Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop ups


  • Please log in to reply
11 replies to this topic

#1 davidboundy

davidboundy

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 22 September 2005 - 12:34 PM

i'm trying to fix a friends old computer, i keep getting pop ups telling me i have a buffer overrun or my registry needs fixing whenever i am using internet explorer.

i am using Windows 2000 and have installed all the newest updates from microsoft. i have run adaware and avast which have speeded the computer up but i still get the pop ups.

i have tried using spybot, but after using it i have problems using internet explorer.

here is my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 18:24:24, on 22/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\TcdMon.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME\Tmesrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\msupdate32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [microsft Updates] msupdate32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: TMExLogon.lnk = D:\Program Files\TOSHIBA\TME\TMESRV.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126644841090
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126644796506
O17 - HKLM\System\CCS\Services\Tcpip\..\{55A9B46E-A789-43EA-AAF1-D91343E82DB8}: NameServer = 213.1.119.98 213.1.119.97
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Toshiba CD-ROM Monitor (TcdMon) - Unknown owner - C:\WINNT\system32\TcdMon.exe
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE
O23 - Service: Tmesrv - Unknown owner - C:\Program Files\TOSHIBA\TME\Tmesrv.exe" /Service (file missing)

i would very much appreciate any help

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 AM

Posted 26 September 2005 - 10:19 AM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O4 - HKLM\..\Run: [microsft Updates] msupdate32.exe
O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)
c:\windows\system32\msupdate32.exe

Reboot your computer to go back to normal mode and post a new log.

#3 davidboundy

davidboundy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 26 September 2005 - 11:03 AM

Thank you for the response. I've fixed those items and deleted the file. And here is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 16:55:45, on 26/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\TcdMon.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME\Tmesrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\hijackthis\HijackThis.exe
C:\WINNT\system32\wuauclt.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: TMExLogon.lnk = D:\Program Files\TOSHIBA\TME\TMESRV.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126644841090
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126644796506
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Toshiba CD-ROM Monitor (TcdMon) - Unknown owner - C:\WINNT\system32\TcdMon.exe
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE
O23 - Service: Tmesrv - Unknown owner - C:\Program Files\TOSHIBA\TME\Tmesrv.exe" /Service (file missing)

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 AM

Posted 26 September 2005 - 11:29 AM

Looks good to me..how does it feel to you?

#5 davidboundy

davidboundy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 26 September 2005 - 04:50 PM

The computer feels good. But after 10 mins on the internet i had another pop up for a reg fixer. The pop ups aren't as frequent but they are still coming.

Is this something i need to live with?

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 AM

Posted 26 September 2005 - 07:06 PM

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

#7 davidboundy

davidboundy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 27 September 2005 - 10:03 AM

Here is the WinPFind log.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
qoologic 27/09/2005 10:39:22 202953 C:\Program Files\WinPFind.zip

Checking %WinDir% folder...

Checking %System% folder...
UPX! 09/07/2005 10:03:06 433152 C:\WINNT\SYSTEM32\aswBoot.exe
winsync 07/12/1999 12:00:00 1309184 C:\WINNT\SYSTEM32\WBDBASE.DEU
Umonitor 19/06/2003 20:05:04 529168 C:\WINNT\SYSTEM32\RASDLG.DLL
UPX! 13/09/2005 21:19:24 142293 C:\WINNT\SYSTEM32\awhntrwg.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINNT\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
27/09/2005 11:03:50 H 277182 C:\WINNT\ShellIconCache
27/09/2005 11:09:20 H 1024 C:\WINNT\SYSTEM32\CONFIG\SOFTWARE.LOG
27/09/2005 11:04:02 H 1024 C:\WINNT\SYSTEM32\CONFIG\DEFAULT.LOG
27/09/2005 11:04:46 H 1024 C:\WINNT\SYSTEM32\CONFIG\SECURITY.LOG
27/09/2005 11:06:42 H 1024 C:\WINNT\SYSTEM32\CONFIG\SAM.LOG
13/09/2005 21:44:54 HS 336 C:\WINNT\SYSTEM32\Microsoft\Protect\S-1-5-18\d979cfd4-422f-4339-a769-130d74875e8e
13/09/2005 21:44:54 HS 24 C:\WINNT\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
13/09/2005 19:53:36 HS 336 C:\WINNT\SYSTEM32\Microsoft\Protect\S-1-5-18\User\4e87b644-2837-4f28-b83e-f3a2acff2695
13/09/2005 19:53:36 HS 24 C:\WINNT\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
13/09/2005 14:11:28 H 1024 C:\WINNT\REPAIR\SAM.LOG
13/09/2005 14:11:30 H 1024 C:\WINNT\REPAIR\SECURITY.LOG
22/09/2005 14:38:02 H 0 C:\WINNT\INF\oem7.inf
13/09/2005 22:00:42 H 0 C:\WINNT\INF\oem6.inf
14/09/2005 14:00:00 H 11083 C:\WINNT\Web\ftp.htt
27/09/2005 11:03:58 H 6 C:\WINNT\Tasks\SA.DAT
14/09/2005 13:59:54 H 65 C:\WINNT\Downloaded Program Files\DESKTOP.INI
14/09/2005 13:59:52 H 65 C:\WINNT\Offline Web Pages\DESKTOP.INI
27/09/2005 11:03:56 S 64 C:\WINNT\CSC\00000001
22/09/2005 20:23:10 S 64 C:\WINNT\CSC\csc1.tmp
26/09/2005 17:39:16 S 64 C:\WINNT\CSC\00000002
22/09/2005 18:47:56 H 482024 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\662facd5d2c3cf14ffa5f80ebd6339ae\BIT1.tmp
26/09/2005 17:00:42 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\9b8eb528c34c50917923b4e9706538ae\download\BIT29.tmp
27/09/2005 10:40:08 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\faa9ed1692414422bf18f1b11be95b0c\download\BIT2D.tmp
22/09/2005 19:09:30 H 1467384 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\3525220df9264fcb765797c57144f745\BIT6.tmp
22/09/2005 19:23:30 H 3525384 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\a99e16676c04a2d7e0d1e03a27ad9d87\BITA.tmp
22/09/2005 19:28:30 H 1996544 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\abb481321204ad78815d6ba6695d28c7\BITC.tmp
22/09/2005 19:33:30 H 497384 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\bcba83bfbd8696dcc681193357beb552\BITD.tmp
22/09/2005 19:42:28 H 4677624 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\6490aa616c7cecc6226dcf662ef9fb1b\BITF.tmp
22/09/2005 19:47:30 H 482024 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\95902ca3658f1c9d9bfada7f8a2981cc\BIT11.tmp
22/09/2005 19:56:22 H 482024 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\e79e08707cd0cfbb2c7a1642273d348b\BIT13.tmp
22/09/2005 20:01:22 H 480488 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\e8079a4be14fe666af494db447c92755\BIT15.tmp
23/09/2005 11:01:26 H 5319000 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\09a5679abc8f910f48af2100a235af8d\BIT17.tmp
23/09/2005 11:06:26 H 331624 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\b70a49710949c48d7f666dd5623471da\BIT19.tmp
26/09/2005 17:05:16 H 2914040 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\0a3f65e651a699928559aea94fac83a3\BIT1F.tmp
26/09/2005 17:14:34 H 851808 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\e90f45ad83050093ac7b0d7a93f93cb1\BIT22.tmp
27/09/2005 10:18:22 H 726520 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\8cfdb75dfefcac0c2c915750ecfbd900\BIT23.tmp
27/09/2005 10:42:56 H 2972152 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\78c6c5460c235010103d445602f2c6c0\BIT28.tmp
22/09/2005 18:43:34 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\3d09437329e9438ef15057abea4db3c7\BIT2B.tmp
22/09/2005 18:43:34 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\f9fd2a9a01cff04e01fb083e756df24f\BIT2C.tmp
22/09/2005 18:43:36 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\b26669ae5115a72508e2cf5b9c860478\BIT2D.tmp
22/09/2005 18:43:36 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\c1da8f5ba56a2719b308dc79ce696fbb\BIT2E.tmp
22/09/2005 18:43:38 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\eafa46f664786f7f17d088db55761b6b\BIT2F.tmp
22/09/2005 18:43:40 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\395559a529239690d52b6ffb94649966\BIT30.tmp
22/09/2005 18:43:40 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\206d5d2edc968b057ea9cc4245ca6f16\BIT31.tmp
22/09/2005 18:43:42 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\1e28e3e44d278a5858d1239e481f944c\BIT33.tmp
22/09/2005 18:43:42 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\b6a12155111c016f483118138cc8f134\BIT35.tmp
22/09/2005 18:43:44 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\5da2b1ebe24d728419f0ba4e4eee8926\BIT36.tmp
22/09/2005 18:43:44 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\631fabcf7a86696b336e1db0eb9c9b10\BIT38.tmp
22/09/2005 18:43:46 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\c7a63e85a1cd859a6b9b9e519a673da5\BIT39.tmp
22/09/2005 18:43:48 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\b32e57181f486df45f4c5612ab92d266\BIT3B.tmp
22/09/2005 18:56:38 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\eaf5724099f24e059ef6ffb91d27da15\download\BIT79.tmp
22/09/2005 19:00:44 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\226132c91366f6219619df5e649e3065\download\BIT82.tmp
22/09/2005 19:13:42 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\04ff60852205f339db7b6d1f7e189a7d\download\BIT8B.tmp
22/09/2005 19:37:36 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\fa9317b74efb6d88d358f995a8cfcdb8\download\BIT94.tmp
23/09/2005 11:10:16 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\c1b0e094a9d80d62eac8760b49b3a4da\download\BIT20.tmp
23/09/2005 11:13:20 H 0 C:\WINNT\SoftwareDistribution\Download\S-1-5-18\5093b2b7323a8818df70be4b5fed6b55\download\BIT29.tmp

Checking for CPL files...
Microsoft Corporation 19/06/2003 20:05:04 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 07/12/1999 12:00:00 31504 C:\WINNT\SYSTEM32\FAX.CPL
Microsoft Corporation 07/12/1999 12:00:00 128272 C:\WINNT\SYSTEM32\HDWWIZ.CPL
Microsoft Corporation 07/12/1999 12:00:00 118032 C:\WINNT\SYSTEM32\INTL.CPL
Microsoft Corporation 07/12/1999 12:00:00 36112 C:\WINNT\SYSTEM32\IRPROPS.CPL
Microsoft Corporation 07/12/1999 12:00:00 60688 C:\WINNT\SYSTEM32\JOY.CPL
Microsoft Corporation 07/12/1999 12:00:00 122128 C:\WINNT\SYSTEM32\MAIN.CPL
Microsoft Corporation 07/12/1999 12:00:00 303888 C:\WINNT\SYSTEM32\MMSYS.CPL
Microsoft Corporation 07/12/1999 12:00:00 17168 C:\WINNT\SYSTEM32\NCPA.CPL
Microsoft Corporation 07/12/1999 12:00:00 41232 C:\WINNT\SYSTEM32\NWC.CPL
Microsoft Corporation 19/06/2003 20:05:04 41232 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 19/06/2003 20:05:04 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Microsoft Corporation 19/06/2003 20:05:04 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 07/12/1999 12:00:00 5904 C:\WINNT\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 07/12/1999 12:00:00 61200 C:\WINNT\SYSTEM32\TIMEDATE.CPL
Microsoft Corporation 07/12/1999 12:00:00 67344 C:\WINNT\SYSTEM32\ACCESS.CPL
Toshiba Corporation 27/06/2000 16:01:06 448512 C:\WINNT\SYSTEM32\TPWRSAVE.CPL
Toshiba Corp. 27/06/2000 16:20:08 233472 C:\WINNT\SYSTEM32\HWSETUP.CPL
Toshiba 27/06/2000 15:38:32 143360 C:\WINNT\SYSTEM32\TMEPROP.CPL
Microsoft Corporation 19/06/2003 20:05:04 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 19/06/2003 20:05:04 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINNT\SYSTEM32\DLLCACHE\wuaucpl.cpl
Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINNT\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 07/12/1999 12:00:00 41232 C:\WINNT\SYSTEM32\DLLCACHE\NWC.CPL
IBM Corporation 23/09/1999 18:44:36 94208 C:\WINNT\SYSTEM32\DLLCACHE\MWCPA32.CPL

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
04/08/2000 12:30:30 504 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMExLogon.lnk
22/09/2005 17:44:24 1307 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINNT\system32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Synchronization Manager mobsync.exe /logon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
internat.exe internat.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 27/09/2005 11:11:52

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 AM

Posted 27 September 2005 - 09:09 PM

I dont see anything...i am wondering if that was just a popup off of a site you visted. Those will still come up here and there. Have you been getting a lot todya?

#9 davidboundy

davidboundy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 28 September 2005 - 05:08 AM

The messages still come up when i'm connected but not using the internet. There will be nothing for ten minutes then it will throw up about 7 messages. An example of one of the messages:

Messenger Service

Message from SYSTEM to ALERT on 28/9/2005 10:51:44

Microsoft Windows has encountered an Internal Error
Your windows registry is corrupted.

We recommend a complete system scan.

Visit

http://FixReg32.com

To repair now

Then it gives me the OK option.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 AM

Posted 28 September 2005 - 08:03 AM

Ahh thats a different type of popup. Click on start, then run, and type services.msc and press enter. When the services control panel opens, scroll down till you see messenger and double click on it. Press the stop button and then change its startup to disabled. Let me know if that makes those popups stop

#11 davidboundy

davidboundy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 28 September 2005 - 03:29 PM

That's worked. Thank you very much for all your help, i'm going to donate some money to the site.

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 AM

Posted 28 September 2005 - 03:37 PM

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users