Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please help! Spyware is not working! [RESOLVED]


  • This topic is locked This topic is locked

#16
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello peachywilds18,

First lets deal with the error message you are getting for the msvcrt.dll file by doing the following.

1.Click Start, and then click Run.

2.In the Open box, type Msconfig, and then click OK.

3.In System Configuration Utility, on the General tab, click Extract File.

4.In the Specify the system file you would like to restore box, type Msvcrt.dll, and then click Start.

5.In the Restore from box, browse to the location of your Windows Millennium Edition (Me) CD.
NOTE: If you have an original equipment manufacturer (OEM) installation of Windows Me, the Windows installation files may be stored in the following location:
C:\WINDOWS\OPTIONS\CABS

6.In the Save file in box, type C:\, and then click OK. You receive the following message:
Extract File
The destination folder
c:\
does not exist. Do you want to create it?
Click Yes, and then click OK.

7.Repeat steps 3 through 6, but substitute Msvcirt.dll for Msvcrt.dll.

8.Insert your Windows Me Startup disk, restart the computer, and then select Minimal Boot on the Microsoft Windows Millennium Startup Menu that appears.

9.At the command prompt, type Rename C:\Windows\System\Msvcrt.dll Msvcrt.old, and then press ENTER.

10.Type Rename C:\Windows\System\Msvcirt.dll Msvcirt.old, and then press ENTER.

11.Type Copy C:\Msvcrt.dll C:\Windows\System, and then press ENTER.

12.Type Copy C:\Msvcirt.dll C:\Windows\System, and then press ENTER.

13.Remove the Windows Me Startup disk, and then restart the computer.

After this is complete please post a fresh hijack this log and then we will work from there.

Thank you,

Snickets

:tazz:
  • 0

Advertisements


#17
peachywilds18

peachywilds18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hey snickets,

I did that, I don't know if that was supposed to fix it, but it didnt, the internet is still doing it. anyways, here is the new hijackthis log that I ran

Logfile of HijackThis v1.99.1
Scan saved at 4:16:35 PM, on 8/25/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\SNSS\SNSS.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\SYSTEM\NSVSVC\NSVSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SDWin32 Class - {D4AB3F0D-760C-48D8-9184-A6B43E419625} - C:\WINDOWS\SYSTEM\CSVUO.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [csvuoc] C:\WINDOWS\SYSTEM\csvuoc.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\SYSTEM\PSof1.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab

thanks!
  • 0

#18
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hey peachywilds18,

I am looking for an alternate way to replace your corrupted dll and will let you know as soon as I have the answer to this.

We need to be able to have full internet capability because if we do not have this then it will make the fixing of this computer very difficult.

Thanks,

Snickets

:tazz:
  • 0

#19
peachywilds18

peachywilds18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hey snickets,

So for some reason, I am able to use my internet today. Of course, there are still many many popups, but I havent gotten teh MSVCRT.dll message today yet at all. Yesterday, I downloaded all the windows updates that havent been downloaded to this machine in god knows how long, and I did a system restore, but I dont think that really did anything. Also, I did scandisk, but that kept popping up a message that says "Scandisk has restarted 10 times due to other programs interfering.....etc" So i dont know what happened, but internet is working. I feel like there is more viruses or stuff wrong than before though because there are so many popups! Should we get back to trying to find the virus or spyware?

Thanks!
  • 0

#20
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello peachywilds18,

1.Please go here and download the free trial for SpySweeper.

2.Once installed please open up the program and push on the options tab then click on update definitions.

3.Once the definitions are installed please click on the sweep now tab and do a complete scan and removal of all items found for me.

4.Then please reboot your computer at this time.

5.Then please reopen spysweeper and click on the results tab and copy and paste all of the information that is in this section into your next post. Also please run a new HijackThis scan and post the log from this into the thread as well.


