MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Software Support arrow Operating Systems : Microsoft arrow Topic: no starting, removal of hijacking/spyware/adware
September 20, 2019, 09:23:39 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
September 20, 2019, 09:23:39 PM

Login with username, password and session length
 
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: no starting, removal of hijacking/spyware/adware  (Read 2459 times)
A Taste of Lethe
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« on: September 05, 2004, 12:50:43 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:  Windows XP
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



I am completely frustrated.  Whenever I try to open up a file that could help remove all the tons of spyware/adware/BHO on my computer, it either closes itself or gives an error message before closing itself.  More often than not, it just closes itself.  Sometimes the program will then delete itself from my computer.  This is also happening with many other .exe files I have.

Edit:  Sometimes, an error message will show up.  An example is:  
C:/documents and settings/dylan/my documents/cwshredder.exe is not a valid Win32 application.

Can someone help me?

I will also run HijackThis and leave the results, so if someone knows what to do with that, that would be extremely appreciated.
« Last Edit: September 05, 2004, 12:52:53 AM by A Taste of Lethe » Logged

 
A Taste of Lethe
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #1 on: September 05, 2004, 12:56:59 AM »

And here is my hijackthis file.  It's gibberish to me, and I don't want to ruin my system by getting delete-happy.


Logfile of HijackThis v1.97.7
Scan saved at 7:51:13 PM, on 9/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\iul7txw26g9p.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\System32\iul7txw26g9p.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Documents and Settings\Dylan\My Documents\Useful Stuff\To Save My Dying Computer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://adserv.internetfuel.com/cgi-bin/omnidirect.cgi?SID=82&PID=2&LID=3
R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL (file missing)
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\484c9mg3l49.dll
O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL (file missing)
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - HKLM\..\Run: [ylajklod] C:\WINDOWS\ylajklod.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [System Toolkit] C:\WINDOWS\Systools.exe
O4 - HKLM\..\Run: [r] C:\WINDOWS\System32\vkycdz.exe
O4 - HKLM\..\Run: [otyzurdq] C:\WINDOWS\bbustzrz.exe
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [fqp] C:\WINDOWS\fqp.exe
O4 - HKLM\..\Run: [e] C:\WINDOWS\System32\vkycdz.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [pnpsvc_lock] C:\WINDOWS\startsvs.exe
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\iul7txw26g9p.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\RunServices: [b0rg 100487-083t] syscfg32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: Basic Foundation Series - Singing Is Easy!.lnk = ?
O4 - Startup: Basic Foundation Series - Singing Is Easy.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.1.28/mahjong/mahjong-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) - http://activex.liveupdate.com/controls/cres.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://aol.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=8eed54950496bfeb5899b8ba81fbaa8f52698706bfeedff388bf3e8d58cf5f61afd31721d03773ca067a2afbc699d63f22ed05f72cb55925:0db69b72ff39cfe5e585d7b34e81015d
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/093ff0e78610e3844b00/netzip/RdxIE601.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F5A9926-F300-4060-80EB-CF22A9F00616}: NameServer = 205.188.146.146

Logged

 
Ageless
Dark Overlord of the Universe
Global Moderator
Hero Member
*****

Karma: +4/-1
Offline Offline

Gender: Male
Posts: 1779



Bookmark and Share

View Profile
« Reply #2 on: September 05, 2004, 12:58:18 AM »

I know for a fact that the person who programmed CWShredder quit programming it and adding to it because of problems like this. But then again, have you never heard of a decent firewall and other Anti Spyware programs?

Try http://pcf.mundayweb.com/index.php?view=106 for a list I helped compile, make sure you install everything and update it before you run it. I know CWS is in the list, but heck there are more spyware examples out there.
Logged

Jord.
A Taste of Lethe
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #3 on: September 05, 2004, 01:00:34 AM »

Still though, that doesn't help how a bunch of other programs will not start at all, or will close themselves.

Plus, I don't know how to use the CWShredder alternative.  The DOS program that opens from it simply gives a list of I-have-no-idea-what and I have no idea what to do with it.
« Last Edit: September 05, 2004, 01:08:13 AM by A Taste of Lethe » Logged

 
Ageless
Dark Overlord of the Universe
Global Moderator
Hero Member
*****

Karma: +4/-1
Offline Offline

Gender: Male
Posts: 1779



Bookmark and Share

View Profile
« Reply #4 on: September 05, 2004, 01:14:16 AM »

I meant for you to use the other options. Not only CWShredder.

Anyway, do you have any AV program installed and up to date?
Do you have a real firewall, not the flimsy thing XP says it has up & ready for you?

Oh heck, have you considered a reformat & reinstall of Windows, then starting fresh?
« Last Edit: September 05, 2004, 01:15:44 AM by Ageless » Logged

Jord.
A Taste of Lethe
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #5 on: September 05, 2004, 01:20:57 AM »

My AV program is totally messed up.  It's McAffee and it's just basically inoperable.  Tell you the truth, I do not even know what a firewall does. ((GASP!!!))  So there you have it.
Logged

 
Ageless
Dark Overlord of the Universe
Global Moderator
Hero Member
*****

Karma: +4/-1
Offline Offline

Gender: Male
Posts: 1779



Bookmark and Share

View Profile
« Reply #6 on: September 05, 2004, 02:23:23 AM »

A quick explanation on what a firewall does: Your computer, when it is on a network or on the the internet, opens 65535 ports to communicate with to other computers. Most of these ports aren't used for real, but some are, be it by Windows, applications or worse, viruses, trojans and worms.

A firewall in itself will close down all open ports to the internet, so if a malicious PC does a so called port scan, it won't find your PC on the internet. Thus it won't be able to write files to your PC.

Yet, if you got an email with a worm/trojan/virus in it, opened it and got infected, then you're still open to the internet, as this one works from the inside out. You telling me that MacAfee isn't working is telling me that you got a bigger problem.

All advice I can give you is to backup those files that you need to hold on to (emails and documents for instance) and then reformat your harddrive, before you reinstall Windows.
Logged

Jord.
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 06, 2017, 12:43:00 PM