1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Can't scan for viruses need help

Discussion in 'Earlier Versions of Windows' started by reaper616, Jul 29, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. reaper616

    reaper616 Thread Starter

    Joined:
    Jul 24, 2006
    Messages:
    336
    Hey, my girlfriends PC has alot of viruses but i cannot seem to use any scanner to find them, she has only got AVG, Zonealarm and Adaware SE. all they do is crash, when they are scanning.

    Has anyone got a scanner that, is reliable but free, i really need you help.

    Thankyou
     
  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,090
    Please do this:

    ·Click here to download HJTsetup.exe
    · Save HJTsetup.exe to your desktop.
    · Doubleclick on the HJTsetup.exe icon on your desktop.
    · By default it will install to C:\Program Files\Hijack This.
    · Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    · Put a check by Create a desktop icon then click Next again.
    · Continue to follow the rest of the prompts from there.
    · At the final dialogue box click Finish and it will launch Hijack This.
    · Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    · Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    · Come back here to this thread and Paste the log in your next reply.
    · DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. reaper616

    reaper616 Thread Starter

    Joined:
    Jul 24, 2006
    Messages:
    336
    Logfile of HijackThis v1.99.1
    Scan saved at 21:50:32, on 29/07/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;<local>
    F1 - win.ini: run=hpfsched
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSD215.TMP /R /A
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [defender] C:\\DFNDREF_7.exe
    O4 - HKLM\..\Run: [keyboard] C:\\KYBRDEF_7.exe
    O4 - HKLM\..\Run: [sqyedb9b] RUNDLL32.EXE w0054fb4.dll,n 001edb9a0000000a0054fb4
    O4 - HKLM\..\Run: [newname] C:\\NWNMEF_7.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
    O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3436342D2D2D.exe

    Thats all that came up, and thankyou for your help
     
  4. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,090
    yeah, you've got some issues there. Unfortunately, I am not qualified to tell you what to remove and what to keep, so be patient, and someone who is will be along shortly. If no response by tomorrow, I will parse it for you.

    v
     
  5. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Hello reaper616. Welcome.
    I am reviewing your HijackThis log now and will be back as soon as possible with a reply.
     
  6. reaper616

    reaper616 Thread Starter

    Joined:
    Jul 24, 2006
    Messages:
    336
    Ok, thankyou but just as a guideline on a scale from 1-10 how bad is it?

    I don't know much about Windows Me, i am good with Windows XP which does kind of help with these situations.
     
  7. golferbob

    golferbob

    Joined:
    May 18, 2004
    Messages:
    3,896
  8. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    It's really not that bad. Nothing we can't handle. I'll be posting a fix shortly.

    golferbob makes a valid point, however I would rather handle the Startup entries afterward. If you start unchecking items in MSCONFIG now, I may not get a true picture on the next HJT log. :)
     
  9. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Okay, reaper616, click "My Computer", then C:\
    In the menu bar, File->New->Folder.
    That will create a folder named New Folder, which you can rename to "BFU"

    Please download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk (C:\) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
    RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
    Save it in the same folder you made earlier (c:\BFU).

    Do not run the Uninstaller and the Remover yet.


    Download CWShredder from here, install it, check for updates but don't run it yet.

    Please download the free Ad-Aware SE and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

    1) Open Ad-Aware, and click Check for updates now.

    2) Select Configurations (click the Gear wheel at the top) as follows:
    • General Button > Safety & Settings: Check (Green) all three.
    • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
    Exit Ad-Aware

    Download Spybot S&D from here.
    Open Spybot S&D and click the "Search for Updates" button.
    Place a check in any updates that show up in the window and click "Download Updates" near the top.
    When the update finish and you see green checkmarks by them, click on the shield in the left pane.
    When the progress bar finishes, click on the green "plus" sign (Immunize) near the top.
    When that is done, exit Spybot S&D.

    Download and install CCleaner from here.
    Note: if you do not want the Yahoo Toolbar installed with it, make sure you uncheck that option when you get to the window that shows it during the installation process.
    You guessed it -- don't run that yet either.

    Next, open up HijackThis again, do a system scan only, and when it finishes, place a check before the following lines:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

    O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSD215.TMP /R /A

    O4 - HKLM\..\Run: [defender] C:\\DFNDREF_7.exe

    O4 - HKLM\..\Run: [keyboard] C:\\KYBRDEF_7.exe

    O4 - HKLM\..\Run: [sqyedb9b] RUNDLL32.EXE w0054fb4.dll,n 001edb9a0000000a0054fb4

    O4 - HKLM\..\Run: [newname] C:\\NWNMEF_7.exe

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab

    O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...36342D2D2D.exe

    Then, make sure ALL windows are closed except HijackThis and hit the "Fix checked" button.

    Now we need to set ME to show hidden files:

    • *Open up "My Computer"
      *Click the "View" tab
      *Select "Folder Options" from the drop-down menu
      *Click the "View" tab
      *Under the "Hidden Files" section, place a check by "Show all files"
      *Uncheck "Hide file extensions for known file types"
      *Click "OK"

    Print out the following instructions or copy them to Notepad as you will not have internet access from Safe Mode:

    Now, boot the computer into Safe Mode. Click here for instructions on how to boot into Safe Mode.

    Open CWShredder, close all browser windows, and click on the "fix" button.

    Now run Ad-Aware:
    Open it up and click "Start".
    Place a check by "Perform full system scan".
    Deselect "Search for negligible risk entries".
    Select "Search for low-risk threats".
    Click "Next" and the scan will begin.
    When the scan has completed, click "Next".
    • In the Scanning Results window, select the "Critical Objects" tab.
    • Right-click on the screen and choose "Select all objects"
    • Click Next to remove the infections found, and click OK to the prompt.

    Next, run Spybot S&D:
    Open it up and click "Check for problems".
    When Spybot is complete, it will be showing &#8216;RED&#8217; entries bold 'Black' entries and &#8216;GREEN&#8217; entries in the window.
    Make certain there is a check mark beside all of the RED entries ONLY.
    Choose &#8216;Fix Selected Problems&#8217; and allow Spybot to fix the RED entries.


    Now, open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

    Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu

    Press execute and let it do its job.

    Wait for the complete script execution box to pop up and press OK.
    Press exit to terminate the BFU program.


    Next, using Windows Explorer and/or search function, find and delete the following files marked in bold. Delete ONLY the part in bold.

    C:\\DFNDREF_7.exe

    C:\\KYBRDEF_7.exe

    C:\\NWNMEF_7.exe

    w0054fb4.dll

    Finally, Open CCleaner, leave it on the default settings, click on the "Run Cleaner" button, then click "OK". Let it scan and clean until it's finished, and when it says, "Cleaning complete" in the status window, exit the program.

    Now, reboot the computer back into Normal Mode, run a fresh HijackThis scan, and post the logfile back here to this thread.
     
  10. reaper616

    reaper616 Thread Starter

    Joined:
    Jul 24, 2006
    Messages:
    336
    12:32 31/07/2006Logfile of HijackThis v1.99.1
    Scan saved at 12:31:44, on 31/07/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;<local>
    F1 - win.ini: run=hpfsched
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://download.007guard.com/msnnames/msnnames.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab

    Thankyou for all your help, in advance XD

    P.S - Does anyone know of a good pop-up blocker?
     
  11. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    That is a clean log. :)

    Now let's rehide the sensitive files:

    • *Open up "My Computer"
      *Click the "View" tab
      *Select "Folder Options" from the drop-down menu
      *Click the "View" tab
      *Under the "Hidden Files" section, uncheck "Show all files"
      *Place a check by "Hide file extensions for known file types"
      *Click "OK"

    Now we need to Flush the System Restore. Doing this will remove all your restore points, and any infections that might be hanging in there.

    • * First click on the Start button and then click on the Control Panel.
      * When you are in the Control Panel double-click on the System Icon.
      * Click on the tab labeled Performance.
      * Click on the button labeled File System.
      * Click on the Troubleshooting tab.
      * Place a checkmark in the box labeled Disable System Restore.
      * Press the Apply button and then the OK button. Windows will now prompt you to reboot.
      * Press the Yes button and Windows ME will reboot.
      When the operating system restarts System Restore will be disabled.
    Now we need to re-enable System Restore:

    • * First click on the Start button and then click on the Control Panel.
      * When you are in the Control Panel double-click on the System Icon.
      * Click on the tab labeled Performance.
      * Click on the button labeled File System.
      * Click on the Troubleshooting tab.
      * Remove the checkmark in the box labeled Disable System Restore.
      * Press the Apply button and then the OK button. Windows will now prompt you to reboot.
      * Press the Yes button and Windows ME will reboot.
      When the operating system restarts System Restore will be enabled.
    System Restore is now clean.

    On the next reboot you can select the option to not be reminded that you are running in Selective Startup mode. Then you won't keep getting that window popping up.

    It would probably be a good idea to change any passwords that you have for accessing sensitive data. It is something that one should do every so often anyway.

    I don't know if you use cjb.net, but I would try to avoid it. Here's more on that:
    http://netrn.net/spywareblog/archiv...ons-sponsors-class-of-second-graders-in-ohio/

    Now I'd like to know what scanners you have been trying to use and if they are still having trouble with them.

    For Windows ME, I recommend AdAware and Spybot S&D.
    Make sure you run their update functions before each scan.

    And with the discontinuation of support on 9x systems by Microsoft, it is more important than ever now to utilize other programs to protect these systems which means keeping your antivirus program up-to-date.

    SpywareBlaster offers excellent protection and is available at no cost at http://www.javacoolsoftware.com. You will want to check for updates on that at least once a week too.

    SpywareGuard is also available at the same site and offers very good real-time protection.

    As far as a good pop-up blocker, I use Mozilla Firefox as my regular browser and it has a built-in popup blocker that is very effective. I hear others recommend the Google toolbar which has a popup blocking feature.

    Please let me know how things are running now.
     
  12. reaper616

    reaper616 Thread Starter

    Joined:
    Jul 24, 2006
    Messages:
    336
    Things are going great thankyou, thanks for all of your help, and i have downloaded Mozilla Firefox, you will see me around the forums posting, Thanks again everyone... Thankyou!!!
     
  13. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Glad to hear it. Thanks for letting us know. You can mark this thread "Solved" if you wish by clicking on the "Thread Tools" button near the top of the page and selecting "Mark Thread Solved" and you are very welcome. :)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487571

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice