• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Good_Day

CWS infected my machine

174 posts in this topic

Oh I forgot

in registry there was a number 12 and something called patrol...

 

I didn't delete those, I didn't know what they were.

 

Carol

Lets step back to that for a minute Carol. Will you please find those keys again, right click them when found and choose "export" , save them to a convienient location. After that is done, go to where you saved them, right click the file(s) choose "edit" and then paste the contents as a reply to this thread.

 

Lets do some cleanup of unnecessary files.

Go to Start>All Programs>Accessories>System Tools>Disk Cleanup

You want to clean the C drive if it asks

In the files to delete pane select all options except for "compress old files" and "catalog files for the content indexer"

This will empty your recycle bin, if you want to avoid that for any reason then do not check that option.

Click ok and allow it to finish.

 

If disk cleanup freezes on the initial scan, try this reg file to see if it helps. Copy the contents of the quote box to a notepad document, call it fixcleaner.reg and save as type "all files"

Windows Registry Editor Version 5.00

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files]

Double click fixcleaner.reg and say yes to add it to the registry then try disk cleanup again.

 

Look in add/remove programs....how many installations of java do you have?

Share this post


Link to post
Share on other sites

Funny you should mention Java....

 

One of my groups is having a club chat tonight--so naturally explorer didn't have the option--said I had to download something called a Microsoft Java blah blah--but MS doesn't have it on their site anymore because of a lawsuit with Sun Microsystems. I dl'd sun...my groups chat interface didn't like it...so I dl'd the Mozilla browser--which I don't like even though it has the Netscape interface...What's this got to do with anything? Nothing. :) But I already have the Java2m platform.

But it wouldn't work on my chat group. Only whatever is in the Mozilla browser works for this particular group.

 

We can delete what's unnecessary. I'll do everything you suggested after the chat tonight :) Hmm, how many Java platforms does one need? :)

 

Carol

Share this post


Link to post
Share on other sites

NO OUTHOST is gone :) (hopefully there aren't any hidden remnants anywhere) *LOL* When I get my checkboxes back, I'll check the boxes you recommended.

 

Carol

Share this post


Link to post
Share on other sites

You only need on Java (the one from sun) it interfaces fine with IE and Mozilla. Do you have the installer from sun downloaded?

Share this post


Link to post
Share on other sites

No the disk clean up is working. :)

 

How do I get Netscape to dl? and my checkmarks back in Explorer tools options?

 

Carol

Share this post


Link to post
Share on other sites

Done!

Removed from your system:

- CWS.Yexe

 

Windows XP (5.01.2600 )

CWShredder v1.57.0

Written by Merijn - merijn@spywareinfo.com

 

For any additional help with this program or removing CWS, visit:

http://www.spywareinfoforum.com/

 

For information and documentation on the Coolwebsearch

trojan and its variants, visit:

http://www.spywareinfo.com/~merijn/cwschronicles.html

 

For donations to help support CWShredder, visit:

http://www.spywareinfo.com/~merijn/donate.html

Share this post


Link to post
Share on other sites

Go to start>control panel>folder options

Do you have them there?

 

I need more information on the Netscape problem. You are trying to download the installer and it only goes halfway and then quits or are you trying to install it from the web? What exactly is happening.

Share this post


Link to post
Share on other sites

Are you missing your tabs in internet explorer? I thought you were referring to windows explorer.

 

Which is it?

Share this post


Link to post
Share on other sites
Are you missing your tabs in internet explorer? I thought you were referring to windows explorer.

 

Which is it?

Nope--Internet Explorer ver. 6.0--I have no checkmark boxes....so when you told me a few days ago to click something in there...I can't do it as I have nothing to click on.

 

and Netscape (which I like to have on hand as a default browser) was on my system pre-virus...but ever since I got infected and even now that I'm clean

It won't open...I tried dl'ing it twice even deleting the old one and starting over

and I get the icons on the taskbar, desktop, including the annoying"BUY AOL!" buttons, but the program WILL NOT launch...and for the heck of it...let's do a recent hijack this log:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:31:12 PM, on 5/20/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\MMKeybd.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Winamp\Winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\Nhksrv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\LittleBlackBook.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Encarta Encyclopedia (HKLM)

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: Define (HKLM)

O9 - Extra 'Tools' menuitem: Define (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: HushEncryptionEngine - https://mailserver2.hushmail.com/hushmail/H...ptionEngine.cab

O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/emCraft1.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - http://download.richfx.com/player/mediaver...st/twophase.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Share this post


Link to post
Share on other sites

You need to tick these two lines in order to be able to access Internet Options from within internet explorer.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

Have you completely uninstalled Netscape (via control panel>add/remove programs) ?

Share this post


Link to post
Share on other sites

Also Carol, you are behind on your updates which makes it much easier to get malware onto your system. You need to visit Windows Update and apply all critical updates.

Share this post


Link to post
Share on other sites

Well I did the windows updates and when I logged on here, I got a pop up saying "Windows has recovered from an error" WTF?

 

And I still don't have any checkboxes in the tools-internet options

 

and Netscape won't launch.

 

Carol

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 9:44:20 AM, on 5/21/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Nhksrv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\MMKeybd.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Winamp\Winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\System32\msiexec.exe

C:\LittleBlackBook.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Encarta Encyclopedia (HKLM)

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: Define (HKLM)

O9 - Extra 'Tools' menuitem: Define (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: HushEncryptionEngine - https://mailserver2.hushmail.com/hushmail/H...ptionEngine.cab

O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - http://download.richfx.com/player/mediaver...st/twophase.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

 

I hope this helps!~Carol

Share this post


Link to post
Share on other sites

Good job getting the updates.

This one still needs fixing

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab

 

I don't see the entries locking you out of Internet Options from within Internet Explorer anymore, can you use Tools>Internet Options now?

If not can you access Start>Control Panel>Internet Options?

 

When you say the checkboxes are missing do you mean you can open Internet Options but when you click the advanced tab there is nothing in the windows or just the boxes are missing?

 

Well I did the windows updates and when I logged on here, I got a pop up saying "Windows has recovered from an error" WTF?

Did that only happen one time or is it reoccuring? What is the error number?

Share this post


Link to post
Share on other sites

Re--The pop window--I don't know--it was one in the morning and I didn't write it down. *LOL*

 

The actual checkmark boxes are missing.

 

Tools--Options--Advanced Tab *no checkmark boxes*

 

Okay, I'll remove that annoyance that you mentioned :)

 

Carol

Share this post


Link to post
Share on other sites

I noticed this awhile ago but didn't think about it until now---I lost things that were on my start menu like half of the games--microsoft picture it...that stupid Lycos sidesearch button is still there...and I have something weird called Top Text iLookup...what is it?

 

I didn't lose the items, they just aren't on the start bar. I did drag a spider solitare icon down to the top of the start bar, but I'd rather it be in it's normal spot in the games folder--infact the whole games bar is gone--solitaire, freecell, spider solitaire, etc.

 

More remnants from CWS! :(

 

Carol

Share this post


Link to post
Share on other sites

Hi Shadowwar,

 

Well I don't know if this was in response to my lack of checkmark boxes or the start bar, but I did what you said (it didn't ask to merge, it asked me if I wanted to add it to the registry) but I did it...and nothing changed.

 

And everytime I finish doing these tasks, I reboot.

 

Carol

Share this post


Link to post
Share on other sites

This has been a long thread spanning two boards, I don't recall if you have Spybot S&D (version 1.3) installed or not. If you do then update it and then do a scan, fix all items it lists in red.

 

*****

Here are instructions to download and run Spybot if you need them.

 

Get Spybot S&D to clear out some of the malware. If you have a problem downloading from there, use this link.

 

Install Spybot S&D, run it and select "search for updates" (under "online") and put a checkmark in the box of each one it finds.

Press the download button at the top left.

 

Close all browser windows and shut down all other programs with a placeholder in the taskbar.

Click the "search and destroy" icon in the left pane, then click the "check for problems" button at the bottom of the window.

When it is finished scanning, make sure there is a check mark next to any items labeled in red, click the "fix selected problems" button at the bottom.

 

When Spybot gets done, reboot your computer (this is very important).

 

******

Hopefully Spybot will remove any leftover malware on your machine including the lycos and iLookUp from the start menu but if it doesn't then right click them, choose properties and then click the "find target" button. If that leads to a file then paste the contents of the "target" box from the shortcut properties dialog here, if you get a message saying "the system cannot find the file" then go ahead and delete the shorcut. After we clean up those shorcuts we'll move on to the missing game shortcuts and then the internet explorer boxes.

Share this post


Link to post
Share on other sites

When you click the advanced tab in Internet Explorer options do you just get a blank white background with nothing on it where the check boxes should be or are just the boxes missing but the text is there?

Share this post


Link to post
Share on other sites

Rand,

 

I'll read your fixes in a minute--OH god...all I did was replace my AOLIM and Yahoo msg'r FROM their official sites

and I got the Y toolbar and the my websearch with smiley central...ewww! How do I get it off?

 

Carol

Share this post


Link to post
Share on other sites

Cool

 

No, I couldn't get Spybot--I know I can now...since I got the CWShredder--the window used to close on me, I'll do this before bed...thanks...I appreciate all the help!

 

Carol

Share this post


Link to post
Share on other sites

You should be able to remove mywebsearch in add/remove programs. It will be easier on both of us if you don't insall any other programs until we get your current problems solved.

Share this post


Link to post
Share on other sites

Hi Rand--

 

Well the reason I dl'd the msg'rs was because in my other life of non-frustrated computer user--I moderate a board and there was a problem we needed to take care of with one of the members.

 

Interesting stuff--I dl'd search and destroy it wouldn't have been me without a problem--

 

It found all these things and started to fix them--

then it stopped--and it said can't continue because xmltok.dll is missing--

and to reinstall the program....

and I'm like WTHell--well I clicked the OK to get rid of the pop up--

and it started to FIX and all the x's turned to checkmarks

 

So, I'm like why did I get that popup if everything worked out in the end?

 

Then I rebooted like you said....

 

IT GOT RID OF Lycos search and the other crappy things on the bar.

 

Still no checkmark boxes....

 

So despite that weird pop up it was a success. :) Do you need another

HiJack This log?

 

Carol

Share this post


Link to post
Share on other sites

You seem to be missing a few different files that should be there. It would be time for a repair install at this point I think if you had a windows cd.

 

Do a search of your computer for xmltok.dll and let me know where you find it.

 

Run regetrar lite and paste the following into the Address bar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions

Hit enter

 

Do you see this in the left pane.

post-18-1085250029.gif

Share this post


Link to post
Share on other sites

Okay--is it perfectly normal--you know when you are searching and see all the names of the folders go by--well I noticed some of the folders say "outhost"...i take it that's normal....

 

Search has found xmltok.dll in:

 

C:/ProgramFiles/Radio@NetscapePlus/Program

 

and

 

C:/ProgramFiles/YahooMessenger

 

PS--I should tell you when I tried reinstalling my Norton a few weeks ago when I still was infected--I did it on the desktop...and there were a bunch of dlls and other like files that I put in C:/. Since then I did uninstall Norton.

 

Now on to the other task :)

 

Carol

Edited by Good_Day

Share this post


Link to post
Share on other sites

Yes, I see everything shown--and one extra--

 

an ab (default) (value not set)

 

 

I won't touch it..I don't know if should be there or not...but it wasn't on the screen cap you showed. But everything else that you mentioned, I do have.:)

 

Carol

Share this post


Link to post
Share on other sites

ok, no worries on smltok then Carol as long as Yahoo is working ok. is Netscape ok now too?

 

Lets try this for your IE Options boxes

Click Start>Control Panel>Display then click the Appearance tab

Under the themes tab click the drop down menu and choose "Windows Classic" (unless that is the one you are using, then choose a different one) then click Apply. Did that help with the internet options boxes.

Yes, I see everything shown--and one extra--

 

an ab (default) (value not set)

 

 

I won't touch it..I don't know if should be there or not...but it wasn't on the screen cap you showed. But everything else that you mentioned, I do have.

 

Carol

Right click the registry key in question and choose "export" save it as a .reg file, then right click the file, choose "edit" and paste it as a reply here (unless it is longer than a HJT log).

Share this post


Link to post
Share on other sites

Netscape still WILL NOT launch.

 

Windows Classic worked! I got my checkmark boxes...now I'll have to go back three or so pages to find the things you wanted me to click on....

 

Then I'll do that thing you suggested with that "weird" registry key.

 

EXPORT-is SHADED so I can't click on it...I even tried at the top

of the page and that export button is SHADED also.

 

Carol

Edited by Good_Day

Share this post


Link to post
Share on other sites
Yes, I see everything shown--and one extra--

 

an ab (default) (value not set)

EXPORT-is SHADED so I can't click on it...I even tried at the top

of the page and that export button is SHADED also.

The ab value must be in the right pane then. Is that with "Advanced Options" highlighted in the left pane (as it is in the screen shot I posted)?

 

Netscape still WILL NOT launch.

Have you completely uninstalled Netscape, rebooted and then deleted the netscape folder in program files. Also do the following

go to start>run and type

%temp% hit enter

In the window that comes up go to edit>select all

All the files in the temp folder should become highlighted, press your delete key one time and say yes to delete all the files

Once that is done, go here and download the Windows Full Installer

http://wp.netscape.com/download/full_install.html

Shut down all other programs and then double click NSSetup-full.exe to begin the installation.

Edited by rand1038

Share this post


Link to post
Share on other sites

I did what you said with Netscape--it will install but won't open.

I thought deleting everything like you said would work but it didn't.

 

And yes, the advanced pane was highlighted but export was still SHADED. (Import isn't)

 

 

Carol

Share this post


Link to post
Share on other sites

Good news!

 

I got Norton installed :) It works!

 

Bad news! (wouldn't be me without it) *lol*

 

Notepad is now an exe file in my start...Wordpad disappeared a week ago but I dragged an icon from the program files to the desktop so I can access it that way. I don't know what happened with Notepad! Something seems to be "eating" my start bar programs.

They don't delete them--they just delete them completely from the start bar or turn them into exe boxes.

 

Carol

Share this post


Link to post
Share on other sites

Try these steps Carol for netscape.

 

And yes, the advanced pane was highlighted but export was still SHADED. (Import isn't)
Right click the "Advance Options" key and choose "Permissions", with "Administrator" highlighted in the top pane the bottom pane shoudl have checkmarks in the "full control" and "read" boxes.

Share this post


Link to post
Share on other sites
They don't delete them--they just delete them completely from the start bar or turn them into exe boxes.
Do they disappear from Start>Programs or just from the start menu "quick list" of programs that shows when you first click the start button?

Share this post


Link to post
Share on other sites

They are off the start bar start--programs--some are gone and some like notepad are now exe boxes.

 

Oh Norton found a Trojan last night! But said it couldn't delete it...but then I did a CWS search and it said my system was clean. I didn't finish the Norton search as it was too late.

 

I'll try the netscape thing--does that mean I have to delete the recent dl?

 

I know the answer is yes. :)

 

Carol

Share this post


Link to post
Share on other sites

I can see that's pretty lengthy. I'll have to do it later. I'm going to resume my Norton scan.

 

Carol

Share this post


Link to post
Share on other sites
I'll try the netscape thing--does that mean I have to delete the recent dl?
The installer you downloaded should be fine, you don't need to download it again.

 

Do the Norton scan in safe mode and see if that will work.

 

Do you have Trojan Hunter yet?

Download Trojan Hunter (free version).

Next go here and download the latest update zip file.

Install Trojan Hunter and make a note of the full path to the folder where it is installed, by default this is

X:\program files\TrojanHunter 3.8 (X is the drive Trojan Hunter is installed on, usually C).

After installation unzip the update file you downloaded to the installation folder you took note of.

Say "Yes to All" when you are asked about replacing files.

You have to completely shut down Trojan Hunter for the new files to be used.

Double click the desktop icon to run Trojan Hunter, click to continue evaluation.

Click the "Full Scan" button on the upper left.

Share this post


Link to post
Share on other sites

Yikes! Will do.

 

I'm curious what Norton will find so It's still scanning from when I posted before. (It takes forever)--you know apart from the real dangerous Trojans and the like--I'm wondering if Norton, McAffee, AVG etc will always FIND something, even if some of the things that they find are harmless?

 

So far it says it "detected 7" things. "Fixed 1"

 

I wanted to let you know if there's something we missed which is why

I'm letting this scan complete. After I post the results, I'm going to do that Trojan thing you recommended.

 

B02802040113.dll Adware Virtual Bouncer

key2.txt Adware Blaze find

sidesearch1400.dll Adware Side Search

UnstSA2.exe Adware Blaze find

mmind.cmd IRC Trojan

startuplist.txt Bloodhound.Exploit.6

 

NORTON SAID IT fixed the IRC Trojan and startuplist.txt Bloodhound.Exploit.6

 

The others are at risk...I will follow the instructions

 

Quarantined 2

Deleted 4

 

Hopefully this will be of some help.

 

Carol

Share this post


Link to post
Share on other sites

allrighty, wow...

 

I dl'd the Trojan Hunter (I'm sure you are aware that it is a trial version)

and dl'd the zip thing which C:/35X-2--4-05-21.zip

 

What do I do with it?

 

The Trojan Hunter guard is disabled

 

and I have the Winzip of the update folder opened....

 

Carol

Share this post


Link to post
Share on other sites

Trojan Hunter:

 

Registry scan

No suspicious entries found

Inifile scan

No suspicious entries found

Port scan

No suspicious open ports found

Memory scan

No trojans found in memory

File scan

No trojan files found

Share this post


Link to post
Share on other sites
Trojan Hunter:

 

Registry scan

No suspicious entries found

Inifile scan

No suspicious entries found

Port scan

No suspicious open ports found

Memory scan

No trojans found in memory

File scan

No trojan files found

A clean bill of health from Trojan Hunter, thats good to see. Thanks for noting the "trial version" I'll change my speech to reflect that in the future.

You can try an online scan to make sure Norton didn't miss anything. I like Trendmicro.

 

Yes, sometimes malware scanners find things that are "actively" bad, like the startuplist.txt one in your list was probably just a registry key or file name listed in a startuplist report. You want to be careful that the path to the file it says is bad does not contain a malware scanners folder (such as Spybot S&D, Ad-Aware or TrojanHunter's) as these type of programs contain "signatures" which they use to identify the junk files. Sometimes the signature files confuse other scanners.

 

Did you do the Safe Mode scan with Norton?

Did you get Netscape working yet?

Share this post


Link to post
Share on other sites

No...I was bad, I watched the Soprano's. *LOL*

 

But I'm going to do that Netscape thing today and tomorrow I'll do the Norton in safe mode.

 

Carol

Share this post


Link to post
Share on other sites

Thats a good show. I'll bet you Tony could fix your computer. You would just have to glue it back together when he was done. :blink:

Share this post


Link to post
Share on other sites

*LOL* Rand :)

 

Well Netscape still won't launch. I did that "Everybody" thing--but it only said to do so in the Mozilla folder. Wouldn't it make sense to do it in the Netscape folder too?

 

Oh--I woke up with a note from Norton saying I had a Trojan in Windows Recycler.

 

I haven't had time to do a safe mode scan. I will today.

 

Carol

Share this post


Link to post
Share on other sites

Thanks, Rand. :)

 

Oh I also did the safe mode scan yesterday--1 virus detected. Adware from Lycos side search. But I didn't get anymore windows recycler trojan pop ups.

 

Carol

Share this post


Link to post
Share on other sites

Ok, so whare are we at Carol. Please list any concerns you still have and post a fresh HijackThis log.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0