1
   

HELP! Spyware, etc. Timberlandko's process helped

Forums: Computers
Email this Topic Print this Page
 
 
freakymom
 
Reply Tue 27 Apr, 2004 02:27 pm
Help! I proceeded with Timberlandko's 03/22 step by step to clear all the *%% from my system. It helped, but I'm still having major problems. It seems as though I'm spending 2 days a week going through all these scans. They last for a little while, then boom. I rely on my archaic system and can't afford a new one, so your expertise is greatly appreciated.

Below is my step by step "encounter" and HJT Log.

1. Unable to find Twaintech. Received message, "Unable to open this Internet Shortcut. The Protocol "regsvr32c" does not have a registered program.
2. Start, find: xtarget.dll c. "There are no items to show in this view.
3. Delete files from Tools in IE
4. Mty recycle.
5. Go to Windows Update, and server down. Updated a couple of days ago.
6. Run Stinger - While scanning, blank "boxes" apprear on taskbar. Left click removes them, but 2 IE boxes appear. Unable to open. Did Control Alt Delete to see what they were and the first two items listed were:
HTTP 500 Internet Server Error -
Http:///www.popuppers.com/log.php? who=advnt&ordera=1&bigorder=1&1ma-a=1083052023&

Right clicked both "e"'s on taskbar, clicked close and they were gone (for a few minutes!) Stinger complete with the following message: Scan initiated on Tues Apr 27 00:49:49 2004. Number of clean files: 79275
7. Run Norton Scan. The 2 "e"'s appeared on task bar again. Scan complete with: No Infection 2 hour 59 min 6 seconds. Scanned 65625
8. SmartKiller: "CoolWWSearch.SmartKiller (V1/V2) has not been found on system. "e"'s keep popping up on taskbar.
9. CW Shredder: Results
JPOV3f.9UYs=y23D+/1s3. You have a variant of the Coolwebsearch Trojan (CWS Smart Search2) that has attempted to close CWShredder. To counter this, CWS is now starting w/ a randum string of text in the title bar. CWS is still functioning fine. It has not been corrupted. If you feel you should not be getting this error and you are not infected, restart CWS and this warning should not appear again. Clicked OK. Downloaded update. Clicked Fix with the following report: Done Removed from your system 1 infected IE registry Windows 98 (4.10.2222 A) CWS v1.57.0
10. Start, Shutdown, Restart (fyi, closed the infamous "e"'s in taskbar first), after several seconds, a window appeared, This program not responding (no name on top border), clicked End Task. Finally shut down.
11. Screen to select mode of opening appeared and I was called away from desk, when I came back, it auto opened regular loading the 2 "e"s. Restarted in safe mode.
12. Adaware - Fix while 2 "e"s keep popping up in taskbar. Adaware log is: Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, April 27, 2004 8:28:15 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R299 22.04.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


4-27-04 8:28:15 AM - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293907615
Threads : 4
Priority : High
FileSize : 460 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1991-1999
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 10/18/02 12:10:13 AM
Last accessed : 4/27/04 7:00:00 AM
Last modified : 4/24/99 5:22:00 AM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294934651
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 10/18/02 12:11:07 AM
Last accessed : 4/27/04 7:00:00 AM
Last modified : 4/24/99 5:22:00 AM

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294940651
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 10/18/02 12:06:34 AM
Last accessed : 4/27/04 7:00:00 AM
Last modified : 4/24/99 5:22:00 AM

#:4 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294947491
Threads : 4
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright (C) Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 10/18/02 12:06:29 AM
Last accessed : 4/27/04 7:00:00 AM
Last modified : 4/24/99 5:22:00 AM

#:5 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294872143
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/3/04 11:04:10 PM
Last accessed : 4/27/04 7:00:00 AM
Last modified : 7/13/03 5:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Apropos


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Envolo


Roings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\roimoi


Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data :


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 4
Objects found so far: 4


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 4


Deep scanning and examining files (CSmile
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 4


Scanning Hosts file(C:\WINDOWS\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
8035 entries scanned.
New objects :0
Objects found so far: 4




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\AutoLoader


PeopleOnPage Object recognized!
Type : File
Data : auf0.exe
Object : c:\windows\temp\

Created on : 4/27/04 6:50:40 AM
Last accessed : 4/27/04 7:00:00 AM
Last modified : 4/27/04 6:50:42 AM



Roings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\ssprint


Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 3
Objects found so far: 7


8:53:53 AM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:25:37:480
Objects scanned :96423
Objects identified :7
Objects ignored :0
New objects :7

13. Spybot - Error retrieving updates into file! Clicked O.K., ran scan. This time the "e"s popped up but unable to close them. Scan complete: Congratulations, No immediate threats were found.
14. Mty Windows Temp Files
15. Mty Windows Temp Internet Files (Cannot delete index.da)
16. Mty Recycle Bin
17. Attempted defrag. Started at 9:30 a.m., left home and returned at 12:30 and it showed 88% complete. At 9:40, checked progress and it was back to 10%. It keeps restarting itself and never completes. Cancelled defrag.
18. Shutdown and restart normal mode.
19. Run HJT while "e"s keep loading.
20. Open the able to know page with instructions from my favorites. Starting new post, when trying to type in subject box above, a Lycos Pop UP invaded. I had to close, it kept popping up so I reduced the popup rather than close so I was able to post. MY HJT log is below.

Logfile of HijackThis v1.97.7
Scan saved at 12:48:09 PM, on 4/27/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\COMSMD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\FNYKSG.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
C:\UNZIPPED\HIJACKTHIS1977[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {5FC93F2F-CDB0-4B58-BE26-F16E73AF8A85} - C:\WINDOWS\QUYMZNQ.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IntelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Nag] C:\WINDOWS\TEMP\NAG.EXE
O4 - HKLM\..\Run: [wanz] C:\WINDOWS\fnyksg.exe
O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-K13W13.EXE
O4 - HKLM\..\Run: [Nag.exe] C:\WINDOWS\TEMP\NAG.EXE
O4 - HKLM\..\Run: [ScriptSentry] C:\PROGRAM FILES\SCRIPT SENTRY\SCRIPTSENTRY.exe /check
O4 - HKLM\..\Run: [q32k36h] C:\WINDOWS\SYSTEM\LFII400.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk.disabled
O4 - Startup: Microsoft Office.lnk.disabled
O4 - Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: AIM (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38069.4062731481
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

I have to run errands for a couple hours and I'm literally praying that someone will have peaked at this post so I can get something done with this spyware garbage. I am thanking all who are the "gurus" in advance. I have a lot of respect for your know how. I know how timeconsuming all of this is and I really appreciate your help. Oh yeah, sorry sorry sorry for the very long post. I didn't want to miss anything when asking for help.

Smile
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 1,813 • Replies: 15
No top replies

 
timberlandko
 
  1  
Reply Tue 27 Apr, 2004 09:38 pm
Be certain AdAware and Spybot both are currently updated and properly configured. See: How to update AdAware and the Spybot S&D Tutorial

Create a folder on your hard drive (right-click "My Computer", Select "Open", then find, select and open the folder for your C: drive, and from the toolbar in that folder, Select "File", then select "New", then click "Folder". When "New Folder" appears, give it a name you will recognize as the download of CWSShredder you are about to perform.

When you have created the folder, click to get this Direct Download of CoolWebShredder ; the Download Dialog Box will open. Select "Save" and direct the download to the folder you just made. When the download has completed, disconnect from the internet, close all browsers and apps, and reboot into Safe Mode[/i][/b]. (Note: If you use a USB mouse and/or keyboard, you will have to substitute standard PS2 versions of each/either; Win9x does not recognize USB devices when in safemode) Your display will look odd, but don't wory about it. When the machine has booted, navigate to and open the CWSShredder folder you just created. Click the icon to open the program, select "Fix", and run it.

When it has completed, reboot into safemode once more, and run AdAware, configured to perform a Full Scan. letting it fix everything it finds (it would be a good idea to click on "Help" prior to the first run and read the tutorial; it won't let you do so once it has started searching for problems, but if the tutorial is opened first, it can be read while the application is running). There may be some items AdAware cannot fix without a fresh boot. If it asks permission to run on the next startup, grant it, reboot normally (Safemode should not be necessary for this step), otherwise configure it to run, but not autoupdate, at Windows Startup, and let it do its thing while still disconnected from the internet. When it has finished, run it again; it may find something that had been masked by stuff it removed on its previous passes. If so, have it fix whatever it found and run it again, if not, fine. When it comes up clean, deselect "Run at Windows Startup", and reboot normally, but do not connect to the internet yet.

Next, with no other windows open, and still not connected to the internet, run Spybot S&D, let it fix whatever, if anything, it finds. Exit Spybot, reboot, and with no other windows open, run another HiJackThis scan, and save the log. Now, connect to the 'net, and paste your new log into this thread.

Oh, and the reason Defrag isn't cooperating is you have a lot of background stuff that launches and runs at Windows Startup. Defrag in safemode, and it should go a lot better. We can deal with the Startup junk later; lets get your browser healthy first.
0 Replies
 
freakymom
 
  1  
Reply Tue 27 Apr, 2004 11:38 pm
I just hit a key & my reply went somewhere. So, as I was saying! Thank you so much. I just got back from running my "couple" of errands! I'll follow your instructions and let you know the outcome. FYI, I was running defrag in safe mode and these hidden/unknown "things" keep appearing on the taskbar. Not to mention that annoying Lycos garbage. I don't know if this is important, but I have had the start show all. I unchecked the hide mode.

Thanks again and I'll let you know the status. Who knows how long this will take, so you won't get anything until very very late/early or tomorrow morning.
0 Replies
 
timberlandko
 
  1  
Reply Wed 28 Apr, 2004 01:27 am
Just FYI, CWSShredder, AdAware, and Spybot all have updated in past 24hrs.
0 Replies
 
freakymom
 
  1  
Reply Wed 28 Apr, 2004 02:26 am
Hi There, I just finished the last series of scans and fixes. I did update the programs you suggested. Here's my HJT log:

Logfile of HijackThis v1.97.7
Scan saved at 1:24:45 AM, on 4/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\COMSMD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\FNYKSG.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
C:\UNZIPPED\HIJACKTHIS1977[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {5FC93F2F-CDB0-4B58-BE26-F16E73AF8A85} - C:\WINDOWS\QUYMZNQ.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IntelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Nag] C:\WINDOWS\TEMP\NAG.EXE
O4 - HKLM\..\Run: [wanz] C:\WINDOWS\fnyksg.exe
O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-K13W13.EXE
O4 - HKLM\..\Run: [Nag.exe] C:\WINDOWS\TEMP\NAG.EXE
O4 - HKLM\..\Run: [ScriptSentry] C:\PROGRAM FILES\SCRIPT SENTRY\SCRIPTSENTRY.exe /check
O4 - HKLM\..\Run: [q32k36h] C:\WINDOWS\SYSTEM\LFII400.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk.disabled
O4 - Startup: Microsoft Office.lnk.disabled
O4 - Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38069.4062731481
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
0 Replies
 
timberlandko
 
  1  
Reply Thu 29 Apr, 2004 04:14 pm
Odd ... I'da thought Shredder and the latest AdAware, between them, shoulda handled most of that for you. Oh. well, here's "Plan B"


Quote:
Logfile of HijackThis v1.97.7
Scan saved at 1:24:45 AM, on 4/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\COMSMD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\FNYKSG.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
C:\UNZIPPED\HIJACKTHIS1977[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {5FC93F2F-CDB0-4B58-BE26-F16E73AF8A85} - C:\WINDOWS\QUYMZNQ.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IntelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Nag] C:\WINDOWS\TEMP\NAG.EXE
O4 - HKLM\..\Run: [wanz] C:\WINDOWS\fnyksg.exe
O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-K13W13.EXE
O4 - HKLM\..\Run: [Nag.exe] C:\WINDOWS\TEMP\NAG.EXE
O4 - HKLM\..\Run: [ScriptSentry] C:\PROGRAM FILES\SCRIPT SENTRY\SCRIPTSENTRY.exe /check
O4 - HKLM\..\Run: [q32k36h] C:\WINDOWS\SYSTEM\LFII400.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk.disabled
O4 - Startup: Microsoft Office.lnk.disabled
O4 - Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38069.4062731481
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab


Have HiJackThis, with no other windows open, and while not connected to the internet, fix all red entries above.

Find-and-delete-if-found any files or folders named or containing:

adroar
Dsi
ichoose
iCn
overpro
Wast
WildApp

Connect to the internet, and go directly to Direct Download of Stinger from Network Associates. Download it to a folder of its own on your C: drive, as described earlier. When the download has completed, disconnect from the internet reboot into safemode, find the folder you just downloaded Stinger into, and run it. Reboot normally. With no other windows open or apps running, run HiJackThis again, save the log, reconnect to the internet, and post the new log here.
0 Replies
 
freakymom
 
  1  
Reply Fri 30 Apr, 2004 12:08 am
Hi There,

I did as suggested and I'm posting HJT log. I don't know if I'm ever off the web when I run all of these scans and "fixes". Whether I'm working in MS Word, Excel, or any other application, the gray boxes appear on my task bar. They are in addition to the other application boxes but are blank. I am constantly getting get the explorer gray box that won't expand but will close when I right click and close. Then it randomly pops up. It's the HTTP 500 Internet Server Error. Another problem I keep getting is that Lycos search engine crap. I can't even open some links because it will pop up and I hit back, it keeps coming back. I want to pull my hair out!!! Anyway, here's my log:

Logfile of HijackThis v1.97.7
Scan saved at 10:39:03 PM, on 4/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\COMSMD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\UNZIPPED\HIJACKTHIS1977[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [IntelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ScriptSentry] C:\PROGRAM FILES\SCRIPT SENTRY\SCRIPTSENTRY.exe /check
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk.disabled
O4 - Startup: Microsoft Office.lnk.disabled
O4 - Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: AIM (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38069.4062731481
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
0 Replies
 
timberlandko
 
  1  
Reply Fri 30 Apr, 2004 12:23 am
That's a much cleaner looking log. In order for the "Fixes" to work their best (sometimes in order for them to work at all), you should be disconnected from the internet, and have no other apps running or windows open while they're working which is why I emphasize those points ... they're important, I don't type them out just because I like typing them :wink: If nothing else, unplug whatever connector that couples your machine to the internet ... if you're not sure which connector that is, ask a teenager to show you Laughing.

Anyhow, if you've got AdAware and Spybot up to date, and your Windows Updates are all current, you should be in pretty good shape. One thing you might want to do is get JavaCool's SpyWare Blaster. It works well in conjunction with Spybot, and in fact if SpywareBlaster is present on a machine, Spybot will suggest you run it as part of Spybots Immunization process ... it will say something like "Click here to run Spyware Blaster".
0 Replies
 
freakymom
 
  1  
Reply Fri 30 Apr, 2004 12:39 am
Wow, I didn't expect you to reply so quickly. You're funny about asking a teenager, they are pretty darn good at this stuff. When you say to keep disconnect from the internet, I thought you meant to be offline. I didn't realize I had to disconnect the line to the modem! Should I run everything again having the modem unplugged? How do I get the those blank gray boxes and explorer boxes from appearing out of nowhere? Why do you think that when I shut down, I often get the window stating that the program is not responding, but there is nothing to tell me what program? I have a feeling I don't have protection set in some of the spyware scans that I have downloaded. What, if any of these should have a screening process to block this garbage from appearing? Just now, an explorer box appeared in my taskbar with the following http://media69.fastclick.net/w/safepop.cgi?mid=34701&sid=5106&id=100592&len=O&c
And why is this lycos garbage that keeps appearing and keeping me from opening some links and how do I get rid of it. One more thing while I'm at it. Occassionally when I open some websites, the background will show action cancelled, but the site I am on is available? I know very weird huh?

By the way, I cannot thank you enough for all of your help. I'm so frustrated and you have eased my pain!
0 Replies
 
freakymom
 
  1  
Reply Fri 30 Apr, 2004 12:45 am
I have another question for you that is unrelated. Where should I go to query information about exporting an OE address book that is in an email attachment?
0 Replies
 
freakymom
 
  1  
Reply Fri 30 Apr, 2004 12:53 am
NEVER MIND THE LAST QUESTION ABOUT OE. I JUST FIGURED IT OUT. THANK GOD, I'VE BEEN TRYING FOR SEVERAL WEEKS.
0 Replies
 
timberlandko
 
  1  
Reply Fri 30 Apr, 2004 08:58 am
You don't have to unplug anything, really ... you just have to be offline ... not using the modem. If you're on dialup, there should be something that looks like two computers down in the systemtray at the bottom right-hand side of your display. Just right-click on that icon and select "disconnect". As for those "grey boxes" and the Lycos stuff, that indicates there's still some work to do. One thing that might help a bunch is Spywareblaster, as mentioned above. Another thing you could do is to use the Hosts file built into Spybot. From Start>Programs, place your cursor over "Spybot - Search & Destroy"; you will be presented with a tablist of options. Select "Spybot S&D (Advanced Mode). When Spybot opens, the interface will appear a bit differently, listing more options. From the option list at the bottom lefthand side, select "Tools". From the list of tools, select "Hosts File", and then at the top of the large box on the righthand side, select "Add Spybot S&D hosts list". It will take a few minutes to install itself. When that has finished, select "Resident" from the tool list over on the left, and on the righthand side, select "Install". Reboot. Now, your machine simply will not fetch pages from the majority of ad servers.

Get that done, and add SpywareBlaster, and then we'll work on finding-and-deleting some files and folders, for instance those named opr contining "Lycos", on your machine associated with some yuckware.
0 Replies
 
blueveinedthrobber
 
  1  
Reply Fri 30 Apr, 2004 09:02 am
Since following Timbre's instructions my computer is back to full speed. You da man, conservative or not. Very Happy
0 Replies
 
timberlandko
 
  1  
Reply Fri 30 Apr, 2004 09:06 am
Thanks, BP ... at least you've got your machine, if not your head, "on right" ... Twisted Evil Laughing
0 Replies
 
freakymom
 
  1  
Reply Fri 30 Apr, 2004 09:49 am
Good Morning,

Please excuse my lack of computer knowledge. I have high speed internet cable with an external modem. There's a button on the modem that says "standby", do I select that to disconnect? There doesn't appear to be the computer icon thingy on the system tray!!

So sorry for the naiveté! I already have spyblaster loaded! Once I know how to disconnect from the internet (I know that sounds completely stupid), I'll run through your scan process all over again. I'll pretend like it's my "first time". Hee Hee

Smile
0 Replies
 
timberlandko
 
  1  
Reply Fri 30 Apr, 2004 11:44 am
Tell ya what, freakymom, why dontchya just call support for your cable provider, and ask them whatchya need to do to disconnect/reconnect. Your setup might differ, but for many highspeed/network connections, you access the network interface (the "cable modem's control page", so to speak) by pointing your browser to http://192.168.0.1 (that should be a link, otherwise, copy-and paste or type those numbers and periods exactly as they appear into your browser's address bar, and hit "enter"). If that's right for your setup, you should see your connection's control page, and have the option to disconnect. If so, click the disconnect button, and that's it. Note: you'll need your ISP-assigned username and password to reconnect, so you prolly oughtta have your provider's support desk talk you through it.
Alternately, there's gotta be an ethernet cable that runs from the cable modem to the network card in your machine ... you could just unplug that cable from whichever device is easier to get at. Doing that may or may not drop your cable modem's connection, but your machine will not be connected to the cable modem.
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » HELP! Spyware, etc. Timberlandko's process helped
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 11/03/2025 at 10:55:09