Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-Ups, Crashes and Error Messages


  • Please log in to reply

#1
drb0605

drb0605

    Member

  • Member
  • PipPip
  • 23 posts
I believe I have viruses and lots of other problems, which I'm trying to fix and have passed the point where I feel comfortable doing more. What I have done may indeed have caused more problems. I first started experiencing tons of pop-ups; purchased Ad-Aware (which currently crashes my machine after scanning). I'm still getting pop-ups (but not as many), but am now getting lots of error messages and often freezing up the machine.

I ran StartUp list and following are the process running:

StartupList report, 7/10/05, 1:20:20 PM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\WINNB32.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\APIXY.EXE
C:\PROGRAM FILES\ZONEALARM FIREWALL\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\UJOWKUG.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\HMHRNA.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\WINDOWS\BZSDLCRB.EXE
C:\WINDOWS\REGEDIT.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SPYSUB.EXE
rtrn.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
CriticalUpdate = c:\windows\SYSTEM\wucrtupd.exe -startup
USBMMKBD = usbmmkbd.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
HP Software Update = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
APIXY.EXE = C:\WINDOWS\SYSTEM\APIXY.EXE
Zone Labs Client = C:\Program Files\ZoneAlarm Firewall\ZoneAlarm\zlclient.exe
ujowkug = c:\windows\system\ujowkug.exe
cfgmgr52 = RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
AUNPS2 = RUNDLL32 AUNPS2.DLL,_Run@16
autoupdate = rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
WinTask driver = C:\WINDOWS\SYSTEM\wintask.exe
exp.exe = C:\WINDOWS\SYSTEM\exp.exe
KavSvc = C:\WINDOWS\hmhrna.exe reg_run

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
Hidserv = Hidserv.exe run
SchedulingAgent = mstask.exe
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
KB891711 = c:\windows\SYSTEM\KB891711\KB891711.EXE
WINNB32.EXE = C:\WINDOWS\WINNB32.EXE /s

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
AWMON = "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 10/7/2005, 9:44:48)

[RENAME]
NUL=C:\WINDOWS\TEMP\TP7543.EXE
NUL=C:\WINDOWS\UNUVMZ.EXE
NUL=C:\WINDOWS\OGOZHXX.DLL
NUL=C:\WINDOWS\STARTM~1\PROGRAMS\STARTUP\RTRN.EXE
NUL=C:\WINDOWS\SYSTEM\BROWSEUI.DLL
C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\SETC2E4.TMP
NUL=C:\WINDOWS\SYSTEM\IEPEERS.DLL
C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\SETC2F1.TMP
NUL=C:\WINDOWS\SYSTEM\MSHTML.DLL
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SETC2F4.TMP
NUL=C:\WINDOWS\SYSTEM\SHDOCVW.DLL
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SETC302.TMP
NUL=C:\WINDOWS\SYSTEM\SHLWAPI.DLL
C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\SETC305.TMP
NUL=C:\WINDOWS\SYSTEM\URLMON.DLL
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SETC310.TMP
NUL=C:\WINDOWS\SYSTEM\WININET.DLL
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\SETC313.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\NORTON~1\NAVDX.EXE /startup
SET SBPCI=C:\SBPCI
path C:\WINDOWS;C:\WINDOWS\COMMAND
call c:\dosboot\sPower
SET BLASTER=A220 I7 D1 H7 P330 T6
call c:\dosboot\drivers.bat
Set tvdumpflags=10
Set tvdumpflags=10
Set tvdumpflags=10
Set tvdumpflags=10

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\WINDOWS\ATLKB32.DLL - {97FD03BF-2223-5BCC-0213-A97E0706011D}
(no name) - C:\WINDOWS\SYSTEM\IPKP.DLL - {AB6EDD85-AE4D-654F-6EE9-1EAD4CDD4057}
(no name) - C:\WINDOWS\CFGMGR52.DLL - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job
Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[ForumChat]
InProcServer32 = C:\WINDOWS\SYSTEM\MSJAVA.DLL
CODEBASE = http://objects.compu...hat/RTCChat.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macr.../swdir8d196.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macr...ash/swflash.cab

