Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]CWS is killing me! My Ad-aware log file


  • Please log in to reply

#16
njustice

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

Double click on fix.reg and allow to merge to the registry

Restart your computer and post a new Hijackthis log.
  • 0

Advertisements


#17
enbro

enbro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Okay, I'm all ears.

Logfile of HijackThis v1.99.1
Scan saved at 11:48:35 PM, on 4/29/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\PROFILES\NEIL\START MENU\PROGRAMS\STARTUP\TOPDESK.EXE
D:\1-VIRUS REMOVAL TOOLS\HIJACK THIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: TopDesk.exe
O4 - User Startup: TopDesk.exe
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)
  • 0

#18
njustice

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello enbro, couple of questions do you know if your anti-virus is up-to-date? Do you have Spybot and Adaware installed, if not please do the following:

Download Spybot from
http://www.safer-net...p?page=download

after installing......hit.."Search for Updates".....get them all.......(Download Updates)........then "Check for Problems".......after the scan is complete..allow Spybot to remove everything listed in RED...reboot your computer.

NOTE: Spybot will flag 5 DSO Exploit's...this is a bug in the program and will be fixed in the next version, you can ignore these.

===============

Then Download Ad-aware SE from: http://www.majorgeek...ownload506.html

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.
  • Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • "Automatically save logfile"
      • Automatically quarantine objects prior to removal"
      • Safe Mode (always request confirmation)
      • Prompt to update outdated confirmation) - Change to 7 days.
    • Click the "Scanning" button (On the left side).
    • Under Drives & Folders, select "Scan within Archives"
    • Click "Click here to select Drives + folders" and select your installed hard drives.
    • Under Memory & Registry, select all options.
    • Click the "Advanced" button (On the left hand side).
    • Under "Shell Integration", select "Move deleted files to Recycle Bin".
    • Under "Log-file detail", select all options.
    • Click on the "Defaults" button on the left.
    • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
    • Click the "Tweak" button (Again, on the left hand side).
    • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following:
      • "Unload recognized processes during scanning."
      • "Obtain command line of scanned processes"
      • "Scan registry for all users instead of current user only"
    • Under "Cleaning Engine", select the following:
      • "Automatically try to unregister objects prior to deletion."
      • "During removal, unload explorer and IE if necessary"
      • "Let Windows remove files in use at next reboot."
      • "Delete quarrantined objects after restoring"
    • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
    • Click on "Proceed" to save these Preferences.
    • Click on the "Scan Now" button on the left.
    • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
  • Close all programs except ad-aware.
  • Click on "Next" in the bottom right corner to start the scan.
  • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
  • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
===============

Run the fix.reg you put on the desktop once again.

Double click on fix.reg and allow to merge to the registry.

===============

Reboot your computer.

===============

Can you please
download Startdreck.zip startdreck.zip

UNZIP to its own folder.... DoubleClick: 'StartDreck.exe'

Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post this log

Copy and Paste the contents of that log back here.

===============

Download and save to Desktop DLLCompare

Start the Program and click the Run Locate.com

Let it complete the SCAN, which won't take long

Click the Compare button to start the next process.This will take a bit longer.
The results appear in two panes - files in the upper pane have been verified to 'exist'.
Files in the lower pane were 'not able to be accessed'.
Very few files should be listed in the lower pane,if any, when the Compare scan is complete.
Click on each of the listed entries in the lower pane to select them. Right-click on the file and use the option Rescan. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files.

Click the Make a Log of what was found button
Post back this log

Could you also post a fresh Hijackthis log too.
  • 0

#19
enbro

enbro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Okay, thank you. I'm done all that, here is my Startdreck log.

StartDreck (build 2.1.7 public stable) - 2005-04-30 @ 14:15:43 (GMT -07:00)
Platform: Windows 98 (Win 4.10.1998 )
Internet Explorer: 6.0.2800.1106
Logged in as Neil at ENB-001

舞egistry
舞un Keys
翟urrent User
舞un
舞unOnce
聞efault User
舞un
舞unOnce
腿ocal Machine
舞un
*Pop-Up Stopper="D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\POP-UP STOPPER\DPPS2.EXE"
*Norton eMail Protect=C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
舞unOnce
舞unServices
*KB891711=C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
舞unServicesOnce
舞unOnceEx
舞unServicesOnceEx
翡rowser Helper Objects (LM)
肇iles
艋ystem/Drivers
舞unning Processes
+FFEF1CA1=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF4839=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF5F89=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFF7815=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE889D=C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
+FFFE83B1=C:\WINDOWS\EXPLORER.EXE
+FFFE2C05=D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\POP-UP STOPPER\DPPS2.EXE
+FFFE6999=C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
+FFFDF5FD=C:\WINDOWS\PROFILES\NEIL\START MENU\PROGRAMS\STARTUP\TOPDESK.EXE
+FFFC8075=C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE
+FFFCF02D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF3C051=D:\PROGRAM FILES\WINZIP\WINZIP32.EXE
+FFF3A019=D:\1-VIRUS REMOVAL TOOLS\STARTDRECK\STARTDRECK.EXE
翠pplication specific


LOCATE.COM LOGFILE

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found :tazz:"
________________________________________________

747 items found: 747 files, 0 directories.
Total of file sizes: 123,269,899 bytes 117.56 M

--------------------End log---------------------


HIJACK THIS LOGFILE

Logfile of HijackThis v1.99.1
Scan saved at 2:21:59 PM, on 4/30/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\PROFILES\NEIL\START MENU\PROGRAMS\STARTUP\TOPDESK.EXE
C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\1-VIRUS REMOVAL TOOLS\HIJACK THIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: TopDesk.exe
O4 - User Startup: TopDesk.exe
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)
  • 0

#20
njustice

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello enbro,

Hello enbro, couple of questions do you know if your anti-virus is up-to-date? Do you have Spybot and Adaware installed, if not please do the following:


  • 0

#21
enbro

enbro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Yes, I have Norton Anti-virus, was up-to-date as of last week then I updated it again just today. I have Ad-Aware which is up-to-date too. I ran spybot as per your directions.

Am I doing something wrong or is there something wrong? My computer seems to be clean.....
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP