11 replies to this topic

[lovey]

Does the cleaner repair the items listed after scanning ISSUES? Or does it delete all the listed problems. I recently found a toolbar had automatically downloaded on IE and couldn't delete it. I scanned with Adaware and it found 8 critical issues which it cleaned up. All were dialers it seems. Then I scanned with AVG and found another dialer. After all that I found I coundn't open any of my Word docs, I believe it said a missing dll caused the problem. Will this program fix this problem? Will it repair or just delete everything in the ISSUES list? Excel also has trouble loading a document now but if I wait for about 10 mins it eventually displays the page. Anyone have any suggestions. Oh yeah, Win 98se.

[rridgely]

Hello,

ccleaner deletes what it finds. Your problem is spyware. You have run adaware which is good but sometimes that is not enough.

Download this:
http://fileforum.betanews.com/detail/Spybo...oy/1043809773/1
Install and update it. Then do a full system scan.

Make sure that you updated adaware before you scanned with it. If not scan with it again.

Lastly download this and choose to save a log. Post the log here and I can help you fix your problems.
http://www.download....4-10227353.html

[lovey]

rridgely, on Dec 10 2005, 07:49 PM, said:

Hello,

ccleaner deletes what it finds. Your problem is spyware. You have run adaware which is good but sometimes that is not enough.

Download this:
http://fileforum.betanews.com/detail/Spybo...oy/1043809773/1
Install and update it. Then do a full system scan.

Make sure that you updated adaware before you scanned with it. If not scan with it again.

Lastly download this and choose to save a log. Post the log here and I can help you fix your problems.
http://www.download....4-10227353.html

So I should not use the cleaner to fix the problems listed in the issues results. By the way I have spybot but when I tried to use it the program became so slow that it gets to about 726 out of 32000 and slows to a crawl. If I leave it on for 6 hours it still only gets up to about 15000 file sets scanned for. So I uninstalled it and reinstalled it and its still slow.

After I use the Hijack site I guess you mean I should copy and paste the results to you, correct?

[rridgely]

Yes paste the results on to the forum. Also its perfectly safe to clean the issues ccleaner finds. They are not used by winows anymore and are just taking up space.

[lovey]

rridgely, on Dec 10 2005, 08:28 PM, said:

Yes paste the results on to the forum. Also its perfectly safe to clean the issues ccleaner finds. They are not used by winows anymore and are just taking up space.

Here goes, and thanks for the help. I really need those word 2000 docs which I cant access now!

Logfile of HijackThis v1.99.1
Scan saved at 8:23:23 PM, on 10/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CCLEANER\CCLEANER.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {C53ECA95-0159-BE8B-879D-15C492B2BBC2} - runload32.dll (file missing)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www1.sympatico.ca/"); (C:\Program Files\Sympatico\Users\User1\prefs.js)
O2 - BHO: WaveHelper Class - {EA7F9A52-0A05-11D2-98C5-00104B7229C2} - C:\PROGRAM FILES\WAVETOP\BIN\WAVEIE.DLL__SpybotSDDisabled (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\MSGR.EN-US.EN-CA\MSNTB.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SpeedKey.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavist...avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavist...avie5/babelfish (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/hostsearch (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O15 - Trusted Zone: http://chat.msn.com.
O15 - Trusted Zone: http://chat.msn.com
O16 - DPF: {D600B8BE-E2C0-11D0-82C0-00A0C91F048A} (SSCTL.SSDLoad) - http://broadcast.mic...ta/ssct1960.CAB
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver...soft/wtinst.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse....iveX/winrep.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21....es/MsnPUpld.cab
O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcaf...MGOcCtl_new.cab
O16 - DPF: {13E39F7E-FDA8-11D2-99DC-00C04FF40D52} (McAfee OilChange Multi-Product Support Filter) - http://download.mcaf...ge/MGOcFilt.cab
O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcaf.../MCInet_new.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcaf...ed/MGBrwFld.cab
O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcaf...ared/MGTree.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://wpotc.kpdsb.o...sCamControl.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.19,85.255.112.125

[rridgely]

First you need an antivirus. Fill out this offer and install it.
http://www.my-etrust.com/SubscriptCenter/M...gistration.aspx

Next go to this site and scan your pc for spyware.(its an online scan and it will remove what it finds.)
http://www.trendmicr...tro/default.asp

Then reboot and post a new log.

[lovey]

oh yes, and one more thing...
It appears that there may be a problem with windows explorer. If I ctrl-alt-delete, to view the close program window, there is no mention of windows explorer running!

[rridgely]

explorer.exe is running(I see it in your hjt log).

Its running and if it wasnt you would know it.(it basically is the windows interface. Without it you would boot to nothing.)

[lovey]

I use AVG antivirus but only as an on demand scan and as a startup boot scan. Isn't that sufficient?

[Andavari]

lovey, on Dec 10 2005, 08:12 PM, said:

I use AVG antivirus but only as an on  demand scan and as a startup boot scan.  Isn't that sufficient?

You need real-time protection (resident shield) enabled to stop a virus before it infects your system and causes damage versus it infecting your system and later having to remove the virus and repair the damage. Since you don't have real-time protection running that's why it was suggested for you to get an antivirus scanner.

You'd be better off with eTrust that rridgely recommended, and you can use it for free for one full year.

[lovey]

Two things have happened.1. I had to add the Java kernal for the trend micro scan. But then I get the message that an error occurred while transferring data from the internet...so it looks like I cant use trend micro. 2. I installed ezantivirus and then when I rebooted an info window popped up TITLED..."VET RESIDENT PROTECTION VERSION 11.0.8.1" with the message ..CC:\WINDOWS\SYSTEM\DMWNB.EXE is "WIN32.Alureon.U" trojan not cleaned....
This seems to be a part of the eTrust antivirus (ezantivirus). I looked in the c:\windows\system directory but no such file exists. Everytime I startup or restart I get the same message.

By the way, I can now open word docs and excel files load at the normal speed so I'm happy about that..but the latest mesages are confusing. Any ideas??

[rridgely]

Did you uninstall AVG? If not do that now. Then reboot and do a scan with etrust.