Thank you,

Snickets

:tazz:
  • 0

#21
peachywilds18

peachywilds18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hey snickets,

Ok, so internet is still running ok, I just wanted to note some of the messages that are coming up when I am on certain internet pages, the error messages "......caused and error in GDI.exe.....", "......caused an error in USER.exe.......", and ".......casued an error in DDML.dll......". Those are the only ones that popped up today, and only the .dll one closed IE while I was online. THe others didn't. I just want to make sure you know everything that is going on while I am on here. Ok, so I did the spysweeper a couple times, here is the results log:

********
11:50 AM: |··· Start of Session, Tuesday, August 30, 2005 ···|
11:50 AM: Spy Sweeper started
11:50 AM: Sweep initiated using definitions version 523
11:50 AM: Starting Memory Sweep
11:50 AM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSGSRV32.EXE
11:51 AM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MMTASK.TSK
11:51 AM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
11:51 AM: Found Adware: icannnews
11:51 AM: Detected running threat: C:\WINDOWS\SYSTEM\IDSCONFG.DLL (ID = 120292)
11:52 AM: Memory Sweep Complete, Elapsed Time: 00:02:08
11:52 AM: Starting Registry Sweep
11:52 AM: Found Trojan Horse: alwaysupdatednews
11:52 AM: HKLM\software\microsoft\windows\currentversion\run\ || aunps2 (ID = 103555)
11:52 AM: Found Adware: apropos
11:52 AM: HKCR\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103726)
11:52 AM: HKCR\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103729)
11:52 AM: HKCR\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103738)
11:52 AM: HKU\.DEFAULT\software\aprps\ (7 subtraces) (ID = 103740)
11:52 AM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
11:52 AM: HKLM\software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103764)
11:52 AM: HKLM\software\classes\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103767)
11:52 AM: HKLM\software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103774)
11:52 AM: Found Adware: bookedspace
11:52 AM: HKLM\software\configuration manager\cfgmgr52\ (138 subtraces) (ID = 104873)
11:52 AM: Found Adware: dealhelper
11:52 AM: HKLM\software\dealhelper\ (12 subtraces) (ID = 124791)
11:52 AM: HKLM\software\microsoft\windows\currentversion\run\ || secure (ID = 124798)
11:52 AM: Found Adware: keyhost hijacker - jraun
11:52 AM: HKLM\software\microsoft\windows\currentversion\run\ || version (ID = 124800)
11:52 AM: HKLM\software\microsoft\windows\currentversion\run\ || version (ID = 124800)
11:52 AM: HKLM\software\microsoft\windows\currentversion\uninstall\dealhelper\ (3 subtraces) (ID = 124815)
11:52 AM: HKLM\software\microsoft\windows\currentversion\uninstall\windh\ (3 subtraces) (ID = 124816)
11:52 AM: Found Adware: delfin
11:52 AM: HKU\.default\software\mvu\ (5 subtraces) (ID = 124835)
11:52 AM: HKLM\software\microsoft\windows\currentversion\uninstall\displayutility\ (2 subtraces) (ID = 124879)
11:52 AM: HKU\.DEFAULT\software\mvu\ (5 subtraces) (ID = 124884)
11:52 AM: HKLM\software\mvu\ (6 subtraces) (ID = 124885)
11:52 AM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
11:53 AM: Found Trojan Horse: trojan-downloader-pacisoft
11:53 AM: HKLM\software\microsoft\windows\currentversion\run\ || psof1 (ID = 136526)
11:53 AM: HKU\.DEFAULT\software\psof1\ (2 subtraces) (ID = 136530)
11:53 AM: Found Adware: surfsidekick
11:53 AM: HKU\.default\software\surfsidekick3\ (3 subtraces) (ID = 143387)
11:53 AM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
11:53 AM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
11:53 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
11:53 AM: HKU\.DEFAULT\software\surfsidekick3\ (3 subtraces) (ID = 143412)
11:53 AM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
11:53 AM: Found Adware: winad
11:53 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\adtoolsx.dll (ID = 147215)
11:53 AM: Found Adware: drsnsrch hijacker
11:53 AM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
11:53 AM: HKCR\dsrch.bottomframe\ (5 subtraces) (ID = 509135)
11:53 AM: HKCR\dsrch.leftframe\ (5 subtraces) (ID = 509136)
11:53 AM: HKCR\dsrch.popupbrowser\ (5 subtraces) (ID = 509137)
11:53 AM: HKCR\dsrch.popupwindow\ (5 subtraces) (ID = 509138)
11:53 AM: HKCR\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509139)
11:53 AM: HKCR\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509140)
11:53 AM: HKCR\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509141)
11:53 AM: HKCR\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509142)
11:53 AM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
11:53 AM: HKU\.DEFAULT\software\dsrch\ (11 subtraces) (ID = 509156)
11:53 AM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
11:53 AM: HKLM\software\classes\dsrch.leftframe\ (5 subtraces) (ID = 509179)
11:53 AM: HKLM\software\classes\dsrch.popupbrowser\ (5 subtraces) (ID = 509185)
11:53 AM: HKLM\software\classes\dsrch.popupwindow\ (5 subtraces) (ID = 509191)
11:53 AM: HKLM\software\classes\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509198)
11:53 AM: HKLM\software\classes\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509210)
11:53 AM: HKLM\software\classes\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509224)
11:53 AM: HKLM\software\classes\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509238)
11:53 AM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
11:53 AM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
11:53 AM: HKCR\dsrch.bottomframe\clsid\ (1 subtraces) (ID = 509363)
11:53 AM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
11:53 AM: HKCR\dsrch.leftframe\clsid\ (1 subtraces) (ID = 509365)
11:53 AM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
11:53 AM: HKCR\dsrch.popupbrowser\clsid\ (1 subtraces) (ID = 509367)
11:53 AM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
11:53 AM: HKCR\dsrch.popupwindow\clsid\ (1 subtraces) (ID = 509369)
11:53 AM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
11:53 AM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 512692)
11:53 AM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 512699)
11:53 AM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 512706)
11:53 AM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 512713)
11:53 AM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 512720)
11:53 AM: HKCR\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 512747)
11:53 AM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 513072)
11:53 AM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 513076)
11:53 AM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 513080)
11:53 AM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 513084)
11:53 AM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 513088)
11:53 AM: HKLM\software\classes\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 513114)
11:53 AM: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
11:53 AM: HKLM\software\classes\dsrch.bottomframe\ (5 subtraces) (ID = 646382)
11:53 AM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
11:53 AM: Starting Cookie Sweep
11:53 AM: Registry Sweep Complete, Elapsed Time:00:00:00
11:53 AM: Found Spy Cookie: revenue.net cookie
11:53 AM: @revenue[2].txt (ID = 3257)
11:53 AM: Found Spy Cookie: exitexchange cookie
11:53 AM: @exitexchange[2].txt (ID = 2633)
11:53 AM: Found Spy Cookie: websponsors cookie
11:53 AM: @a.websponsors[2].txt (ID = 3665)
11:53 AM: Found Spy Cookie: hbmediapro cookie
11:53 AM: @adopt.hbmediapro[2].txt (ID = 2768)
11:53 AM: Found Spy Cookie: ask cookie
11:53 AM: @ask[1].txt (ID = 2245)
11:53 AM: Found Spy Cookie: zedo cookie
11:53 AM: @zedo[2].txt (ID = 3762)
11:53 AM: Found Spy Cookie: trafficmp cookie
11:53 AM: @trafficmp[1].txt (ID = 3581)
11:53 AM: Found Spy Cookie: belnk cookie
11:53 AM: @belnk[1].txt (ID = 2292)
11:53 AM: Found Spy Cookie: addynamix cookie
11:53 AM: @ads.addynamix[1].txt (ID = 2062)
11:53 AM: @ath.belnk[2].txt (ID = 2293)
11:53 AM: Found Spy Cookie: yieldmanager cookie
11:53 AM: @ad.yieldmanager[1].txt (ID = 3751)
11:53 AM: Found Spy Cookie: partypoker cookie
11:53 AM: @partypoker[2].txt (ID = 3111)
11:53 AM: Found Spy Cookie: apmebf cookie
11:53 AM: @apmebf[2].txt (ID = 2229)
11:53 AM: Found Spy Cookie: rn11 cookie
11:53 AM: @rn11[2].txt (ID = 3261)
11:53 AM: Found Spy Cookie: 888 cookie
11:53 AM: @888[1].txt (ID = 2019)
11:53 AM: Found Spy Cookie: qksrv cookie
11:53 AM: @qksrv[2].txt (ID = 3213)
11:53 AM: Found Spy Cookie: fastclick cookie
11:53 AM: @fastclick[2].txt (ID = 2651)
11:53 AM: Found Spy Cookie: 2o7.net cookie
11:53 AM: @2o7[2].txt (ID = 1957)
11:53 AM: Found Spy Cookie: starware.com cookie
11:53 AM: @www.starware[1].txt (ID = 3442)
11:53 AM: Found Spy Cookie: atlas dmt cookie
11:53 AM: @atdmt[2].txt (ID = 2253)
11:53 AM: Found Spy Cookie: mashka cookie
11:53 AM: @mashka[1].txt (ID = 2949)
11:53 AM: @dist.belnk[2].txt (ID = 2293)
11:53 AM: Found Spy Cookie: clickandtrack cookie
11:53 AM: @hits.clickandtrack[2].txt (ID = 2397)
11:53 AM: Found Spy Cookie: dist cookie
11:53 AM: @dist[2].txt (ID = 4648)
11:53 AM: Found Spy Cookie: specificclick.com cookie
11:53 AM: @adopt.specificclick[2].txt (ID = 3400)
11:53 AM: Found Spy Cookie: advertising cookie
11:53 AM: @advertising[2].txt (ID = 2175)
11:53 AM: Found Spy Cookie: delfinproject cookie
11:53 AM: @delfinproject[1].txt (ID = 2509)
11:53 AM: Found Spy Cookie: paypopup cookie
11:53 AM: @paypopup[1].txt (ID = 3119)
11:53 AM: Found Spy Cookie: contextuads cookie
11:53 AM: @contextuads[1].txt (ID = 2461)
11:53 AM: Found Spy Cookie: cc214142 cookie
11:53 AM: @ads.cc214142[2].txt (ID = 2367)
11:53 AM: Found Spy Cookie: banner cookie
11:53 AM: @banner[1].txt (ID = 2276)
11:53 AM: Found Spy Cookie: rednova cookie
11:53 AM: @rednova[1].txt (ID = 3245)
11:53 AM: Found Spy Cookie: screensavers.com cookie
11:53 AM: @www.screensavers[1].txt (ID = 3298)
11:53 AM: Found Spy Cookie: adserver cookie
11:53 AM: @z1.adserver[1].txt (ID = 2142)
11:53 AM: Found Spy Cookie: touchclarity cookie
11:53 AM: @partypoker.touchclarity[2].txt (ID = 3567)
11:53 AM: Found Spy Cookie: adknowledge cookie
11:53 AM: @adknowledge[2].txt (ID = 2072)
11:53 AM: @i.screensavers[2].txt (ID = 3298)
11:53 AM: Found Spy Cookie: freestats.net cookie
11:53 AM: @pennypincher.freestats[2].txt (ID = 2705)
11:53 AM: Found Spy Cookie: servedby advertising cookie
11:53 AM: @servedby.advertising[2].txt (ID = 3335)
11:53 AM: @h.starware[2].txt (ID = 3442)
11:53 AM: @yieldmanager[2].txt (ID = 3749)
11:53 AM: Cookie Sweep Complete, Elapsed Time: 00:01:11
11:53 AM: Starting File Sweep
11:53 AM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
11:53 AM: c:\windows\all users\application data\vidctrl (1 subtraces) (ID = -2147477475)
11:54 AM: Found Adware: clkoptimizer
11:54 AM: bwyvv.dat (ID = 137424)
11:54 AM: rdqooxn.exe (ID = 137706)
11:54 AM: 4sdddx.exe (ID = 137424)
11:54 AM: qqbzfmic.exe (ID = 51663)
11:54 AM: prct.exe (ID = 137424)
11:54 AM: idsconfg.dll (ID = 120292)
11:54 AM: mxnp32.dll (ID = 120292)
11:54 AM: jlaw400.dll (ID = 120292)
11:54 AM: kaylimit.dll (ID = 120292)
11:54 AM: vfodctl.dll (ID = 120292)
11:54 AM: jrvaee.dll (ID = 120292)
11:54 AM: ducvw_32.dll (ID = 120292)
11:54 AM: oce2nls.dll (ID = 120292)
11:54 AM: vdajet32.dll (ID = 120292)
11:54 AM: huzflt04.dll (ID = 120292)
11:54 AM: phd.dll (ID = 120292)
11:54 AM: qyv.dll (ID = 120292)
11:54 AM: sesdetmg.dll (ID = 120292)
11:54 AM: dydpmesh.dll (ID = 120292)
11:54 AM: vuame.dll (ID = 120292)
11:54 AM: ix41_qcx.dll (ID = 120292)
11:54 AM: sjdpapi.dll (ID = 120292)
11:54 AM: mard2x40.dll (ID = 120292)
11:54 AM: mkapsspc.dll (ID = 120292)
11:54 AM: dicolor.dll (ID = 120292)
11:54 AM: sgsthunk.dll (ID = 120292)
11:54 AM: madocs.dll (ID = 120292)
11:54 AM: cvgwiz.dll (ID = 120292)
11:54 AM: mvwsosp.dll (ID = 120292)
11:54 AM: aunps2.dll (ID = 49883)
11:54 AM: mujdbc10.dll (ID = 120292)
11:54 AM: owhlp30e.dll (ID = 120292)
11:54 AM: ufdmxfrm.dll (ID = 120292)
11:54 AM: rwclts3.dll (ID = 120292)
11:54 AM: Found Adware: exact cashback/bargain buddy
11:54 AM: bookedspacekvm_bsvb-eginwl52.exe (ID = 116920)
11:54 AM: mamdvdif.dll (ID = 120292)
11:54 AM: jeeg2x32.dll (ID = 120292)
11:54 AM: tjxdlgutil.dll (ID = 120292)
11:54 AM: cjmcat.dll (ID = 120292)
11:54 AM: rnaenh.dll (ID = 120292)
11:54 AM: mgikbdsw.dll (ID = 120292)
11:54 AM: tip3216s.dll (ID = 120292)
11:54 AM: c:\windows\system\vidctrl (ID = -2147481117)
11:54 AM: c:\windows\system\dealhelper (ID = -2147481148)
11:54 AM: Found Trojan Horse: 2nd-thought
11:54 AM: c:\windows\system\newmsrdk (4 subtraces) (ID = -2147481534)
11:54 AM: tep3216s.dll (ID = 120292)
11:54 AM: tunlib20.dll (ID = 120292)
11:54 AM: dvraw.dll (ID = 120292)
11:54 AM: xcfwqg.exe (ID = 57643)
11:54 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || version (ID = 0)
11:54 AM: zickip.exe (ID = 131871)
11:54 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || secure (ID = 0)
11:54 AM: Found Adware: shopathomeselect
11:54 AM: zickipu.xml (ID = 75956)
11:54 AM: dun.exe (ID = 125700)
11:54 AM: hookpopup.dll (ID = 57618)
11:54 AM: url.xml (ID = 75956)
11:54 AM: url3.xml (ID = 57652)
11:54 AM: Found Adware: adtools
11:54 AM: adtools[1].exe.tcf (ID = 49369)
11:55 AM: version[1].exe (ID = 57643)
11:55 AM: download[1].htm (ID = 131871)
11:55 AM: dun[1].exe (ID = 125700)
11:55 AM: downloaddll[1].htm (ID = 57618)
11:55 AM: adtoolskeep[1].exe.tcf (ID = 89221)
11:55 AM: ptf_0026.exe (ID = 71765)
11:55 AM: pcs_0026.exe (ID = 71761)
11:55 AM: ptf_0011.exe (ID = 71765)
11:55 AM: ptf_0010.exe (ID = 71765)
11:55 AM: pcs_0011.exe (ID = 71761)
11:55 AM: pcs_0010.exe (ID = 71761)
11:55 AM: Found Adware: ezula ilookup
11:55 AM: ezstub.exe (ID = 60525)
11:55 AM: removedisplayutility.exe (ID = 57780)
11:55 AM: Found Trojan Horse: trojan downloader matcash
11:55 AM: mc-58-12-0000117.exe.tcf (ID = 114256)
11:55 AM: Found Adware: maxifiles
11:55 AM: services32.exe (ID = 114260)
11:55 AM: autoit3.exe (ID = 119348)
11:55 AM: mc-58-12-0000117.exe.tcf (ID = 114256)
