We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Any advice please
Comments
-
pchelpman wrote:Make sure you have exposed the Hidden Files & Folders as I explained previously.
These files are still showing as present in the Downloaded Program Files folder…..
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
C:\WINDOWS\Downloaded Program Files\dm.inf
C:\WINDOWS\Downloaded Program Files\imloader.exe
Go to the folder named Downloaded Program Files and delete these three files. Let us know if you can’t find any.
I have the hidden files and folders option ticked and I still couldn't find any of these, i only have maybe 6 files in there, none of which had these file names.pchelpman wrote:Go to Add/Remove programs and uninstall these if still present (again, let us know any you can’t find) …..
VVSN
Media Gateway
Iolo
MyEmoticons
ProSiteFinder
Only one i could find was MyEmoticons which i removed.pchelpman wrote:Go to the following file and delete them IF still present ….
C:\Documents And Settings\Dave\Cookies
It wouldn't let me delete this, it said windows needed the folder.pchelpman wrote:Search your entire system for anything that contains the name funweb. List the results of the search and post them here before you delete anything.
FunWebProducts C:\Documents And Settings\All Users\Application Data\Spybot - Search & Destroy
FunWebProducts1 As Above
FunWebProducts2 As Above
Activescan log.
Incident Status Location
Adware:adware/comet Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\dm.inf
Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Adware:adware/shorty Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\!!147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/virtualbouncer Not disinfected Windows Registry
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Dave\Cookies\dave@bluestreak[1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Dave\Cookies\dave@247realmedia[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Cookies\dave@atdmt[2].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents And Settings\Dave\Cookies\dave@247realmedia[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents And Settings\Dave\Cookies\dave@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents And Settings\Dave\Cookies\dave@bluestreak[2].txt
Potentially unwanted tool: Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
New HijackThis Log.
Logfile of HijackThis v1.99.1
Scan saved at 12:28:39, on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents And Settings\Dave\My Documents\Unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - !!5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NoAdware4] "C:\Program Files\NoAdware4\NoAdware4.exe" :Min:
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: !!4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4635/mcfscan.cab
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Thanks for this, i really do appreciate it.
The computer is running a bit better. I see the logs are smaller now, which seems cool.Accept that some days you're the pigeon and some days you're the statue.0 -
The internet seems to be running really quick now aswell. Thank you for your help. I would buy you a few beers if i could Accept that some days you're the pigeon and some days you're the statue.0
-
Glad to hear things are improving for you. The HijackThis log is almost clean. A few lingering issues.
NoAdware
The run key is still showing up. I thought you have removed/uninstalled this program? No?
Go to Add/Remove programs and check that the program is gone. Uninstall it if it’s still present.
Next open HijackThis and scan. Put a tick mark next to this entry …
O4 - HKCU\..\Run: [NoAdware4] "C:\Program Files\NoAdware4\NoAdware4.exe" :Min:
Ensure all browser windows are closed then click “Fix Checked.”
C:\WINDOWS\Downloaded Program Files “DPF”
These are files - usually ActiveX files - downloaded by websites to enhance the experience of a particular feature of the site. Like those 016 entries in your HijackThis log. Some examples are Yahoo, QuickTime, Windows Updates, Windows Genuine Advantage (certifies that you have a genuine copy of XP, 2000, etc.). Some are stored as plugins.
I see some of your stubborn DPF files are hiding from us. Clearly they don’t want to be found. Let’s get rid of everything in that folder. Maybe that will do the trick.
You can delete them with no damage to your system. If any are required they will be re-downloaded. You can View in Details mode and/or right-click for their Properties to check where they came from if you are ever concerned.
Go to C:\WINDOWS\Downloaded Program Files and delete everything in that folder (but taking care - don't delete the actual folder itself; only the contents).
Also I don't think it's an issue to delete them just to save drive space as they are mostly very small files.
FunWebProducts
Go to those files you found and delete them. Ensure that the site is never visited again.
Delete temp files
Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.
Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Run CCleaner again. A bit of “belt & braces” work......
Empty the Recycle Bin.....
Reboot.....
Scan with Panda Activescan again.....
Post back ….…
> the Activescan report
> a new HijackThis log
> update on how the system is working.0 -
Hi Carrie, I just read the thread and your inital post of finding a bunch of infected files was somthing taht I came accross a few days ago.
Mcafee screwed up with a DAT file update in the last week, it was picking up legitimate programs as infected the removal of them could mess things up I cant remember the list of programs but acrobatupdater was in there.
Since reading the rest of the thread you do have a few issues I will let pchelpman continue0 -
Carrie ... how's it going?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards