Tech Support Forum - View Single Post

~~Lobos~~ · 07-01-2004, 09:44 PM

hi mentally_ill

welcome to TSF

uninstall through your control panel add/remove programs

this contains Lop malware please uninstall

Messenger Plus! 3

spykiller.exe this one produces false positives used as goad to purchase
--------------------------------------------------------------------------

Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netde.exe

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [xload32] C:\WINDOWS\System32\netdd.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [Tcap] C:\Documents and Settings\Jamie\Application Data\owdc.exe
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

-----------------------------------------------------------------------------------------------------------------------------------

To enable the viewing of Hidden files follow these steps:

How to see Hidden files and Folders

reboot into safe mode

How to boot into safe mode

delete

these file

C:\Documents and Settings\Jamie\Application Data\owdc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\netdd.exe

these folders

delete both of thesefolder if there and if you decided to not keep them
D:\Program Files\SpyKiller
D:\Program Files\Messenger Plus! 3

empty your recyle bin

reboot to normal
--------------------------------------------------------------------------------
Click here to download AdAware 6 181

Run AdAware
Before you scan with AdAware, check for updates of the reference file 01R325 27.06.2004
by clicking Check for updates now, and following the prompts.

Now to set it up for optimum performance...

Make sure the following settings are configured. Remember that ON=GREEN.

From main window click Start | Activate in-depth scan.

Then click Use custom scanning options | Customize and have these options switched ON...

Scan within archives
Scan active processes
Scan registryDeep scan registry
Scan my IE Favourites for banned URLs
Scan my host-files

Then click the Settings button.. (the gear icon on the top row) then Tweak | Scanning engine and check..

Unload recognised processes during scanning.
Cleaning engine.
Let windows remove files in use at next reboot.

and uncheck..

Automatically try to unregister objects prior to deletion.

Then click Proceed, to save your settings.

Now click the Scan button.

When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them
Restart your computer

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Spybot - Search & Destroy 1.3

Then go Click here and download Spybot Search & Destroy 1.3

Install the program and launch it.

Before scanning press Online and Search for Updates.

Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer.

come back and post a fresh log and tell me how you computers running

Lobos

07-01-2004, 09:44 PM	#4 (permalink)
~~Lobos~~ Troubled Join Date: Apr 2004 Location: California Posts: 943 OS: Windows XP	hi mentally_ill welcome to TSF uninstall through your control panel add/remove programs this contains Lop malware please uninstall Messenger Plus! 3 spykiller.exe this one produces false positives used as goad to purchase -------------------------------------------------------------------------- Run hijack this put a check next to these close all browsers and hit fix Make sure not to miss one R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netde.exe O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [xload32] C:\WINDOWS\System32\netdd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Tcap] C:\Documents and Settings\Jamie\Application Data\owdc.exe O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab ----------------------------------------------------------------------------------------------------------------------------------- To enable the viewing of Hidden files follow these steps: How to see Hidden files and Folders reboot into safe mode How to boot into safe mode delete these file C:\Documents and Settings\Jamie\Application Data\owdc.exe C:\WINDOWS\svchost.exe C:\WINDOWS\System32\netdd.exe these folders delete both of thesefolder if there and if you decided to not keep them D:\Program Files\SpyKiller D:\Program Files\Messenger Plus! 3 empty your recyle bin reboot to normal -------------------------------------------------------------------------------- Click here to download AdAware 6 181 Run AdAware Before you scan with AdAware, check for updates of the reference file 01R325 27.06.2004 by clicking Check for updates now, and following the prompts. Now to set it up for optimum performance... Make sure the following settings are configured. Remember that ON=GREEN. From main window click Start \| Activate in-depth scan. Then click Use custom scanning options \| Customize and have these options switched ON... Scan within archives Scan active processes Scan registryDeep scan registry Scan my IE Favourites for banned URLs Scan my host-files Then click the Settings button.. (the gear icon on the top row) then Tweak \| Scanning engine and check.. Unload recognised processes during scanning. Cleaning engine. Let windows remove files in use at next reboot. and uncheck.. Automatically try to unregister objects prior to deletion. Then click Proceed, to save your settings. Now click the Scan button. When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them Restart your computer ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Spybot - Search & Destroy 1.3 Then go Click here and download Spybot Search & Destroy 1.3 Install the program and launch it. Before scanning press Online and Search for Updates. Put a check mark at and install all updates. Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED. Restart your computer. come back and post a fresh log and tell me how you computers running Lobos