Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hey everyone,
Please help me! Whenever I try to open a program (AIM is an example), I see the following message:
"AIM has caused an error in MSVCRT.DLL. AIM will now close."
After I hit "close" the error pops up a few more times and then finally shuts the program down.
I've tried running Adaware, but it doesn't do anything.
How can I fix this problem?
Thanks!
Uninstall AIM. Reboot machine, run it a while. Reinstall AIM.
Post back if that clears it up, otherwise you will have to replace the DLL, post back for details of that too.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0 
Hey Viking,
I uninstalled AIM. When I tried to reinstall it, the "error in MSVCRT.DLL" message came up and it exited the Setup.
Also, it's not just AIM, I just tried to install popzilla and the "error in MSVCRT.DLL" came up and it exited Setup.
Could I get details on how to replace the dll?
Thank you so much!
K
0
yeh, it's straight forward enough Katie.
MSKB A 129605 - HOW TO: Extract Original Compressed Windows Files
MSKB A 265371 - HOW TO: Extract and Replace a Protected File in Windows Me.
You basically go to Start >> Run >> and type, msconfig, click Ok and click the "Extract File" button.
In "Restore From", put
c:\windows\options\installor
c:\windows\options\cabs
In "Save file in" put,
c:\windows\systemIt should ask you along the way if you want to back the original file up -- say yes.
Try that one from your cab files first, there is an up to date version of MSVCRT.DLL from the M$ site but that one should do you for now.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Hey Viking,
I tried that, and it had me restart the computer afterwards. However, when I tried to start AIM, it gave me the same error message: "AIM has caused an error in MSVCRT.DLL. AIM will now close".
After that, it also gave me this error message: ""AIM has caused an error in Kernel32.dll".
Any thoughts?
Thank you!
K
0
Yes. Disable system restore and do a quick online virus scan.
It's a pain but you are on AIM after all.
Download and run the latest Ad-Aware SE Personal Edition 1.01 complete with updates and run a fully updated Spybot S&D 1.3. Re-enable restore.
Then uninstall AIM and remove any trace of it from your registry. Replace msvcrt.dll again. Reboot and download a fresh copy of AIM. Install new AIM.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
I am also having this problem and i have tried everything you have posted and when i get to the install folder the MSVCRT.DLL is not even in there???
0
its me again,i just tried it again through the cabs folder and its there but when i try to install it or what not it says "the specified file is protected and may not be copied over or deleted"
0
Well so far you haven't said anything much to go off, and a lot of it makes no sense. You've said:
1) "You've tried everything that's been suggested. When i get to the install folder the MSVCRT.DLL is not even in there???"
Where did I say go look for MSVCRT.DLL in it's install folder ???
Although you do raise a point that AIM could have it's own MSVCRT.DLL in it's program files folder. The only people able to answer that is a fellow AIM user.
2) "I just tried it again through the cabs folder and its there but when i try to install it or what not it says "the specified file is protected and may not be copied over or deleted"
Again. Unclear. Are you now using the extraction method mentioned above ? Or just opening up the cab file and trying to drag and drop the file into the system folder ?
If your doing the latter, then it will give that error message. Use the extraction method above.
If your using the extraction method and it's giving that error message out (which can happen). The easiest way, is to extract the file from the DOS version of the msconfig "extract file" utility.
But before I give that out, you better clarify what it is your doing exactly and what it is you've REALLY done so far.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Sorry for not being clear about the problem.
I have tried extracting the file through the extract file in Msconfig and that is when i get the error message "the specified file is protected and may not be copied over or deleted"
I have also tried getting a new version of the Msvcrt.dll file and that hasnt worked either.
Its not just with AIM,its with any program i try to open(MSN messenger,Yahoo messenger,trying to download any file off of a website...etc.)
i have also tried doing a system restore from the Msconfig and it says that i have to restart my computer and try again,and then after i restart it and try again i get the same message.
0
Hey everyone,
I still need help! The 'Error in MSVCRT.DLL' message is still coming up everytime I run AIM! I tried everything you told me to do, Viking. Now, however, there is another message that appears:
"AIM has caused an error in KERNEL32.DLL. AIM will now close."
What does that mean? Thanks!
K
0
Katie.
If you've done ALL the above (disabled system restore, virus scan, adware scans, cleaned, replaced the dll, replaced AIM etc) -- I'm double checking here.
Then what happens when you completely remove (uninstall) AIM ? Does the kernel32 error message disappear ?
What happens exactly.
AIM is attacking the core component of the windows operating system for whatever reason and causing stability problems.
And next time, don't be pushed off your own thread by butthead hijackers who can't be bothered starting there own thread.
The only reason I answered Jess999 was because I thought you were done. Uusally I'd tell hijackers to piss off and start their own thread.
Jess999.How in the hell did you manage to get a new msvcrt.dll when it wouldn't even LET you extract the file from msconfig ???
And if you did resolve your issue, why the f--- didn't you post YOUR particular "solution" for Katie, or anyone else.
This wasn't even your thread in the first !
Anyone would think you were either full of it, or you've been doing something stupid and don't want to fess up.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Hey Viking -
Yes, I tried everything you suggested, exactly how it was. Now, when I try to reinstall AIM, it says "Setup has caused an error in MSVCRT.DLL. Setup will now close."
Then after closing out of that error message, it says "Setuphas caused an error in KERNEL32.DLL. Setup will now close."
I mentioned it earlier, but this is also happening with other programs. For instance, when I try to update Madden 2004, it says
"Update has caused an error in MSVCRT.DLL. Update will now close."Then after closing out of that error message, it says "Update has caused an error in KERNEL32.DLL. Update will now close."
So, AIM isn't the only problem. BTW, I can't reintall AIM or update Madden 2004 - everything just closes after those error messages come up.
Any ideas?! Thanks! ;)
K
0
Ok, go into safe mode (usually by pressing F8 on start up or pressing the Ctrl key down till the menu appears) and go through the same rountine, but first, trying to uninstall both programs (again).
Report back what happens. Run your own up to date virus scanner for this, no need to go online.
Also, make sure you have set Adaware up properly, just have a quick flick through Using Ad-aware to remove Spyware & Hijackers from Your Computer.
I want to know what happens when you try uninstalling from safe mode first. If you observe anything different running that same routine (added error messages, fewer error messages).
If nothing changes, then download and run HijackThis 1.98.2 from that link.
Take a look at how it works (from that page) and post a log file back onto this thread if running in safe mode does nothing.
And if you can give any background to these errors that would be useful too.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
I tried the safe mode stuff - no luck yet. Also, I don't really have any background information about the errors ... sorry! Here's the log file...
Logfile of HijackThis v1.98.2
Scan saved at 11:44:30 AM, on 8/20/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\BCMDMMSG.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\SK9910DM.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\AVANT BROWSER\AVANT.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exeR1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchweb.cc/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tc.umn.edu/~chess
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searchweb.cc/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searchweb.cc/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchweb.cc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.find-online.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tc.umn.edu/~chess
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: Web Search - c:\windows\ex.htm
O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.exe
O9 - Extra button: ComcastHSI - {F29EDB19-B705-4A3E-A241-DF72616BFB0C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {D275B8C9-0ABD-4C27-BD7B-51C14B0852B0} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {035F394A-F194-4AC4-938F-DC2E66A39EBF} - http://www.comcastsupport.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O13 - WWW. Prefix: http://ehttp.cc/?
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
0
I'm going to assume that you ran Adaware AFTER reading that tutorial and then posted the log file.
Before we tackle the log file and get rid of searchweb, lspak.dll (etc) and anything else that shouldn't be their. It's unclear whether you've run Spybot S&D 1.3.
If you haven't, downlaod it, update it and run it.
Here's a Spybot S&D - Brief tutorial.
Also download CWShredder 1.59.1 and run it.
Now post another log file. Thanks.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
In fact, use this Spybot S&D Tutorial, from #4 onwards, may give you a better grasp.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Hey Viking,
Ok, I ran adaware, spybot, and the shredder. Points of interest:
*When I run Adaware, it says that the files "VX2" cannot be deleted because they're in use. I did a search through the registry, and didn't find anything called "VX2"
*When I ran Spybot, it doesn't delete/eliminate the file called "VBouncer". I also did a search through the registry, and didn't find anything called "VBouncer".
*Every few seconds, a pop-up window opens on my computer. So it doesn't seem like anything is being fixed with the progs (adaware etc).
I've read all the tutorials and made sure that I know what I'm deleteing/fixing, and all the other details associated with it - thanks for that, it was cool to get better grasp.
Here is the new log file:
Logfile of HijackThis v1.98.2
Scan saved at 1:04:26 AM, on 8/21/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\BCMDMMSG.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\SK9910DM.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\AVANT BROWSER\AVANT.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tc.umn.edu/~chess
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tc.umn.edu/~chess
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe"
O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.exe
O9 - Extra button: ComcastHSI - {F29EDB19-B705-4A3E-A241-DF72616BFB0C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {D275B8C9-0ABD-4C27-BD7B-51C14B0852B0} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {035F394A-F194-4AC4-938F-DC2E66A39EBF} - http://www.comcastsupport.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cabThanks Viking :)
0
Ok, Adaware has a plugin system for certain stubborn spyware,VX2 malware is one of em.
I don't know if that's the new version of Adawares "pre warning" system or whether it's telling you you have VX2 on your system. Easy way round it though. :)
Download and Install the Vx2 Cleaner plugin, and while your their (just spotted it), the Lsp Explorer V1.33 plugin from the following page ....
Lavasoft - Ad-Aware SE Add-Ons.
Then have a quick look at these two pages to tell you how to install and use them.
How to use Lavasoft’s VX2 Cleaner plug-in
DON'T download them from these two pages, as they are for an older version and won't work.
You will be running the VX2 cleaner plugin right away but not running the LSP one, just yet (Install it anyway though). ....In fact !
While LSP is in your head. Download LSPFIX and have it ready on your desktop, you will be using it in the next stage, following this post. >> LSPFIX mirror site (download is top right).
Spybot S&D. Update Spybot S&D again because as of yesterday it updated and removed VBouncer, you may have missed the update, so check again.
Lets begin. :) 8pWith doing this ....How to Show System Files. They maybe already showing, just make sure they are.
Then open up HijackThis and scan, and put a check mark next to ...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R3 - Default URLSearchHook is missing
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Close all applications and browser windows before you click "fix checked". Fix checked.Reboot in safe mode (F8) and delete the following folder....
C:\PROGRAM FILES\TOOLBAR
Boot back into Windows. Now run Adaware and Spybot again (You've already done the top of the post). This time your running the VX2 plugin while your in Adaware as well.
Post new log file. >> Come back for more fun.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
About ....
C:\PROGRAM FILES\TOOLBAR
To avoid any confusion. If you open up Windows Explorer when your in safe mode and navigate to your program files (path above), your looking for a folder called TOOLBAR. Delete it, continue with rest of instructions.
8-|
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
IMPORTANT
************O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
You must ADD that one to the get rid of list while your doing the HijackThis log deletion, and getting rid of the entries in response #19.
That's the TOOLBAR entry.
Must be going blind. ;)
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Hey Viking - I think you're doing a wonderful job, thank you so much!!
Here is my new log file:
Logfile of HijackThis v1.98.2
Scan saved at 12:13:21 AM, on 8/22/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\BCMDMMSG.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\SK9910DM.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe
C:\PROGRAM FILES\AIM\AIM.exe
C:\PROGRAM FILES\AVANT BROWSER\AVANT.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tc.umn.edu/~chess
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tc.umn.edu/~chess
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.exe
O9 - Extra button: ComcastHSI - {F29EDB19-B705-4A3E-A241-DF72616BFB0C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {D275B8C9-0ABD-4C27-BD7B-51C14B0852B0} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {035F394A-F194-4AC4-938F-DC2E66A39EBF} - http://www.comcastsupport.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.netYour detailed instructions are awesome!
What's next?! ;)
K
0
Okie, thanks for the praise Katie, not far off now.
Now we're gonna get rid of that mess in the middle (and probably the root cause of your problems), all those lspak.dll and cdlsp.dll entries.
Be careful with this one !
If you look at the log file, it has 7 instances of lspak.dll and 7 instances of cdlsp.dll.
That LSPFIX (.exe) you downloaded to your desktop, open it by double clicking on it, and put a check mark in the "I know what I'm doing" box.
Now look for ALL those instances of lspak.dll and cdlsp.dll and transfer them to the right hand column that says "remove". You do that by using the right pointing arrow heads in the grey centre column seperating the "keep" and "remove" sections ...you will see them.
Now click Finish and exit LSPFIX.
Now it's IMPORTANT that you ONLY remove those two instances (lspak.dll and cdlsp.dll) of anything !
Remove anything else and you won't be going on the internet till you've formatted the entire machine and started again. :)
Next step is to download and run Delindex.It's a small batch file that gives a general clean out. You will need a WinME startup disk for this and you will have to reboot the machine with the (floppy) startupo disk in.
Instructions are on the web page.
If you don't have an ME startup disk, make one via add and remove programs in the control panel. Use the "Startup Disk" tab and follow your nose through it.
If for some unknown reason you can't get one, download a full one here.
Follow the on screen instructions (takes 30 seconds to run pending on how much crap it's shifting out).
Don't get too bogged down with Delindex, It's just a general clean out utility. The other stuff is crucial though.
NOW post another log file. :)
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Hey Viking,
Ok - that delindex thing was cool! Here's my new log file:
Logfile of HijackThis v1.98.2
Scan saved at 2:11:31 AM, on 8/22/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\BCMDMMSG.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.exe
C:\WINDOWS\EXPLORER.exe
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\SK9910DM.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe
C:\PROGRAM FILES\AIM\AIM.exe
C:\PROGRAM FILES\AVANT BROWSER\AVANT.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tc.umn.edu/~chess
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tc.umn.edu/~chess
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.exe
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\SYSTEM\PDFUPD.DLL
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.exe /boot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.exe
O9 - Extra button: ComcastHSI - {F29EDB19-B705-4A3E-A241-DF72616BFB0C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {D275B8C9-0ABD-4C27-BD7B-51C14B0852B0} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {035F394A-F194-4AC4-938F-DC2E66A39EBF} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
0
Viking!!! I just tried AIM and it WORKS! You're a GENIUS!!!!!!!!!!!!!!!!!!!!!!!!! Thank you so much! ;) I'm sure there is more to be done though - just let me know and I'll hop on it.
Thanks again!
K
0
LMAO :) No surprise ! with the amount of crap that was (still is) dragging you down. :p
Katie, your still infected with old stuff that has come back and some new stuff that wasn't there before. Just leave AIM alone and don't go near it yet till your clean.
We might as well clean up properly and install some things, seeing as though we've got this far.
First off. I should really be kicking your arse (ass) because according to that log file you have no Anti Virus protection or Firewall installed.
IF this is true, then you need to download and install a firewall -- Download FREE ZoneAlarm®.
Your going to have to let Internet Explorer have access to the internet (obviously) and maybe your ISP (possible). When you first install and connect to the net it will flash dialogue boxes up at you, they will be asking you things. It wants Yes / No answers.
Let IE through and your ISP (maybe). Nothing else (certainly no programs you have no idea what they are !).
And so it doesn't drive you nuts, fire up the zonealarm control panel from your sys tray (bottom right) and on the left, click "Alerts & Logs" and put a dot in the OFF radio button in the "Alert Events Shown".
This is if you haven't got a firewall installed.
Next, your anti virus software. Download avast! 4 Home Edition, install it and update it.
Your firewall (zonealarm) will ask you if you want to let AVAST have access to the internet. Say yes.
BUT, the VERY FIRST THING YOU INSTALL is:
That'll put a stop to being reinfected every time you move. Update it if neccessary (can't quite remember).
Make sure you download that first and install it. Then go back online and get your firewall and anti virus.
When you've got ALL those setup and running, come back and we'll kill that spyware off for good (debateble with Internet Explorer but that's another story). And post a new log file with everything that should be installed -- installed.Like I said, if you have something already for a firewall and anti virus, then still download the above (don't install), but tell me what you have.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
I also want a word for word list of programs -- everything in your add and remove programs list in the control panel. Thanks.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Hey Viking,
Can you repost the link to: "Download FREE ZoneAlarm®"? For some reason I can't open it. Thx! ;)
K
0
I usually name hyperlinks exactly as they are named on top of the web page that they are from. So if you'd have gone to Google (is your friend) and just straight copied and pasted into it:
Download FREE ZoneAlarm®.
You'd have got various links to get it.
However, either ...
Google -- Download FREE ZoneAlarm®.
or a new link to the zonealarm download page:
http://www.zonelabs.com/ . >> Download page.
Should get you there. Or failing that Zonealarm at Download.com. Places like download.com usually carry all the major freeware products.
And don't forget about that add and remove programs list (word for word).And you'd better go into windows explorer and just double check for me, that all the folders under "Program Files" match up with what you have in the add and remove section in the control panel.
You may find there are one or two anomalies -- I already know one possible one (TOOLBAR maybe shows up in explorer but not in add and remove programs).
So that's what I'm driving at.
That's why I want the two lists (as well as the other stuff doing). Thanks.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Hey Viking,
Here is the new log file:
Logfile of HijackThis v1.98.2
Scan saved at 2:52:43 AM, on 8/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\BCMDMMSG.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\SK9910DM.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\PROGRAM FILES\AVANT BROWSER\AVANT.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tc.umn.edu/~chess
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tc.umn.edu/~chess
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\SYSTEM\PDF7AA3.DLL
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.exe
O9 - Extra button: ComcastHSI - {F29EDB19-B705-4A3E-A241-DF72616BFB0C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {D275B8C9-0ABD-4C27-BD7B-51C14B0852B0} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {035F394A-F194-4AC4-938F-DC2E66A39EBF} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.netI compared the Add/Remove list with the Programs list. The following items are NOT in the Add/Remove list, but ARE in the programs list:
Alset
Netmeeting
Toolbar
Powerscan
WebsavingsfromEbatesThanks! ;)
K.
0
KatieKatie Chess Club -- RoCkZ !!
I still need the list of your programs in your add and remove (in control panel) list.
Example, I'm pretty sure you have something in their called Wintools ...you may have more.
You don't have to put all the Microsoft stuff down, like IE6 sp1, any Office stuff, Word, Excel, etc.
BTW. Alset, Toolbar, Powerscan, WebsavingsfromEbates are all spyware (Netmeeting isn't). What I want to do is get rid of ALL of it in one go.
I can't do that without knowing exactly what's on the box.
Some stuff your going to have to uninstall and then delete the folder, other stuff - just the folder, but all from safe mode.
The nature of having all this s---ware on a machine means that it's like watching shifting sands. Hence the need to know concrete facts, like what you have in your add and remove programs.
I've emailed you on a junk email account (going to, after typing this) in case you can get to your email quicker than this message board. (check the email address I've put up on the name Viking to compare with what arrives in your inbox).
I know it's not always practical for people to get back to a message board and it seems your no exception. :)
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Okie dok kiddo, I have your +/- programs list, thanks.
Boot into safe mode (F8) open up HijackThis and put a check mark next to the following and delete.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Next, delete the folders Alset, Toolbar, Powerscan and WebsavingsfromEbates.
Reboot into Windows and give your system a work out. Fire AIM up and talk to someone, do it a couple of times. Do a couple of reboots as well.
Now post another HijackThis log file. Lets see what, if anything, returns.
DON'T scan with Adaware or Spybot before posting the the log file. Thanks.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Check your program files from windows explorer for those folders coming back too.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
Hey Viking,
Thank you so much for all your time and your awesome help! I really, really appreciate it!! Everything is flowing smoothly. Here is the new log file:
Logfile of HijackThis v1.98.2
Scan saved at 11:50:03 PM, on 8/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\BCMDMMSG.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\SK9910DM.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe
C:\PROGRAM FILES\AIM\AIM.exe
C:\PROGRAM FILES\AVANT BROWSER\AVANT.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tc.umn.edu/~chess
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tc.umn.edu/~chess
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.exe
O9 - Extra button: ComcastHSI - {F29EDB19-B705-4A3E-A241-DF72616BFB0C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {D275B8C9-0ABD-4C27-BD7B-51C14B0852B0} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {035F394A-F194-4AC4-938F-DC2E66A39EBF} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.netNothing bad is appearing in the prog. files. Thank you!!!
Take care,
K.
0
Right Katie ! I do believe your finally CLEAN at last ! 8-)
First thing you do is go to the Microsoft update website and you download and install every single Critical and Recommended update. You will have to reboot after every update, and depending on how many you have to install, depends on long it will take. Tough :)
http://v4.windowsupdate.microsoft.com/en/default.asp
You need to keep all the new stuff you've now got, updated regularly.
Avast has automatic updates, so use it. Adaware gets updated every few days or so, so check often. Spywarewareblaster not so often, but keep an eye on it. Same with Spybot S&D. Run delindex once a week or so to clean out.
Keep an eye on rogue folders coming back, same goes for mysterious "new" entries appearing in your add and remove program files.
There is one way to avoid all this s--- from ever entering your PC in the first place, or at least cutting it down by 95 + %, and that's to change your browser.
At the moment your running what's called an IE6 front end, in the Avant browser (nice front end too). I can only assume that you really like the tabbed browsing and extra features.
If this is the case, I want you to seriously try out two new browsers (both with tabbed browsing). I'll email you and explain why (mainly activeX reasons), what, how, etc later on.
Firefox 0.9.3 is a browser only (no mail component, etc) -- It's what I use.
Mozilla 1.6 is the same as above only with a mail component and a lot more.
You may prefer an alternative to either of those two, and that would be Opera 7.54.
Just surfing with either of these browsers will eliminate the vast majority of that spyware you had on your machine, ever getting on there in the first place.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
