[Essexboy]

OK lets see how this works

Dowload this file and when you run it select repair - let me know if that works

[Advertisements]

ok I downloaded that program and it fixed the problem yeah.

Know a few more things,
1st if I try and use internet explorer because for microsoft.com websites to do most things you have to be using explorer. I get all these scripting messages, cookie messages, what am I suppose to do when this happens, or is there a way to make it so the scripting and cookies don't prompt me.

2nd My avast atomatic update is not able to make the proper internet connection to update. And every 240 minutes I get the error message, but it doesn't tell me how to fix it.

3rd I have a new application called click me in the start up menu and I cannot delete it.

and last but not least I want to know if there is a way to remove some of the processess constantly running on my computer. The ones that show up on task manager. I have like 10 svchost.exe files are all those truly necessary. Also there is this file CTSVCCDA.EXE and I have no idea what it is. Help Again I am so thankful for your assistance.

[Sumbunny]

ok I downloaded that program and it fixed the problem yeah.

Know a few more things,
1st if I try and use internet explorer because for microsoft.com websites to do most things you have to be using explorer. I get all these scripting messages, cookie messages, what am I suppose to do when this happens, or is there a way to make it so the scripting and cookies don't prompt me.

2nd My avast atomatic update is not able to make the proper internet connection to update. And every 240 minutes I get the error message, but it doesn't tell me how to fix it.

3rd I have a new application called click me in the start up menu and I cannot delete it.

and last but not least I want to know if there is a way to remove some of the processess constantly running on my computer. The ones that show up on task manager. I have like 10 svchost.exe files are all those truly necessary. Also there is this file CTSVCCDA.EXE and I have no idea what it is. Help Again I am so thankful for your assistance.

[Essexboy]

Lets see if we can cure these

1st if I try and use internet explorer because for microsoft.com websites to do most things you have to be using explorer. I get all these scripting messages, cookie messages, what am I suppose to do when this happens, or is there a way to make it so the scripting and cookies don't prompt me.

Go to control panel and select Internet options
Select the advanced tab
Under browsing ensure that there is a tick in the script debugging options

2nd My avast atomatic update is not able to make the proper internet connection to update. And every 240 minutes I get the error message, but it doesn't tell me how to fix it.

Go to control panel and select Add/Remove programs
Select Avast and you will be offered several options on the left hand side of the uninstall window
Select repair

3rd I have a new application called click me in the start up menu and I cannot delete it.

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanit folder and double-click on OTScanit.exe to start the program.
• Check the box that says Scan All User Accounts
• Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
• Under Additional Scans check the following:
  • Reg - Desktop Components
  • Reg - Disabled MS Config Items
  • File - Additional Folder Scans
  • File - Purity Scan
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[Sumbunny]

 OTScanIt.Txt   150.63KB   97 downloads


Also the anti virus avast hadnt detected any bad files because ir hasn't been ran since the 9th until yesterday because I wanted to make sure we fix all that we can at this point. It found adware, a trj, and malware. I started the scan before I went to bed last night and i got up and it was still running and had only made it through 33,000 files out of 90,000. Is there a quicker scanner that we can use so that we can fix these things. One of the problems was in Sun Java, one a system file and I cannot remember the other. Thank y

[Essexboy]

Intriguing Avast should take no more than an hour to scan even on a large drive. Is Avast now updating and are the script errors gone

OTScanit shows only remnants and a few errors to resolve

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{E413A417-D00B-4A3B-9C17-19048046F1CE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
NY -> SpywareGuard.lnk -> %UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
NY -> {6448F0A6-6813-11D6-A77B-00B0D0160050} -> %UserProfile%\Local Settings\Application Data\{6448F0A6-6813-11D6-A77B-00B0D0160050}
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

[Sumbunny]

[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E413A417-D00B-4A3B-9C17-19048046F1CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E413A417-D00B-4A3B-9C17-19048046F1CE}\ not found.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
C:\Documents and Settings\Owner\Local Settings\Application Data\{6448F0A6-6813-11D6-A77B-00B0D0160050} folder moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DF6954.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DF9802.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_168.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.6.0 fix logfile created on 03212008_132217


Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:39 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTSyncU.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: avast! service GUI component.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

--
End of file - 6942 bytes


Well I still have the click me file on my start up. Cannot delete it. As far as avast, I am going to re download it and delete the old one because something just isnt right with it. I tried to run the online kapersky and firefox shut down about half way through it and then my computer shut off.

[Essexboy]

Did you try to repair Avast as stated previously ?

Lets try an online AV
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

[Sumbunny]

I decided to do away with Avast all together and instead go with AVG Antivirus. The AVG had way more downloads than Avast. I have noticed that many people in the forums here have had a hard time with Avast as well. Hope I made a good decision, what is your thought on this.

Dr.Web CureIt

RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0002147.reg;C:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP14;Trojan.StartPage.1505;Deleted.;
A0003033.exe;C:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP16;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0003856.reg;C:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP17;Trojan.StartPage.1505;Deleted.;
A0000206.reg;C:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP5;Trojan.StartPage.1505;Deleted.;

Ok it seams to be running a little rough now.

[Essexboy]

Well you appear to still be malware free as the items detected are in system restore

As for Avast I am a bad person to ask as it is my AV and has been for the last 5 years, running with no problems and no infections

Lets clear your restore points again

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

[Sumbunny]

Yeah, Thank you so much for all your help. You have helped me out tramendasly, and I think I may have even learned a
little something. But thats just between the computer and myself, I wouldn't say I know enough to try and help someone else on there computer, I would definately have to refer them your direction.


OK, ONE MORE MAJOR THIN TO MAKE SURE OF BEFORE WE CLOSE. What is the CLICK IT APPLICATION on the right hand bottom middle side of my start menu options. I try and right click on it and all it says is Click It and I am afraid to click it because I do not know what it is. It wasn't there before, is there a way to get rid of it.


HAPPY EASTER, Bless you for all your service to my computer and I.

[Essexboy]

Unfortunately I am on Vista now - however, go to C:\Documents and Settings\Owner\Start Menu\Programs and delete it from there if it does not delete then can you give me the full name of the programme and I will delete it

Double click OTScanit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

[Sumbunny]

Ok, Thumbs up I think we are good. My computer and myself thank you dearly. Thanks you for all of your expert assistance. Much Love

Have a wonderful day and Bless you all.

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.