Tech Support Forum - View Single Post

**POADB** · 04-21-2005, 05:22 PM

5GB worth of JUNK???? Thats extreme!

BUT!.. we've more work to do.....

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Download LSPFix http://www.greyknight17.com/spy/LSPFix.exe and run it. Click on newdotnet3_88.dll on the left window and click on the arrow pointing to the right. Click Finish and follow the prompts.

Go to Start->Run and type in services.msc and hit OK. Then look for Content Monitoring Tool (msCMTSrvc) and double click on it. Click on the Stop button and under Startup type, choose Disabled.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Do not run it yet.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

OptimumOnline - I've read the Privacy Policy concerning Cookies and Tracking Devices. I recommend you read it also, and decide on if you want to keep this toolbar. I recommend you remove it.

Spykiller - it’s rogueware (or known to be rogueware in the past) and we highly recommend that you uninstall it. Rogue/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection.

BestPopUpKiller - Popup killer of dubious repute by SwankSoft.com.

EbatesMoeMoneyMaker
NewDotNet

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
O1 - Hosts: èJ+èJ+++˜+˜+*+*+¨+¨+°+°+¸ +¸+À+À+È+È+Ð+Ð+Ø+Ø+à+à+è+ è+ð+ð+ø+ø+ ˆ+++f+f+*+*+¨+¨+°+°+¸+¸ +À+À+È+È+Ð+Ð+Ø+Ø+à+à+è+è+ ð+ð+ø+ø+
O1 - Hosts: +˜+˜+*+*+¨+¨+°+°+¸+¸+À+À +È+È+Ð+Ð+Ø+Ø+à+à+è+è+ð+ð+ ø+ø+
O3 - Toolbar: Optimum Online Toolbar - {720B3C59-7EDE-44d1-AD9C-71106A7550AF} - C:\Program Files\OptimumOnline\insptbar.dll
O4 - HKLM\..\Run: [AutoLoader5Fu71NOlIbaK] "C:\WINDOWS\System32\secidctl.exe" /PC="AM.WILD" /HideUninstall
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: RemindU - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_scr ipt0.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_scr ipt0.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\ISHWIN\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\system32\Searchx.htm
C:\Program Files\OptimumOnline\
C:\WINDOWS\System32\secidctl.exe
C:\Program Files\SpyKiller\
C:\Program Files\BestPopUpKiller\
C:\Documents and Settings\All Users\Application Data\
C:\Program Files\EbatesMoeMoneyMaker\
c:\program files\newdotnet\
C:\WINDOWS\system32\msCMTSrvc.exe

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.

04-21-2005, 05:22 PM	#5 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,481 OS: XP SP2	5GB worth of JUNK???? Thats extreme! BUT!.. we've more work to do..... Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Download LSPFix http://www.greyknight17.com/spy/LSPFix.exe and run it. Click on newdotnet3_88.dll on the left window and click on the arrow pointing to the right. Click Finish and follow the prompts. Go to Start->Run and type in services.msc and hit OK. Then look for Content Monitoring Tool (msCMTSrvc) and double click on it. Click on the Stop button and under Startup type, choose Disabled. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Do not run it yet. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: OptimumOnline - I've read the Privacy Policy concerning Cookies and Tracking Devices. I recommend you read it also, and decide on if you want to keep this toolbar. I recommend you remove it. Spykiller - it’s rogueware (or known to be rogueware in the past) and we highly recommend that you uninstall it. Rogue/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection. BestPopUpKiller - Popup killer of dubious repute by SwankSoft.com. EbatesMoeMoneyMaker NewDotNet Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home O1 - Hosts: èJ+èJ+++˜+˜+++¨+¨+°+°+¸ +¸+À+À+È+È+Ð+Ð+Ø+Ø+à+à+è+ è+ð+ð+ø+ø+ ˆ+++f+f+++¨+¨+°+°+¸+¸ +À+À+È+È+Ð+Ð+Ø+Ø+à+à+è+è+ ð+ð+ø+ø+ O1 - Hosts: +˜+˜+++¨+¨+°+°+¸+¸+À+À +È+È+Ð+Ð+Ø+Ø+à+à+è+è+ð+ð+ ø+ø+ O3 - Toolbar: Optimum Online Toolbar - {720B3C59-7EDE-44d1-AD9C-71106A7550AF} - C:\Program Files\OptimumOnline\insptbar.dll O4 - HKLM\..\Run: [AutoLoader5Fu71NOlIbaK] "C:\WINDOWS\System32\secidctl.exe" /PC="AM.WILD" /HideUninstall O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm O8 - Extra context menu item: RemindU - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_scr ipt0.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\upromise_scr ipt0.htm (file missing) (HKCU) O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\ISHWIN\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: C:\WINDOWS\system32\Searchx.htm C:\Program Files\OptimumOnline\ C:\WINDOWS\System32\secidctl.exe C:\Program Files\SpyKiller\ C:\Program Files\BestPopUpKiller\ C:\Documents and Settings\All Users\Application Data\ C:\Program Files\EbatesMoeMoneyMaker\ c:\program files\newdotnet\ C:\WINDOWS\system32\msCMTSrvc.exe Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum. __________________