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...tterInstall.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0010.exe
O16 - DPF: {62CE3CBC-B889-423A-9457-2FE7A731BBD8} (UpdateStart Class) - http://eng.pristonta...pristontale.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

Edited to remove extra copies of HijackThis log

Edited by ilago, 05 April 2005 - 03:46 AM.

  • 0

#22
ilago

ilago

    Visiting Staff

  • Visiting Consultant
  • 363 posts
Hi pete

This is a somewhat complex fix here - it will take me a little longer to write up for you. I was hoping to finish it tonight but I won't be able to post until it tomorrow night now (my time) - It's very late here. I haven't forgotten you.
  • 0

#23
ilago

ilago

    Visiting Staff

  • Visiting Consultant
  • 363 posts
Hi pete

Disable Winpatrol while you are carrying out these procedures - it can interfere with some of the removals. Right click the system tray icon and select disable or exit.

Download and install Spybot Search and Destroy from here if you don't already have it. http://www.geekstogo...tion=show&id=14 Install the program and update it. You must have the latest updates for this problem. Configure it as per the instructions on this page: http://forum.malware...wtopic.php?t=13

Download and install Adaware from here if you don't already have it: http://www.geekstogo...ction=show&id=5 Install the program and configure it as per the instructions on this page: http://forum.malware...wtopic.php?t=13

Enable hidden files and folders: http://www.bleepingc...torial=62#winme

Disable System Restore as explained here for Windows ME: http://www.pchell.co...emrestore.shtml


You may need to print this out or copy and paste into a Notepad file so you can keep track of the deletions when you are working in Safe Mode and not connected to the internet.

Open HijackThis and click on "Open Misc Tools Section" and "Open Process Manager"

Find these processes in the list, select each process and click on "Kill Process". Read the name very carefully as there may be some names that are similar but that are genuine files. If a process isn't listed there just go on to the next one.

SFITA.EXE
SF.EXE
RAAT.EXE
wsxsvc.exe
bjmno.exe
btws.exe
ffisearch.exe


Then click on Back which will open the HijackThis Scan Screen. Click on Scan. When the scan is complete check all the following items. Then disconnect from the internet and close all open windows including this browser window and all instant messaging - Yahoo messenger, MSN messenger, ICQ and anything else that is not essential and click on Fix checked. Make sure Winpatrol is disabled.

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\SEARCH3.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [98D0CE0C16B1] D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [WildTangent CDA] C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe - removal
O4 - HKLM\..\Run: [saie] c:\windows\system\saie.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [SYSMONNT] C:\WINDOWS\SYSTEM\SYSMONNT
O4 - HKCU\..\Run: [Brxayzlp] C:\WINDOWS\SYSTEM\bjmno.exe
O4 - HKCU\..\Run: [Lrrn] C:\WINDOWS\Application Data\btws.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [Trrt] C:\WINDOWS\Application Data\raat.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...tterInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0010.exe
O16 - DPF: {62CE3CBC-B889-423A-9457-2FE7A731BBD8} (UpdateStart Class) - http://eng.pristonta...pristontale.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll




Reboot into Safe Mode by tapping F8 continuously as soon as your computer starts to boot - straight after the beep. It is also explained here: http://service1.syma...src=sec_doc_nam

Open Windows Explorer and delete the files and folders shown below in bold.

Deletions

C:\WINDOWS\DOWNLOADS\SEARCH3.DLL - delete file
C:\WINDOWS\Updreg.exe - Delete file
C:\PROGRAM FILES\WILDTANGENT - Delete entire folder
C:\WINDOWS\SYSTEM\wsxsvc
c:\windows\system\saie.exe - Delete file
C:\WINDOWS\isrvs Delete entire folder
C:\WINDOWS\sfita.exe - Delete file
C:\WINDOWS\SYSTEM\SYSMONNT - Delete file
C:\WINDOWS\SYSTEM\bjmno.exe - Delete file
C:\WINDOWS\Application Data\btws.exe - Delete file
C:\Program Files\sf - Delete entire folder
C:\WINDOWS\Application Data\raat.exe - Delete entire folder
C:\WINDOWS\SYSTEM\maxspeed.exe - Delete file
c:\Programfiles\180solutions - Delete entire folder
c:\Program Files\internet optimizer - Delete entire folder
C:\Program Files\AWS - Delete entire folder

Reboot into normal mode. Disable Winpatrol again. Open Spybot Search and Destroy and run a scan with the configurations described earlier. Let it remove everything it finds in RED

Reboot back into normal mode. Disable Winpatrol again. Open Adaware and run a scan with the configurations described earlier. Let it remove everything it finds in 'Critical Objects'. Reboot on completion of scan.

Disable Winpatrol again and do an on-line virus scan here http://www.pandasoft...com/activescan/ Make sure that Repair/fix and heuristics are checked. Let it fix everything it can. Reboot.

Do a new HijackThis log so we can check how we've progressed.
  • 0

#24
goodwrenchpete

goodwrenchpete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi ilago

I have followed your instructions up to deleteing files and folders in Windows Explorer in safe mode. I restart in safe mode ok and right click start in lower right hand corner and click on EXPLORER which opens a list of stuff?? I am not sure what to do from here, I can not find a list of the files and folders to delete?

Thanks again for your help and patience

Peter
  • 0

#25
ilago

ilago

    Visiting Staff

  • Visiting Consultant
  • 363 posts
Hi Pete

There are a couple of ways to open Windows Explorer. If you have a keyboard with a 'Windows' key (the little 'windows' symbol on it) next to Alt key - you can press that and the 'E' key at the same time.

You can also open Windows Explorer by using the Start button and use a normal left click > Go to Programs on the list > Then to Accessories. You should see Windows Explorer listed in the Accessories - click on that.

The Windows Explorer window should open up with a list of folders in the left hand pane and list of folders and files in the right hand pane.

You need to look through the folder list on the left. There will be '+' signs next to major folders and drives. If you click on the '+' signs the sub-folders will display. You need to find the Windows folder - and then find the sub folders.

Windows Explorer will open with your My Documents folder already expanded. You will need to look for c: and click on the '+' sign next to that.

Don't hurry - look through what you can see and ask if you would like some more information.
  • 0

Advertisements


#26
goodwrenchpete

goodwrenchpete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi ilago

I really blew it this time! I guess I deleted something I should've have. After restarting my computer all I got was a gray screen. I tried to reload Me [as I had done befre] and it would get to 65% and stop with and error code. After multiple tries I took the unit to a repair center. They recommended totally reformatting. Presently I have a computer with lots of free hard drive but am not able to get onto the inernet [I am contacting you from my computer at work]

I am sure I will manage to get the internet thing figured out and have a completely funtioning computer again. I really appreciate the time and research you applied to help me, I can't tell you how badly I feel that it did not work out. I feel completely responsible. I've picked up some good pointers from this web site and hope to stay virus free thanks to things I have learned here.

Sincere Thanks
Peter
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP