Jump to content


Photo

About:blank & popups


  • Please log in to reply
14 replies to this topic

#1 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 May 2004 - 06:48 AM

I read the FAQ, and run Spybot S&D many times, but still can’t get rid of them!!!

I know computer next to nothing!! I need and appreciate anyone’s help!

Thanx!

#2 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 May 2004 - 07:07 AM

when I want to Save log, the following dialog comes out:


An unexpected error has occurred at procedure: modMain_ProcessRuleReg(sRule=>54L|HYIbm#bVRm^YYRaePeSic^H`d'do;:ebVUShF>X+ct¨²de&^¨ªt5ih¨¢QYWt{)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.97.7

This message has been copied to your clipboard.

#3 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 May 2004 - 07:12 AM

sorry, some mistake.
the second respond is my situation when I open Hijack This software.

here is the log:


Logfile of HijackThis v1.97.7
Scan saved at 8:04:08 AM, on 5/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\miaoling zhang\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {94EF5561-DE7C-4E09-99DC-95B917841DC7} - C:\WINDOWS\System32\iik.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\System32\soundmx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = D:\OFFICE XP\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 25 May 2004 - 10:17 AM

This doesn't seem like a complete log. Did you do Cntrl-A to select all before copying?

Anyway -
Tick the boxes next to all these, close all other windows, then click Fix Checked.
After that, Reboot.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html

O2 - BHO: (no name) - {94EF5561-DE7C-4E09-99DC-95B917841DC7} - C:\WINDOWS\System32\iik.dll

This one is legitimate but wastes your resources and is OK to fix
O4 - Global Startup: Microsoft Office.lnk = D:\OFFICE XP\Office10\OSA.EXE

O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\System32\soundmx.exe


Next: Since soundmx.exe has been seen as associated with CoolWebSearch, please next do this:
Download and run http://www.spywarein.../CWShredder.exe
from its own folder.
Click Fix and then Next, let it fix everything it asks about.

Then reboot yet again and post another log....

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 May 2004 - 05:08 PM

appreciate ur help!!!

The software HijackThis doesn’t work!

After downloaded the software HijackThis(directory: c:\ Program Files\hijackthis), I open it. There is a dialog box indicating:

================================================
An unexpected error has occurred at procedure: frmMain_LoadSettings()
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.97.7

This message has been copied to your clipboard.

=======================================



I click OK, then click Scan, here is another dialog box coming out:


=================================================

An unexpected error has occurred at procedure: modMain_ProcessRuleReg(sRule=>54L|HYIbm#bVRm^YYRaePeSic^H`d'do;:ebVUShF>X+ct¨²de&^¨ªt5ih¨¢QYWt{)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.97.7

This message has been copied to your clipboard.
=======================================



After the scan, I save the log posted above.

#6 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 May 2004 - 05:35 PM

appreciate ur help, cnm

so sorry, Im so confusing. I ignore the dialog boxes and follow ur advice.


here is the log.


Logfile of HijackThis v1.97.7
Scan saved at 6:29:57 PM, on 5/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\miaoling zhang\Local Settings\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)



==============


thanx!!!

#7 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 May 2004 - 05:43 PM

Im so Sorry! I forgot to tell you one IMPORTANT thing. Hijackthis fail to remove :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html


----------------
(i dont know how to highlight them.)



thanx for ur help!!!!

#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 25 May 2004 - 09:19 PM

See if this will work.

Download this .reg file to a temporary place, like Desktop. http://www.spywarein...tools/IEFIX.reg
Double-click on it and answer Yes.
It will restore all the default Search settings for IE.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 May 2004 - 09:36 PM

deeply appreciate ur help!

i did it.

what am I supposed to next?

#10 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 May 2004 - 09:51 PM

relief----the webpage that was displayed is gone & becomes a blank white screen,
and no popups!


however:

I run Spybot S&D, it find two problem:

DSO exploit -----5 entries;


Possible hijacker-----1 entry.

#11 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 25 May 2004 - 10:07 PM

I believe a false positive for the DSO vulnerability is a known bug in Spybot SD 1.3. Visit their forum - link is in my signature.

Set your Home page to whatever you want. In Internet Explorer, click Tools->Internet Options.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#12 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 26 May 2004 - 01:31 PM

appreciate ur help!!!


so, can I go further to get Internet Options back into the control panel now??


Thanx!!!

#13 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 May 2004 - 06:20 PM

Hmm, I don't know how to do that, offhand. Maybe someone else does...

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#14 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 26 May 2004 - 07:06 PM

Thank you so much, cnm!


anyone know that?


according to the instruction from http://www.spywarein...icles/hijacked/

Im supposed to get Internet Options back into the control panel.

so, I go to Run command, type REGEDIT,
get to HKEY_CURRENT_USER\Control Panel\don't load\

then don't find inetcpl.cpl, but find ncpa.cpl & odbccp32.cpl

should I delete those two???
or anything is done, Im NOT supposed to do that??

please help me!!

#15 new

new

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 27 May 2004 - 03:40 PM

bump




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button