[GifViewerX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\GIFVIE~1.OCX
CODEBASE = http://www.chatbox.c.../GifViewerX.cab

[{2C38A62E-D257-40E8-8BB7-5624E38FEB0A}]
CODEBASE = http://www.britney-s...om/lsdialer.cab

[plug Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CHARGI~1.DLL
CODEBASE = http://dist02.chargi...chargitplug.dll

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupd...7873.6702893519

[iNotes Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\INOTES.DLL
CODEBASE = https://mail101a.urs....com/iNotes.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER1.DLL
CODEBASE = http://us.dl1.yimg.c...s/yinst0401.cab

[YahooYMailTo Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
CODEBASE = http://download.yaho...mail/ymmapi.dll

[PhotosCtrl Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YPHOTOS.DLL
CODEBASE = http://photos.yahoo....plorer1_9us.cab

[YAddBook Class]
InProcServer32 = C:\PROGRA~1\YAHOO!\COMMON\YADDBOOK.DLL
CODEBASE = http://download.yaho...alls/yab_af.cab

[WSDownloader Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WSDOWN~1.OCX
CODEBASE = http://www.webshots....SDownloader.ocx

[RegConfig Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YREGCFG.DLL
CODEBASE = http://download.yaho...rod/yregcfg.cab

[YPCXWizard Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\YPCXWIZARD_DLL.DLL
CODEBASE = http://download.yaho...d2003080601.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[IncrediMail]
CODEBASE = http://www2.incredim...p1/imloader.cab

[Shutterfly Picture Upload Plugin]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SFUPLO~1.OCX
CODEBASE = http://web1.shutterf...ds/Uploader.cab

[Wwlaunch Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WWLAUNCH.OCX
CODEBASE = http://www.worldwinn...ed/wwlaunch.cab

[Chess Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CHESS.OCX
CODEBASE = http://www.worldwinn...chess/chess.cab

[MetaStreamCtl Class]
InProcServer32 = C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\AXMETASTREAM_03000F10.DLL
CODEBASE = https://components.v...1_Arctura2.aspx

[InstallX Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\INST2.DLL
CODEBASE = http://www.20x2p.com...38deb/enter.cab

[MeadCo ScriptX]
InProcServer32 = C:\WINDOWS\SYSTEM\MCSCRIPX.DLL
CODEBASE = https://www.cmsins.com/cms/ScriptX.cab
OSD = C:\WINDOWS\Downloaded Program Files\ScriptX.osd

[cpbrkpie Control]
InProcServer32 = C:\WINDOWS\CPBRKPIE.OCX
CODEBASE = http://a19.g.akamai....23/cpbrkpie.cab

[Anonymizer Anti-Spyware Scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBAAS.DLL
CODEBASE = http://download.zone...ctor/WebAAS.cab

[Yahoo! Webcam Viewer Wrapper]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YVWRCTL.DLL
CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab

[ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACTIVEX.OCX
CODEBASE = http://www.icannnews.../ST/ActiveX.ocx

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 11,474 bytes
Report generated in 1.392 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

------------------------------------------------------

Can you tell me how to proceed fixing my system?

Thank you,

Debbie
  • 0

Advertisements


#2
nathen555

nathen555

    Geek In Training

  • Banned
  • PipPipPip
  • 318 posts
Do you have service pack 2 on windows xp ??
  • 0

#3
nathen555

nathen555

    Geek In Training

  • Banned
  • PipPipPip
  • 318 posts
oh sorry what windows version do you have
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Click Here download the latest version of Hijack This. And post a log in this thread. I am moving this to the malware section where it will receive the attention it needs.
  • 0

#5
drb0605

drb0605

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Nathan, I'm running Windows 98.

Debbie
  • 0

#6
drb0605

drb0605

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks for the quick response; here's my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 4:02:34 PM, on 7/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\WINNB32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\APIXY.EXE
C:\PROGRAM FILES\ZONEALARM FIREWALL\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\UJOWKUG.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\RTRN.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\WINDOWS\BZSDLCRB.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UWFX5LP_0001_0614NETINSTALLER.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\69IZQPSL\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rlxmb.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tzyjh.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.wowsearch.org/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tzyjh.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rlxmb.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tzyjh.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tzyjh.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {97FD03BF-2223-5BCC-0213-A97E0706011D} - C:\WINDOWS\ATLKB32.DLL
O2 - BHO: Class - {AB6EDD85-AE4D-654F-6EE9-1EAD4CDD4057} - C:\WINDOWS\SYSTEM\IPKP.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APIXY.EXE] C:\WINDOWS\SYSTEM\APIXY.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\ZoneAlarm Firewall\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ujowkug] c:\windows\system\ujowkug.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\hmhrna.exe reg_run
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [WINNB32.EXE] C:\WINDOWS\WINNB32.EXE /s
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AWMON] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SPYSUB.EXE
O4 - Startup: rtrn.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .gov/FOTWWebApp/StudentAccessServlet;jsessionid=000244XWKXDHJCKEFBCX5DYG5EA?dowhat=printsumpdf&phase=10&state=11&historyid=2&pageid=175&faamode=undefined: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: Dialpad Java Applet - http://www.dialpad.c...et/src/vscp.cab
O16 - DPF: {7147947B-5D1D-11D1-AF68-0000929101FF} (GifViewerX Control) - http://www.chatbox.c.../GifViewerX.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.britney-s...om/lsdialer.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargi...chargitplug.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mail101a.urs....com/iNotes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...p1/imloader.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinn...chess/chess.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...1_Arctura2.aspx
O16 - DPF: SEAGULL J Walk Java Client 3_3C11 - http://www.moraine.t...lk/jwalk_ie.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...38deb/enter.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://www.cmsins.com/cms/ScriptX.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = sbcglobal.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.164.1.8,206.13.28.12
  • 0

#7
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
There are quite a few programs available that offer protection features to help keep a computer from getting infected. While this is normally a helpful feature, it can keep a victim from making the changes necessary to clean their comptuer. Please read the following and uninstall or disable those that apply to your machine.

These programs need to be uninstalled

AdWatch


These programs can just be disabled

Microsoft Antispyware
TeaTimer
SpySweeper
Win Patrol
Spyware Guard
PSGuard
Pestpatrol
Regrun
Diamonds Process controller



You have a nasty About:Blank infection. This fix requires several tools that need to be downloaded. Please download these now, we will run them later.

1) About:Buster - Download it and extract it to C:/aboutbuster.
2) CleanUp! - Download it and install it.
3) CWShredder 2.11 - Download it and save it to your desktop.
4) Ad-Aware - Download, install, and update.

Enable hidden files and folders: http://www.bleepingc...torial=62#winme

During the fix do NOT connect to the internet. Unless you can memorize these instructions, it would be a good idea to print them out.

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Run AboutBuster
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the scan
AboutBuster scans the computer for malicious files and deletes them.
Save the report (copy and paste into Notepad and save as a .txt file) to post a copy for review.

Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK

Run CleanUp
-Make sure it is on Standard Mode
-Click the "CleanUp!" button

Run Ad-Aware
-Configure Ad-Aware for a full system scan
-Run it

Clean Up the left overs

Run HJT, close any open windows, and fix the following items (if they are still there):


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rlxmb.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tzyjh.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.wowsearch.org/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tzyjh.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rlxmb.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tzyjh.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tzyjh.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {97FD03BF-2223-5BCC-0213-A97E0706011D} - C:\WINDOWS\ATLKB32.DLL
O2 - BHO: Class - {AB6EDD85-AE4D-654F-6EE9-1EAD4CDD4057} - C:\WINDOWS\SYSTEM\IPKP.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL (file missing)

O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe

O4 - HKLM\..\Run: [APIXY.EXE] C:\WINDOWS\SYSTEM\APIXY.EXE

O4 - HKLM\..\Run: [ujowkug] c:\windows\system\ujowkug.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\hmhrna.exe reg_run

O4 - HKLM\..\RunServices: [WINNB32.EXE] C:\WINDOWS\WINNB32.EXE /s

O4 - Startup: rtrn.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: Dialpad Java Applet - http://www.dialpad.c...et/src/vscp.cab
O16 - DPF: {7147947B-5D1D-11D1-AF68-0000929101FF} (GifViewerX Control) - http://www.chatbox.c.../GifViewerX.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.britney-s...om/lsdialer.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargi...chargitplug.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mail101a.urs....com/iNotes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...p1/imloader.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinn...chess/chess.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...1_Arctura2.aspx
O16 - DPF: SEAGULL J Walk Java Client 3_3C11 - http://www.moraine.t...lk/jwalk_ie.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...38deb/enter.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://www.cmsins.com/cms/ScriptX.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx


Then delete the following files (if they exist):



C:\WINDOWS\WINNB32.EXE
C:\WINDOWS\SYSTEM\APIXY.EXE
rtrn.exe
C:\PROGRAM FILES\VIEWPOINT\<<this folder
C:\WINDOWS\BZSDLCRB.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\<<this folder


Reboot into normal mode (simply restart your computer as you normally would), and run the following free, online virus scans:

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Then restart your computer one more time and post a new HJT log as well as the About:Buster log I asked you to save earlier.

Also, just for grins:

Please download FindQoologic from here:
http://forums.net-in...=post&id=134981

Unzip the files and save them to the desktop and run Find-Qoologic2.bat. This will generate a log file; please post the entire contents of the log file here for me to see, along with a hijack this log
  • 0

#8
drb0605

drb0605

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Well, this is taking quite a while .... and I've crashed a couple times going through all the steps!

I'm currently up to the part about running the free virus scans, and am running housecall before I call it a day. I'll finish tomorrow and send you the info and logs you've requested so we can see where I'm at.

Just FYI .... the only way I knew to uninstall Ad-Watch was to uninstall the entire Ad-Aware SE Plus program I'd recently purchased. I did download Ad-Aware Personal at the point you suggested.

After I was done deleting everything (but before I started the free scans I'm now running), I uninstalled Ad-Aware Personal and reinstalled my SE Plus program. Hope this was OK .....

I'm truly grateful and amazed that you took the time with me today to help out.

Just FYI .... I was running 7% availability early today, and I'm now at 76% available. Several of the error messages on start-up didn't show up when I rebooted.

Thank you sincerely. I'll get back to you tomorrow.

Debbie from Wisconsin
(kids and husband are amazed I've been at this for hours and hours today, but they got their dinner!) :tazz:
  • 0

#9
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
As you probably figured out, you had a pretty bad infection. Sounds like you're doing a great job. Glad the family got fed. That would have been tragic. :tazz:
  • 0

#10
drb0605

drb0605

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi CoachWife6!

Well, I'm continuing on our journey .... these scans all take a long time, and I might not even finish tonight. :tazz:

Just in case you're interested: I couldn't seem to run housecall with Ad-Aware SE Plus, so I uninstalled it again and am running the last 3 scans you suggested. Housecall ended up finding 12 uncleanable files, which I deleted. I'm running pandasoftware right now.

Question: Can you think of any reason my machine wouldn't respond to a normal start>shutdown last night? The screen dims for a moment and then brightens up again. How can I shut down safely??

I'll keep going forward and will be in touch with the results and the logs you've asked for. Sorry for the slow progress.

Thank you again (and again) for helping out,

Debbie
  • 0

Advertisements


#11
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Just run the panda scan and show me the results of that scan.

I don't know why you can't shut down normally. When this is all cleaned up, we'll work on that problem.

Don't worry about it taking a long time, it just takes awhile. :tazz: Better to be slow and accurate than quick and sloppy. ;)
  • 0

#12
drb0605

drb0605

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Good Morning!

At it again before I head out to work ...

I'm attaching the panda scan ... looks dismal. (I didn't see any actions available after the scan.) And I just ran housecall again; it found 3 more qoologic files that I deleted.

Should I run panda again? Or should I try to reboot and, whether I can or not, download FindQoologic and run it? :tazz:

Debbie

Attached Files


  • 0

#13
drb0605

drb0605

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Again ..

For some reason, I got kicked off and decided to try to shut down again, and this time it worked. I did get a "program not responding" message with no program identifier on shutdown. But I did a end task and it shut down.

I immediately ran a hijack this log, and am attaching it. I won't do anything else until I get home tonight and hear from you. The only thing I haven't yet done from your original instructions is downloading FindQoologic.

Thanks again, and I hope your day is wonderful down in Texas. We've got 80 degrees with some (welcome) rain forecast.

Later,

Debbie :tazz:

Attached Files


  • 0

#14
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
1. Go to add/remove programs and uninstall Gator, Bargain Buddy, Comet, Search Aid, Power Search, Midadle, (if they are there)

2. Have you run lavasoft's adaware? If not, you need to. I've included the instructions (there may be one or two options included in the instructions that are no llonger available. If not, don't sweat it.)

Please scan your system with Ad-aware:
Ad-aware SE 1.06 - Download - Home Page
  • If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
  • After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
  • Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
  • Once the definitions have been updated:
  • Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • "Automatically save logfile"
      • Automatically quarantine objects prior to removal"
      • Prompt to update outdated confirmation) - Change to 7 days.
    • Click the "Scanning" button (On the left side).
    • Under Drives & Folders, select "Scan within Archives"
    • Click "Click here to select Drives + folders" and select your installed hard drives.
    • Under Memory & Registry, select all options.
    • Click the "Advanced" button (On the left hand side).
    • Under "Shell Integration", select "Move deleted files to Recycle Bin".
    • Under "Log-file detail", select all options.
    • Click on the "Defaults" button on the left.
    • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
    • Click the "Tweak" button (Again, on the left hand side).
    • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
      • "Unload recognized processes during scanning."
      • "Obtain command line of scanned processes"
      • "Scan registry for all users instead of current user only"
    • Under "Cleaning Engine", select the following:
      • "Automatically try to unregister objects prior to deletion."
      • "During removal, unload explorer and IE if necessary"
      • "Let Windows remove files in use at next reboot."
      • "Delete quarrantined objects after restoring"
    • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
    • Click on "Proceed" to save these Preferences.
    • Click on the "Scan Now" button on the left.
    • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
  • Close all programs except ad-aware.
  • Click on "Next" in the bottom right corner to start the scan.
  • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
  • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
3. Clean your favorites folder.

Read this:HERE

4. Clean your temps. folders.

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

5. If you would please, rescan with Panda and HijackThis and post a fresh log in this same topic. (Please don't attach. :tazz: ) Also, the find qoologic scan is no longer for grins. ;)
  • 0

#15
drb0605

drb0605

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Good evening ..

You've got to be absolutely sick of me! :tazz:

Went through all the Ad-Aware scans and asked it to delete the ~18 things it found. Then I froze and did a hard shutdown and started it up again. Loaded Windows PW and got the following message:

Microsoft Visual c++ - Runtime Library
Runtime Error C:\\windows\explorer.exe
Application requested runtime to terminate it in an unusual way

and the machine was again frozen.

Rebooted again (no disk checking this time), and Ad-Aware did not start up again as you said it might.

Cleaned my favorites up (did this through the edit Yahoo bookmarks function) and am at 4. Clean your temps folders.

I'm afraid to delete everything in there ... attached is a picture of the folders in the folder IF YOU THINK IT'S SAFE TO OPEN - I COULDN'T COPY THE PICTURE INTO THIS WINDOW. Some of these files are .exe, some are .ini, .gif, etc.

Please give direction - I don't want to turn this into a toaster if I don't have to. Do you literally want me to use the delete key on every file in these folders, and the folders themselves?

And I don't know how to select "delete all offline content".

After I hear back again I'll rescan with Panda and HJT and post logs, and run the Qoologic scan.

Thank you soooooo much again,

Debbie ;)

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP