Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Sam D

4 Posts

780

May 31st, 2004 16:00

MSA64CHK.DLL - Module Not Found Error

Hi all.  Wondering if anyone would be able to help me with a niggling problem with my PC that's been pestering me all day.  So my sister inadvertently partially installed some mp3-related junk on my computer the other day and in the process put the Mostrar Dialler spyware on my PC.  Using http://www.kephyr.com/spywarescanner/library/mostrardialer/index.phtml , I followed the instructions and ended up deleting "MSA64CHK.DLL" from C: / Windows / System 32 .  Although I couldn't find the registry entries mentioned in steps 2 and 3 and couldn't find the file "msapasrc.dll" either.  So it was just "MSA64CHK.DLL" that I deleted from System32.  Now whenever I boot up Windows, I get this message on start-up:

http://img8.photobucket.com/albums/v28/Dabs84/spyware1.jpg

... even though I was told by the instructions that it was a spyware file and that it should be deleted.  Is this because there's a file extension related to this that I also need to delete?  What do I have to do to stop that bloody box appearing on Start-up?  According to Bazooka Spyware Scanner (which I used to detect the spyware intially), the spyware itself has now gone, so that's no longer an issue - I just want to find out the problem of this box appearing on start-up and get rid of it.  If it's any help (though I don't think it's too relevant in this case) my PC's a Dimension 8300:

P4 3GHz HT, 800MHz FSB
128MB Radeon 9800 Pro
512MB DDR400 RAM
Win XP Home

A massive thank you in advance to anyone who's able to help me out.

Cheers.   :)

baskar1234

181 Posts

May 31st, 2004 16:00

For us to have a look,,,... please download HIJACKTHIS from the link below...

http://spywareinfo.com/~merijn/files/HijackThis.exe

Then, unzip it.... run hijackthis....hit SCAN....then hit SAVE LOG.... copy and paste the log in your post....

DO NOT FIX OR REMOVE ANYTHING ANYTHING WITH HIJACKTHIS FOR MOST AOF THE ENTRIES ARE USUALLY HARMESS/ESSENTIAL......

Sam D

4 Posts

May 31st, 2004 16:00

Also noticed this when I tried msconfig in the registry:

http://img8.photobucket.com/albums/v28/Dabs84/spyware.jpg

... which I could untick, but this is now implying to me that the spyware is indeed still on the PC, in spite of me deleting that file I mentioned earlier and Bazooka telling me it was gone.  I want to get the thing off my computer if it's still on there.  Plus I'm getting the odd, sporadic ad pop-up now and then, and a file called "MP3 Download" keeps appearing on my "Favourites" list.  If I delete it, it just reappears there every time I restart the PC.  I'd really appreciate some thorough help with all this - it's driving me mad :o( .

Thanks all. 

Sam D

4 Posts

May 31st, 2004 17:00

OK, I've unchecked MSA64CHK in the system registry (along with "realsched" and "qttask" while I was at it) and I no longer get the "specified module not found" error on start-up of Windows, after unchecking the box.  I still get the feeling that the file I unticked (shown here http://img8.photobucket.com/albums/v28/Dabs84/spyware.jpg ) is still lingering on my system somewhere and I'd feel a lot more at ease if I could delete it somehow.  I deleted MSA64CHK from C:/ Windows / System32 but can't find a similar file elsewhere so it's odd that it's still appearing in the msconfig Startup list.  Anyway, here's the HijackThis log you asked for.  Thanks very much for your help!

 

Logfile of HijackThis v1.97.7
Scan saved at 19:08:42, on 31/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sam\My Documents\My Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.euro.dell.com/uk/en/ecare/Form/Home.asp
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MP3download (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4151ED4F-B39A-469C-869B-045BE22B9663}: NameServer = 212.74.114.129 212.74.114.193

baskar1234

181 Posts

May 31st, 2004 17:00

Hello ,..

close all browser windows.Run hijackthis and put a check on the following entry,.Hit FIX CHECKED button.Nothing bad in your log., looks clean.

O9 - Extra button: MP3download (HKLM)

Also,..copy the following into a notepad file ,.. save it as clear.reg .Be sure to save as "ALL FILES" type.

double click on it and press yes to confirm merge,. .that should remove the registry entries suggested to be removed at kephyr.com .

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{582788CA-7014-4904-A4EE-6FB6108AFE8E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ContentDownload"=-
"MP3NumberOne"=-

 


 

Sam D

4 Posts

May 31st, 2004 18:00

Hi,

Thanks again for your reply.  There appears to be some sort of problem with me doing what you described above.  I ran hijackthis, clicked on Fix (and was told nothing was highlighted and to fix anyway).  I then created the item in Notepad and named it clear.reg, saved as All Files and then then double clicked on the file, but I get the following:

http://img8.photobucket.com/albums/v28/Dabs84/spyware2.jpg

I realised this may have been because you meant you wanted to me to tick "O9 - Extra button: MP3download (HKLM)" in the list and fix that first.  So I did that (selected and clicked on Hit Fix Checked).  It then deleted this item from the list.  I then tried double clicking the clear.reg file I made earlier but I still get the message above. 

I also have an invisible mp3 downloads icon in my Standard Buttons selection in the IE Toolbar that's only highlights and becomes visible when you hover the mouse button over it.  I can't seem to get rid of this:

http://img8.photobucket.com/albums/v28/Dabs84/spyware3.jpg

I'm really tearing my hair out now to be honest - it's such a tiny niggling problem, yet I have no idea how to fix it.  :o(

Message Edited by Sam D on 05-31-2004 02:26 PM

baskar1234

181 Posts

June 1st, 2004 16:00

hello

Follow the link and download the reg file that i have attached to my post there,.

double click on it and press ok to confirm merge. That should probably work.

http://forums.subratam.org/index.php?showtopic=736

Also to remove the mp3download button,.. Right click on the standard buttons section. choose custoomize,. see if you can see an item called mp3download on the right pane.if you find it, click on it to highlight the button and hit REMOVE button

 

Was this post helpful?

View All

0 events found

No Events found!

Top