11:55 AM: c:\program files\adtools service (3 subtraces) (ID = -2147480021)
11:55 AM: wmplayer.exe.tcf (ID = 71771)
11:55 AM: wmplayer.exe6019.tcf (ID = 71771)
11:55 AM: wmplayer.exe5144.tcf (ID = 71771)
11:55 AM: adtoolskeep.exe.tcf (ID = 89221)
11:55 AM: adtools.exe.tcf (ID = 49369)
11:56 AM: File Sweep Complete, Elapsed Time: 00:02:35
11:56 AM: Full Sweep has completed. Elapsed time 00:05:56
11:56 AM: Traces Found: 684
11:56 AM: Removal process initiated
11:56 AM: Quarantining All Traces: icannnews
11:57 AM: Quarantining All Traces: alwaysupdatednews
11:57 AM: Quarantining All Traces: apropos
11:57 AM: Quarantining All Traces: bookedspace
11:57 AM: Quarantining All Traces: dealhelper
11:57 AM: Quarantining All Traces: keyhost hijacker - jraun
11:57 AM: Quarantining All Traces: delfin
11:57 AM: Quarantining All Traces: trojan-downloader-pacisoft
11:57 AM: Quarantining All Traces: surfsidekick
11:57 AM: Quarantining All Traces: winad
11:57 AM: Quarantining All Traces: drsnsrch hijacker
11:57 AM: Quarantining All Traces: revenue.net cookie
11:57 AM: Quarantining All Traces: exitexchange cookie
11:57 AM: Quarantining All Traces: websponsors cookie
11:57 AM: Quarantining All Traces: hbmediapro cookie
11:57 AM: Quarantining All Traces: ask cookie
11:57 AM: Quarantining All Traces: zedo cookie
11:57 AM: Quarantining All Traces: trafficmp cookie
11:57 AM: Quarantining All Traces: belnk cookie
11:57 AM: Quarantining All Traces: addynamix cookie
11:57 AM: Quarantining All Traces: yieldmanager cookie
11:57 AM: Quarantining All Traces: partypoker cookie
11:57 AM: Quarantining All Traces: apmebf cookie
11:57 AM: Quarantining All Traces: rn11 cookie
11:57 AM: Quarantining All Traces: 888 cookie
11:57 AM: Quarantining All Traces: qksrv cookie
11:57 AM: Quarantining All Traces: fastclick cookie
11:57 AM: Quarantining All Traces: 2o7.net cookie
11:57 AM: Quarantining All Traces: starware.com cookie
11:57 AM: Quarantining All Traces: atlas dmt cookie
11:57 AM: Quarantining All Traces: mashka cookie
11:57 AM: Quarantining All Traces: clickandtrack cookie
11:57 AM: Quarantining All Traces: dist cookie
11:57 AM: Quarantining All Traces: specificclick.com cookie
11:57 AM: Quarantining All Traces: advertising cookie
11:57 AM: Quarantining All Traces: delfinproject cookie
11:57 AM: Quarantining All Traces: paypopup cookie
11:57 AM: Quarantining All Traces: contextuads cookie
11:57 AM: Quarantining All Traces: cc214142 cookie
11:57 AM: Quarantining All Traces: banner cookie
11:57 AM: Quarantining All Traces: rednova cookie
11:57 AM: Quarantining All Traces: screensavers.com cookie
11:57 AM: Quarantining All Traces: adserver cookie
11:57 AM: Quarantining All Traces: touchclarity cookie
11:57 AM: Quarantining All Traces: adknowledge cookie
11:57 AM: Quarantining All Traces: freestats.net cookie
11:57 AM: Quarantining All Traces: servedby advertising cookie
11:57 AM: Quarantining All Traces: clkoptimizer
11:57 AM: Quarantining All Traces: exact cashback/bargain buddy
11:57 AM: Quarantining All Traces: 2nd-thought
11:57 AM: Quarantining All Traces: shopathomeselect
11:57 AM: Quarantining All Traces: adtools
11:57 AM: Quarantining All Traces: ezula ilookup
11:57 AM: Quarantining All Traces: trojan downloader matcash
11:58 AM: Quarantining All Traces: maxifiles
11:58 AM: Warning: Quarantine process could not restart Explorer.
11:58 AM: Preparing to restart your computer. Please wait...
11:58 AM: Removal process completed. Elapsed time 00:01:46
********

