WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

unwanted files cleanup help

Started by kestrel , Jun 06 2006 11:49 AM

This topic is locked

11 replies to this topic

#1 kestrel

New Member

New Member
6 posts

Posted 06 June 2006 - 11:49 AM

In the last few days I have been unable to open up MSN Messenger 7.5 I keep getting an error message: 80072ee6 and just cannot seem to solve the problem I downloaded Edwido anti-malware and did a full scan deleting whatever I thought was not needed. Then I ran HijackThis and have saved the log for someone to have a look at and delete all unwanted files. Hope there is someone out there who can help me.... Thanks

Logfile of HijackThis v1.99.1
Scan saved at 09:17:18 PM, on 06/06/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.za/0SEENZA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.za/
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-za\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-za\msntb.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\scccv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093689169644
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangoc...e/bridge-c9.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

Advertisements

Register to Remove

#2 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 06 June 2006 - 07:44 PM

Hello kestrel and Welcome to TomCoyote,

Let's try to clean up your system and also fix that error. Please do the following:

Hello and Welcome to the Forums!

You are running HijackThis from its zipped archive; please create a new folder for it and unzip the program into it. It is very important you do this before anything else! Please do not have hijacthis in a temporary folder either.
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

Please set your system to show all files; please see here if you're unsure how to do this.

Scan with HijackThis. Place a check against each of the following:
B]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.za/0SEENZA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.za/
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\scccv.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangoc...e/bridge-c9.cab
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\SurfAccuracy<==folder
C:\WINDOWS\scccv.exe<==file
Exit Explorer, and reboot as normal afterwards.

STEP 1.
======
SpySweeper

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless you are instructed to.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.
Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Copy and paste that information from Kapersky in your next post.

========================
Please try the following to fix your 80072EE6 error
http://www.askmarvin...?showtopic=4092

If you are seeing the 80072EE6 error message when trying to log-in you may find the following tip useful;
• Close off MSN Messenger
• Go to Start
• Click Run
• Enter the following in the box regsvr32 MSXML3.dll
• Re-Start MSN Messenger
If that doesn't case it for you then try flushing the DNS cache on your machine .

Go to Start -> Run and type CMD and then hit the <enter> key.

Then at the command prompt, type ipconfig /flushdns and then hit enter and retry connecting with MSN Messenger.

==============================

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Results from Spy Sweeper, and Kapersky into this thread. Were you able to fix the 80072EE6 error?

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 kestrel

New Member

New Member
6 posts

Posted 07 June 2006 - 11:19 AM

Hello Susan538, I see that the post is too long and so will have to split it in two - her is part one... Thanks for the reply - I have tried to do all the things you have suggested and this is what has happened. I deleted the files you suggested after running HijackThis but could not fing the two files in Explorer C:\Program Files\SurfAccuracy<==folder C:\WINDOWS\scccv.exe<==file Then I ran Spysweeper and here is the file 04:07 PM: | Start of Session, 07 June 2006 | 04:07 PM: Spy Sweeper started 04:07 PM: Sweep initiated using definitions version 693 04:07 PM: Starting Memory Sweep 04:10 PM: Memory Sweep Complete, Elapsed Time: 00:03:55 04:10 PM: Starting Registry Sweep 04:11 PM: Found Adware: ist software 04:11 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854) 04:11 PM: Found Adware: ist yoursitebar 04:11 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857) 04:11 PM: Found Adware: ist surf accuracy 04:11 PM: HKLM\software\sacc\ (13 subtraces) (ID = 203068) 04:11 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070) 04:11 PM: Found Adware: winad 04:11 PM: HKCR\mediagatewayx.installer\ (5 subtraces) (ID = 372857) 04:11 PM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859) 04:11 PM: HKLM\software\classes\mediagatewayx.installer\ (5 subtraces) (ID = 398902) 04:11 PM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904) 04:11 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026) 04:11 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028) 04:11 PM: HKCR\mediagatewayx.installer.1\ (3 subtraces) (ID = 1023379) 04:11 PM: HKCR\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}\ (1 subtraces) (ID = 1023385) 04:11 PM: HKCR\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5}\ (9 subtraces) (ID = 1023387) 04:11 PM: HKLM\software\classes\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5}\ (9 subtraces) (ID = 1023399) 04:11 PM: HKLM\software\classes\mediagatewayx.installer.1\ (3 subtraces) (ID = 1023409) 04:11 PM: HKCR\appid\activex.dll\ || appid (ID = 1049592) 04:11 PM: HKLM\software\classes\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}\ (1 subtraces) (ID = 1049593) 04:11 PM: HKLM\software\classes\appid\activex.dll\ || appid (ID = 1049594) 04:11 PM: Found Adware: 180search assistant/zango 04:11 PM: HKCR\saix.installercaller.1\ (3 subtraces) (ID = 1156609) 04:11 PM: HKCR\saix.installercaller\ (5 subtraces) (ID = 1156613) 04:11 PM: HKCR\clsid\{deceaaa2-370a-49bb-9362-68c3a58ddc62}\ (15 subtraces) (ID = 1156619) 04:11 PM: HKLM\software\classes\clsid\{deceaaa2-370a-49bb-9362-68c3a58ddc62}\ (15 subtraces) (ID = 1156640) 04:11 PM: HKLM\software\classes\saix.installercaller.1\ (3 subtraces) (ID = 1156657) 04:11 PM: HKLM\software\classes\saix.installercaller\ (5 subtraces) (ID = 1156661) 04:11 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/saix.dll\ (2 subtraces) (ID = 1156667) 04:11 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\saix.dll (ID = 1156675) 04:11 PM: Found Adware: qsearch 04:11 PM: HKU\S-1-5-21-1078081533-1606980848-1343024091-1003\software\program info\ (1 subtraces) (ID = 1028138) 04:11 PM: Registry Sweep Complete, Elapsed Time:00:00:09 04:11 PM: Starting Cookie Sweep 04:11 PM: Found Spy Cookie: 2o7.net cookie 04:11 PM: owner@2o7[2].txt (ID = 1957) 04:11 PM: Found Spy Cookie: about cookie 04:11 PM: owner@about[1].txt (ID = 2037) 04:11 PM: Found Spy Cookie: ask cookie 04:11 PM: owner@ask[1].txt (ID = 2245) 04:11 PM: Found Spy Cookie: a cookie 04:11 PM: owner@a[1].txt (ID = 2027) 04:11 PM: owner@experts.about[1].txt (ID = 2038) 04:11 PM: owner@forums.about[1].txt (ID = 2038) 04:11 PM: Found Spy Cookie: passion cookie 04:11 PM: owner@passion[2].txt (ID = 3113) 04:11 PM: Found Spy Cookie: questionmarket cookie 04:11 PM: owner@questionmarket[1].txt (ID = 3217) 04:11 PM: Found Spy Cookie: rambler cookie 04:11 PM: owner@rambler[1].txt (ID = 3225) 04:11 PM: Found Spy Cookie: realmedia cookie 04:11 PM: owner@realmedia[1].txt (ID = 3235) 04:11 PM: owner@running.about[1].txt (ID = 2038) 04:11 PM: owner@sportsmedicine.about[2].txt (ID = 2038) 04:11 PM: Found Spy Cookie: dealtime cookie 04:11 PM: owner@stat.dealtime[2].txt (ID = 2506) 04:11 PM: Found Spy Cookie: toplist cookie 04:11 PM: owner@toplist[1].txt (ID = 3557) 04:11 PM: Found Spy Cookie: webpower cookie 04:11 PM: owner@webpower[1].txt (ID = 3660) 04:11 PM: Found Spy Cookie: xiti cookie 04:11 PM: owner@xiti[1].txt (ID = 3717) 04:11 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 04:11 PM: Starting File Sweep 04:11 PM: Found Adware: winantispyware 2005 04:11 PM: c:\program files\winantispyware 2006 scanner (8 subtraces) (ID = -2147456710) 04:17 PM: uwas6_0001_n69m0903netinstaller.exe (ID = 299330) 04:19 PM: uninstaller.prod.v1002.23mar2006.exe[1].0c49b348ce1d3b98bec782d48a948dc2 (ID = 273931) 04:31 PM: uwas6_0001_n69m0903netinstaller.exe (ID = 299330) 04:39 PM: winantispyware2006freeinstall[1].cab (ID = 299334) 04:40 PM: setup.exe (ID = 299332) 04:42 PM: scccv.exe (ID = 266608) 04:44 PM: winantispyware2006setup.exe (ID = 299341) 04:45 PM: Found Adware: purityscan 04:45 PM: !update.exe (ID = 156746) 04:47 PM: Warning: Unhandled Archive Type 04:48 PM: Warning: Invalid Stream 04:48 PM: File Sweep Complete, Elapsed Time: 00:37:43 04:48 PM: Full Sweep has completed. Elapsed time 00:41:54 04:48 PM: Traces Found: 166 04:53 PM: Removal process initiated 04:53 PM: Quarantining All Traces: 180search assistant/zango 04:53 PM: Quarantining All Traces: ist yoursitebar 04:53 PM: Quarantining All Traces: purityscan 04:53 PM: Quarantining All Traces: qsearch 04:53 PM: Quarantining All Traces: winad 04:53 PM: Quarantining All Traces: ist software 04:53 PM: Quarantining All Traces: ist surf accuracy 04:53 PM: Quarantining All Traces: 2o7.net cookie 04:53 PM: Quarantining All Traces: a cookie 04:53 PM: Quarantining All Traces: about cookie 04:53 PM: Quarantining All Traces: ask cookie 04:53 PM: Quarantining All Traces: dealtime cookie 04:53 PM: Quarantining All Traces: passion cookie 04:53 PM: Quarantining All Traces: questionmarket cookie 04:53 PM: Quarantining All Traces: rambler cookie 04:53 PM: Quarantining All Traces: realmedia cookie 04:53 PM: Quarantining All Traces: toplist cookie 04:53 PM: Quarantining All Traces: webpower cookie 04:53 PM: Quarantining All Traces: winantispyware 2005 04:53 PM: Quarantining All Traces: xiti cookie 04:53 PM: Removal process completed. Elapsed time 00:00:32 ******** Here is the Kaspersky scan results ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, June 07, 2006 6:49:28 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 7/06/2006 Kaspersky Anti-Virus database records: 187019 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 179041 Number of viruses found: 1 Number of infected objects: 3 Number of suspicious objects: 0 Duration of the scan process: 01:35:03 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U1DU7Q9K\ysb_regular[1].cab/ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U1DU7Q9K\ysb_regular[1].cab CAB: infected - 1 skipped C:\Program Files\HijackThis\backups\backup-20060607-120610-824.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped Scan process completed. I will end part one here and send the rest.....

#4 kestrel

New Member

New Member
6 posts

Posted 07 June 2006 - 11:21 AM

And finally the HijackThis scan results

And herewith part two......

Logfile of HijackThis v1.99.1
Scan saved at 11:52:51 AM, on 07/06/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.za/0SEENZA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.za/
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-za\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-za\msntb.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\scccv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093689169644
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangoc...e/bridge-c9.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

I folowed the instructions for the problem with MSN Messenger and even deleted and re-installed the program but it still gives me the same message and same error message. No result there I'm afraid.

Just glancing through the HijackThis files - it looks like there are file there that you told me to delete?? Not too sure if I have done everything correctly or not - maybe I will have to run it again after you take a look for me. Thanks.

I hope this is not too much for you to look through - I am completely lost and would not know where to start - thanks for your help.

Regards
Kestrel

#5 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 07 June 2006 - 01:03 PM

Hello kestrel,

Let's try the following:

STEP 1.
===================
Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose:Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE:If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
STEP 2.
======
Hoster

Please download hoster.

Unzip Hoster.zip
Open Hoster.exe.
Then click on "Restore Original Hosts"
Close program when complete.
Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
STEP 3.
======
Delete Files with Killbox

Download Pocket Killbox from http://www.downloads...org/KillBox.zip and unzip it; save it to your Desktop. DO NOT RUN IT YET.
==========
Double-click on KillBox.exe to launch the program. It is the red circle with a large white X in it
- Highlight the files in bold RED below and press the Ctrl key and the C key at the same time to copy them to the clipboard
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\scccv.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U1DU7Q9K\ysb_regular[1].cab
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U1DU7Q9K\ysb_regular[1].cab

In Killbox click on the File menu and then the Paste from Clipboard item
in the Full Path of File to Delete field drop down the arrow and make sure that all of the files are listed
(Please note that the tool checks your computer for the presence of the files pasted into the box so if files are not present, it is possible that you might not see all files you pasted into the box.)
Click the option to Delete on Reboot
- If not greyed out click the checkbox for Unregister .dll Before Deleting
- click End Explorer Shell while Killing File
- Now click on the red button with a white 'X' in the middle to delete the files
- Click Yes when it says all files will be deleted on the next reboot
- Click Yes when it asks if you want to reboot now
(Note: If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just reboot manually)

Note: Killbox will let you know if a file does not exist. If that happens, just continue on.

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.

==========
Scan with HijackThis. Place a check against each of the following :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.za/0SEENZA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.za/
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\scccv.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangoc...e/bridge-c9.cab
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Post back a fresh HijackThis log and we will take another look.

Edited by Susan528, 07 June 2006 - 01:04 PM.

#6 kestrel

New Member

New Member
6 posts

Posted 08 June 2006 - 01:11 AM

Hi again Susan528,

OK so we try again ........ thanks

Step 1 - ATF cleaner - completed - no problems

Step 2 - Hoster - completed, after reboot - blue screen with Please wait .......... and then the rest of the start up was normal if just a little slower.

herer is the Hoster log (which I could only save in Word format?)

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost

Step 3 - Killbox - could not paste from clipboard (just me I think) so did each line one at a time - for each filename I got the message 'does not seem to exist' but at the end it said that the files would be deleted at next reboot. I had to do a manual reboot.

For the final step - HijackThis - there was only one file out of all those you gave me to check against and that was the second line
RO - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.msn.co.za/

Here with the HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 09:11:25 AM, on 08/06/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.za/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-za\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-za\msntb.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093689169644
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Just an idea to run by you please - I am still unable to log on to MSN Messenger - would a restore operation to about one week ago fix the problem (and would that cause problems with the files that I have changed over the last two sessions with you?) or should I just download version 7.0 for now?

Again, thanks for your time
Kestrel

#7 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 08 June 2006 - 06:10 AM

Hello Kestrel,

There seems to be many people who are experiecing problems with the MSN 7.5. So MSN 7.5 was working fine for you and then a few days ago you started having problems?

Let's try the following:
http://forums.micros...teID=1&PageID=1

Try to re-register the crypto dll's by typing every line below in the command shell (start->execute->cmd), or copy/paste into Notepad.

regsvr32 Dssenh.dll /s 
regsvr32 Gpkcsp.dll /s 
regsvr32 Slbcsp.dll /s 
regsvr32 Sccbase.dll /s 
regsvr32 Softpub.dll /s 
regsvr32 Wintrust.dll /s 
regsvr32 Initpki.dll /s 
regsvr32 Rsaenh.dll /s 
regsvr32 Mssip32.dll /s 
regsvr32 Cryptdlg.dll /s
regsvr32 Msxml3.dll /s

Save it to your desktop as crypto.bat .

CLOSE NOTEPAD.

Now, <double-click> the crypto.bat file on the desktop.

If this does not work then maybe a restore to when it was working is the next step. Then we would need to check for malware again but we can do that.

#8 kestrel

New Member

New Member
6 posts

Posted 08 June 2006 - 11:15 AM

Hi again Susan Doesn't look as if I'm having much luck - seems that the Malware problem is now fixed, thank you, unless you have more files for me to delete!. Not much joy with the MSN Messenger. I downloaded version 7 and that worked ok. Then I did a restore to when I remember it working last and that did not work either, so I undid the restore and will just have to do with version 7 for now. I see that there are a lot of people having problems and it is very strange that in my house I have 5 desktop computers all sharing an internet link and one laptop with a wireless connection. The only one with the problem is the laptop which I use whenever I am away from home which is at least once a week. So, I will make do with what I have for now - many thanks for your assistance. Regards Kestrel

#9 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 08 June 2006 - 07:54 PM

Hello kestrel,

I am sorry that I could not help you with the MSN Messenger problem but it appears that many are experiencing this problem.

Let's run one more scan to check for malware.

Run a Panda online ActiveScan
Panda Activescan

On the top right go to: Free Use ActiveScan
Follow the prompts, provide the required info, select: Scan Now!
Allow the ActiveX download.

Select a device to scan: Local Disks

Next, select: See Report
Then select, Save Report and save to a location where you can find it.

Please post (reply) with the results of Panda.

#10 kestrel

New Member

New Member
6 posts

Posted 09 June 2006 - 05:56 AM

Thaks, Looks like we are whitling down to just a few at last - here is the Panda scan log... Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt Spyware:Cookie/Tucows Regards Kestrel

#11 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 09 June 2006 - 02:48 PM

Hello kestrel,

Your logs appear to be clean. You have some cookies that show up though. To delete cookies please do the following:
To delete a cookie

In Internet Explorer, on the Tools menu, click Internet Options.
On the General tab, click Settings, and then click View files.
Select the cookie you want to delete, and then, on the File menu, click Delete

Hint: If you click the menu heading, the item will be sorted by that item, so if you click "Type" and scroll down, the cookies will be sorted together.
Notes

Some Web sites store your member name and password or other personally identifiable information about you in a cookie; therefore, if you delete a cookie, you may need to re-enter this information the next time you visit the site.
To delete all of the cookies on your computer, click Delete Cookies on the General tab.

I did not notice a firewall application installed. Are you relying on the Windows XP firewall? There are firewall applications that are free to use for personal use. Please consider obtaining a firewall application.

You need to update your Java because a new release just came out recently.

Please do the following:

STEP 1.
======
Cleanmgr
To clean temporary files:

Go > start > run and type cleanmgr and click OK
Scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
Click OK to remove those files.
Click Yes to confirm deletion.

STEP 2.( Windows XP only)
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder

STEP 3.
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.

Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

STEP 4.
======
DON’T BECOME OVERCONFIDENT WITH ANTIVIRUS APPLICATIONS INSTALLED!!!

http://forum.malware...39eba6ea0b5e8ee

Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.

"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
Test your Firewall - Please test your firewall and make sure it is working properly.
Test Firewall
Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Update your Java to the latest version. Uninstall any and all versions you have listed in add/remove programs and install the latest version from here:
https://sdlc6c.sun.c...4E1EA2D176EE3EA
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
More info on how to prevent malware you can also find here (By Tony Klein)

Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.

Susan

#12 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 12 June 2006 - 12:35 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Body Background

skin color theme