Jump to content


Photo

Spyware won't let me access my e-mail!


  • Please log in to reply
16 replies to this topic

#1 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 10 June 2004 - 12:49 PM

I've had this problem with yoursearch247 for quite a while. It puts itself as my home page, erases pages in my history and replaces them with itself. I tried CWShredder and Ad Aware and made some progress, it got rid of the yoursearch247, but immediately something else replaced it. It's nameless (just says “Search The Web), doesn't have a real address, only numbers (69.50.173.154/index.php). Also, lately it's started to disconnect me for no reason, and won't let me reconnect until I restart. Sometimes it can change the number my modem is dialling to and change the name and password for same. And it won't let me register e-mail accounts or log into the ones I already have. The problem with registering is the words/numbers that you have to type. For example it may show you a picture of the word "spyware" with a line through it and you have to type it into a box. Well, no matter how many times I try it says I've typed it wrong. Because of this, I had to get someone else to register this account and give me the name and password. I've tried CWShredder and Ad Aware and this doesn't remedy my problem, so here's my Hijack This log. sorry for rambling, I hope I've been clear.

Logfile of HijackThis v1.97.7
Scan saved at 01:40:03, on 08/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michéal\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Windows Media Player\WMPLAYER.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.173.254/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.173.254/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.50.173.254/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.173.254/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.50.173.254/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.173.254/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.50.173.254/search.php
O1 - Hosts: 69.50.173.254 auto.search.msn.com
O1 - Hosts: 69.50.173.254 auto.search.msn.com
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EBABB3D-51E1-45EA-8D93-EE135BA80020}: NameServer = 159.134.237.6 159.134.248.17

Thanks in advance for anyone that helps.

#2 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 10 June 2004 - 07:23 PM

Close process, by using Ctrl+Alt+Del on the following if they are running
winupd.exe

Check these in hijackthis, then WITH ALL OTHER WINDOWS CLOSED fix.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.173.254/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.173.254/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.50.173.254/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.173.254/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.50.173.254/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.173.254/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.50.173.254/search.php
O1 - Hosts: 69.50.173.254 auto.search.msn.com
O1 - Hosts: 69.50.173.254 auto.search.msn.com

O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <------- Checking this is OPTIONAL it is not malware; just a resource hog

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab

Find and delete the following: Make sure you are set to show hidden files and folders:
Show Hidden Files and Folders
C:\WINDOWS\System32\winupd.exe


Just to be safe update CWShredder (ver. 1.59 is latest) Close all other windows and run program , check "Fix"

Reboot and post a fresh log back to this thread.

Edited by jwbirdsong, 10 June 2004 - 07:25 PM.

Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#3 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 12 June 2004 - 01:05 PM

Hey, thanks for the help. I did what you said and now my homepage has stopped getting changed, so obviously there's been progress. I hope I erased everything I was supposed to. However, I still can't access my e-mail account. It has to be something on my computer as I can access it as normal from other computers. Here's the new HiJack this log (I couldn't download ver 1.59 from download.com so it's the same version).


C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michéal\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mxtabs.net/guitartabs.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell...gen/default.htm
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EBABB3D-51E1-45EA-8D93-EE135BA80020}: NameServer = 159.134.237.6 159.134.248.17

Thanks for the continuing help.

#4 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 13 June 2004 - 08:29 AM

bump

#5 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 13 June 2004 - 10:45 AM

There is nothing in the log you posted back to show any concern, looks clean however it doesn't appear to be a complete log, could you post another just to make sure there are no missing entrys that may be causing you problems??

What are you using for an E-mail client?
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#6 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 13 June 2004 - 11:22 AM

This is the full log that came up:

Logfile of HijackThis v1.97.7
Scan saved at 17:18:24, on 13/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kazaa Download Accelerator Pro\KazaaDAP.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Michéal\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mxtabs.net/guitartabs.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell...gen/default.htm
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\System32\KDP600f.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP600f.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EBABB3D-51E1-45EA-8D93-EE135BA80020}: NameServer = 159.134.237.6 159.134.248.17

Is there anything else you need to look at to try to figure out my problem? It's so irritating that I can't log in to my account (it's hotmail) or create new accounts. It's also changed now, when I logged in it used to lead me to a page asking me to put in mny password again, now it keeps leading me to different addresses (eg. https://loginnet.pas...mail&msppjph=1) and never fully loads one. Thanks again.

#7 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 13 June 2004 - 03:46 PM

Move HijackThis to it's own permanent folder such as c:\HJT\HijackThis.exe <-----Very important; needed to keep/maintain backups in

You've fallen prey to some bad stuff. In addition to all the crap that Kazaa puts on your machine Safeguard Protect is one of the worst: it's a browser hijacker. Uninstall from Control Panel>Add/Remove. Next do the manual removal instructions listed HERE. Be sure you make a backup of your Registry first and set a restore point before you begin.
Backup the Registry
How to create a restore point

Safeprotect is a major PIA hijacker...follow direction to the letter please.!!
Do all of the above before you continue please.

Go to Control Panel and uninstall if listed there
Safeguard Protect <----- removed above probably gone
Kazaa Download Accelerator <----- tied in with Safeguard protect?


Press Ctrl+Alt+Del and 'end task' on any of the follow that are present
C:\Program Files\Kazaa Download Accelerator Pro\KazaaDAP.exe

Check these in hijackthis,THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".

O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\System32\KDP600f.dll
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP600f.dll

Make sure you are set to Show Hidden Files and Folders and delete any of the following files/folders you find:
C:\WINDOWS\System32\KDP600f.dll
C:\WINDOWS\System32\kdpupd.dll
C:\WINDOWS\System32\veevo.dll
C:\Program Files\Kazaa Download Accelerator Pro <----[COLOR=red]ENTIRE FOLDER!![/color


Now I don't actually see the program itself but if you have it GET RID OF KAZAA
use the tool Kazaabegone found HERE

Safe alternatives can be found HERE
For what it's worth I like E-mule

Then Reboot and post a fresh log back to this thread.

Lets get a new log up and then well see if we can chase down your Hotmail problem..it may well be gone after all of the above.
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#8 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 14 June 2004 - 03:02 PM

I'm having yet another problem. When I try to back up my regestry I got to:

Start > All Programs > Accessories > System Tools. Here's where I run into problems, there's no "Backup" option. The options I have are:

Chjaracter Map
Disk Clean Up
Disk Fragmenter
Files And Settings Transfer Wizard
Scheduled Tasks
System Information
System Restore

Seen as you said to follow all your instructions to a t I dicided to make sure, better to be safe than sorry. What should I do?

#9 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 14 June 2004 - 03:04 PM

Sorry for being such a hindrence by the way.

#10 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 14 June 2004 - 07:54 PM

Whil I'm listing problems, the link to setting a Restore Point isn't working.

#11 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 14 June 2004 - 10:38 PM

It would probably helped if I'd have give the corect link to begin with..link I gave you is for Win2000

Quote from MSKB 320820: The Backup utility is not included in the default installation of Windows XP Home Edition
See the whole article for details found here

For question regarding system resore see more HERE
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#12 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 15 June 2004 - 04:32 PM

I've done what you said, deleted what came up and here's the fresh log.

Logfile of HijackThis v1.97.7
Scan saved at 22:24:06, on 15/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mxtabs.net/guitartabs.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell...gen/default.htm
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EBABB3D-51E1-45EA-8D93-EE135BA80020}: NameServer = 159.134.237.6 159.134.248.17



I still have the hotmail problem.

#13 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 17 June 2004 - 07:48 AM

bump

#14 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 17 June 2004 - 11:08 AM

That's a good clean log; as far as the Hotmail problem goes all I have to offer are a couple of generic suguestions:
  • Make sure date and time are correct on your computer. HM can be finicky about this
  • Delete any/all cookie that have to do with Hotmail. Start from scratch
  • Empty your TIF {Note 1 below)
  • Set Hotmail in your trusted sites zone (Note 2 below)
Note 1:
Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)
[*]C:\Windows\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
[*]Empty your "Recycle Bin"


Note 2:
Control Panel>Internet Options>Security(tab)>click on green check mark/Trusted sites> click on site (radio button)>type in URL for hotmail and hit add button>OK/Apply your way out .

See if any/all of those have any effect on your Hotmail ability
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#15 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 17 June 2004 - 06:10 PM

Unfortuneately not.

It progressed to the point where the hotmail homepage wouldn't even load, after doing what you said it will now but I still can't log in. Something keeps redirecting me when I log in, I'm pretty sure it's not hotmail. That must be where the problem is.

Got any other suggestions?

#16 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 17 June 2004 - 06:52 PM

Hey, update. I just switched my default browser to firefox (which I probably should have done sooner) and it's eradicated my problem. Obviously it's something on Internet Explorer.

Tahnks a million for all you help, I never would have cleaned my system if it wasn't for you and spywareinfo.com

Kepp up the good work and THANK YOU!

Just one more thing, I'm going to follow the instructions on site to keep my system clean, but if you have any more suggestions on how to prevent reinfection I'd appreciate it. I'm going to download the firewall and anti virus in your sig now anyway.

THANKS!

#17 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 17 June 2004 - 06:55 PM

how about this as my 'standard' clean finish speech:
PS just happned to sign on just now and you were 1st post in list!!
As far as Hotmail goes it's almost always a cookie issue of one type or another

Congratulations, your log is clean.

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

More info and download is available at link in my signature

And also see TonyKlein's good advice in
So how did I get infected in the first place?

Edited by jwbirdsong, 17 June 2004 - 06:57 PM.

Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button