Also, I had some alerts come up that wont let me copy paste, so Ill just tell you. It says "Spysweeper has detected new programs that will start when windows starts. If you just installed or updated a program, including Windows Updates, you should not remove these items. To remove items added without your knowledge, select each item and click remove. To keep these items, select each item and click Keep.

The items are:

WIARC1-Assessment: Unknown
WIARC1-Assessment: Unknown

So, should I remove or keep these?? I did just update windows.

Ok, and here is the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:18:01 PM, on 8/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\WIARC1.EXE
C:\WINDOWS\SYSTEM\WIARC1.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SDWin32 Class - {D4AB3F0D-760C-48D8-9184-A6B43E419625} - C:\WINDOWS\SYSTEM\CSVUO.DLL (file missing)
O2 - BHO: (no name) - {8924A422-F9E1-470A-AA90-528F15BDA39A} - (no file)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [csvuoc] C:\WINDOWS\SYSTEM\csvuoc.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
O4 - HKCU\..\Run: [WIARC1] C:\WINDOWS\SYSTEM\WIARC1.exe
O4 - HKCU\..\RunServices: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
O4 - HKCU\..\RunServices: [WIARC1] C:\WINDOWS\SYSTEM\WIARC1.exe
O4 - HKCU\..\RunOnce: [WIARC1] C:\WINDOWS\SYSTEM\WIARC1.exe
O4 - HKCU\..\RunServicesOnce: [WIARC1] C:\WINDOWS\SYSTEM\WIARC1.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

thanks!
  • 0

#22
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello peachywilds18,

There is still some files left that concern me let's get those cleaned up and then we will work on the errors you are having.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Download: CCleaner
http://www.ccleaner.com/
http://www.filehippo...d_ccleaner.html

Once installed, launch CCleaner:
Do not change any settings, except to make sure on the Options tab>Advanced "Only delete files in Windows Temp folders older than 48 hours" is NOT checked. Close CCleaner at this time and we will run it later in the fix.


Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

C:\WINDOWS\SYSTEM\CSVUO.DLL
C:\Program Files\E2G\IeBHOs.dll
C:\Program Files\snss\snss.exe
C:\WINDOWS\SYSTEM\csvuoc.exe
C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
C:\WINDOWS\SYSTEM\WIARC1.exe

As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"


Click the Red Circle with the White X in the Middle to Delete!

Restart in Safe Mode and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"



Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: SDWin32 Class - {D4AB3F0D-760C-48D8-9184-A6B43E419625} - C:\WINDOWS\SYSTEM\CSVUO.DLL (file missing)
O2 - BHO: (no name) - {8924A422-F9E1-470A-AA90-528F15BDA39A} - (no file)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [csvuoc] C:\WINDOWS\SYSTEM\csvuoc.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
O4 - HKCU\..\Run: [WIARC1] C:\WINDOWS\SYSTEM\WIARC1.exe
O4 - HKCU\..\RunServices: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
O4 - HKCU\..\RunServices: [WIARC1] C:\WINDOWS\SYSTEM\WIARC1.exe
O4 - HKCU\..\RunOnce: [WIARC1] C:\WINDOWS\SYSTEM\WIARC1.exe
O4 - HKCU\..\RunServicesOnce: [WIARC1] C:\WINDOWS\SYSTEM\WIARC1.exe

Now close all windows other than HiJackThis, then click Fix Checked.

Open up CCleaner and Click Run Cleaner (bottom right). When finished> Exit (top right).

Please delete these files and folders using Windows Explorer(if present):
files=blue
folders=red

C:\WINDOWS\SYSTEM\CSVUO.DLL
C:\WINDOWS\SYSTEM\csvuoc.exe
C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
C:\WINDOWS\SYSTEM\WIARC1.exe
C:\Program Files\E2G\
C:\Program Files\snss\

Please reboot your computer into normal windows at this time.

Once back in normal mode please rescan with HijackThis and post a fresh log for me to review.

Thank you,

Snickets

:tazz:
  • 0

#23
peachywilds18

peachywilds18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hey snickets,

So the system seems to be running alot better today. I was able to use the internet all day and not get as many pop ups. i did the last directions and here is the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:40:08 PM, on 8/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

thanks!
  • 0

#24
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello peachywilds18,

Your log is clean but you state that you are still getting pop ups?

Are they error messages?

Or are they just pop ups from a site as usual?

Are you using Internet Explorer?

Thank you,

Snickets

:tazz:
  • 0

#25
peachywilds18

peachywilds18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hey Snickets,

No pop ups, no error messages. Everything is all better. Thanks soooooooooooooooooooooooooooooooooooooooo much!! Your a life saver!!
  • 0

Advertisements


#26
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello peachywilds18,

Please follow these instructions below and read all the way through the prevention tips they will help you to stay away from infection and keep a happy internet surfing environment.

Be good.

Congratulations your log appears to be clean!!!

Please follow these directions below to clear out your system restore points and also make sure to read the prevention tips on how to prevent further infection on your p.c.

1.One last step to take in fixing your computer.
After something like this it is a good idea to purge the Restore Points and start fresh.
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.
Reboot.
Go back in and turn System Restore ON. A new Restore Point will be created.

2.Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Check the following:
Do not Show hidden files and folders
Hide protected operating system files
Click on Apply.
Close out the search window.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

Thank you,

Snickets

:tazz:
  • 0

#27
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP