Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]please help with ads1 pop ups - here is my log


  • Please log in to reply

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Excellent. Your log is clean. Now we can start cleaning up some files.

I noticed you had TDS3 installed at one time.
If you still have it do a full system scan.

If not, remove at least these files and folders:

C:\Program Files\ISTsvc <= entire folder
C:\WINDOWS\sbhyan.exe
C:\WINDOWS\system32\o3v5iqbe.exe
c:\program files\180search assistant <= entire folder
C:\WINDOWS\dancf.exe
C:\WINDOWS\system32\elitejpd32.exe

Regards,
  • 0

Advertisements


#17
richardlaura

richardlaura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Pieter,

Thank you so much--I no longer have ads1.revenue and other popups. You are wonderful!!!

I don't know what TDS3 is but I'll remove those files. Also, I went to Windows Explorer and deleted C:\Windows\System32\elitezvs32.exe and 23 other files starting with"elitexxx32.exe" .

Do you how to get rid of unwanted entries in msconfig, startup? They are disabled thanks to WinPatrol but I still want to get them out of there. I went into the registry and followed the path but they are not listed under HKLM\SOFTWARE...run?

Sorry to keep bothering you.

Laura
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi Laura,

Glad we could help. :tazz:

I imagine that WinPatrol stores those startups somewhere in a "Disabled" registry key just as msconfig would.
I'm just not sure where that key is.
If you want you can ask at the WinPatrol forum.
Let me know if you would rather have me ask Scotty and I'll provide you with a link to where I asked.

Regards,
  • 0

#19
richardlaura

richardlaura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
If you could ask that would be great. When I click Start, Run, MSCONFIG, startup tab, there is alot of stuff in there I want to delete. For instance, C:\windows\system32\eliteart32.exe is in there along with other junk.

This is a great site. You saved me days of my time. I almost had to format the hard drive.

Laura
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Ah but that gives us a clue. :tazz:
  • Download the Registry Search Tool.
  • Unzip the contents of RegSrch.zip to a convenient location.
  • Double-click on RegSrch.vbs.
  • If you have an anti-virus installed it might prompt you about a running script. Please ignore this warning and allow the script to run.
  • In the "Enter search string (case insensitive) and click OK..." box paste this string:
    • elitezvs32.exe
  • Click "OK" to search the registry for that string.
  • Wait for a few minutes while it completes the search.
  • Click "OK" to open the results in WordPad.
  • Copy and paste the entire results into your next post.
Regards,
  • 0

#21
richardlaura

richardlaura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Hi Pieter,

It said no instances of elitezvs32.exe found. I also went into the registry myself to find it and it couldn't find anything. So apparently that file (along with others) are just orphaned files in my startup? They are not checked so they are not running, and even if they were checked, they've probably been deleted from the registry, but how do I delete them from startup?

Laura
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
So they are not stored in the registry.

You are talking about this screen, right?

Posted Image

Regards,
  • 0

#23
richardlaura

richardlaura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
No, see attachment.
Attached File  system_configuration.doc   54KB   26 downloads

The only thing in Winpatrol startup is Winpatrol.

Laura
  • 0

#24
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Ah. OK that is what you mean. :tazz:

Click Start > Run > type or copy&paste regedit /e c:\msconfigs.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig" > OK

That should create the file c:\msconfigs.txt

Paste the content please.

Regards,
  • 0

#25
richardlaura

richardlaura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Okay here it is..... The whole file msconfig.txt was 49 megabytes so I copied this selection as you requested. Let me know if you need more information.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Billminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Billminder.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKENW\\BILLMIND.EXE "
"item"="Billminder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Image Transfer.lnk"
"backup"="C:\\WINDOWS\\pss\\Image Transfer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\IMAGET~1\\SonyTray.exe "
"item"="Image Transfer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Startup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKENW\\QWDLLS.EXE "
"item"="Quicken Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aBsmRSenO]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kbdatson"
"hkey"="HKCU"
"command"="kbdatson.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\checkrun]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eliteart32"
"hkey"="HKLM"
"command"="C:\\windows\\system32\\eliteart32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Deb2rNU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="feccmb"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\feccmb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iufz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iufzm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\iufz\\iufzm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pwt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pwt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\pwt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\rs3g32S]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="krnfo"
"hkey"="HKLM"
"command"="krnfo.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\t05oa5kk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="t05oa5kk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\t05oa5kk.exe"
"inimapping"="0"
  • 0

Advertisements


#26
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Good job. :tazz:
Please save that file in case we need a backup.

Copy the part in bold below into notepad and name it cleanconf.reg

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aBsmRSenO]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\checkrun]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Deb2rNU]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iufz]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pwt]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\rs3g32S]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\t05oa5kk]


Doubleclick that file and confirm you want to merge it with the registry.

Now check msconfig again.

Regards,
  • 0

#27
richardlaura

richardlaura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Okay, but before I do that, I've forgotten how to back up the registry?

Laura
  • 0

#28
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
The c:\msconfigs.txt you made can act as our backup.

If you need it rename it to msconfigs.reg and doubleclick. Confirm when prompted and everything is back the way it was.

Regards,
  • 0

#29
richardlaura

richardlaura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Yes! It worked. You are a genius. Here is what it looks like now. I think everything in there is legit.

One last thing...do you know why my DSL connection is so slow? I thought it was because of all the spyware but now that the spyware is gone, the connection is still slow. The speed test says the download speed is 1.3 Mbps but pictures take a long time to come in and sometimes is isn't much faster than a dialup connection. This may not be your area of expertise but I thought I'd ask.

Thanks for everything,

Laura

Attached Files


  • 0

#30
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
The unchecked ones that are left are indeed legit and can be removed permanently by removing the links from the Startup folder.

Speed is a two end thing. You can't download faster then things are being uploaded.

But there are some very good tests available here: http://www.dslreports.com/tools

Try the tweak test first.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP