When you run the uninstaller, you MUST have an internet connection active for it to work.
Please run this twice with a reboot in between. ---------------------------- Check these in hijackthis, AND WITH ALL OTHER WINDOWS CLOSED, fix checked.
Hey Chris. Here's an updated log after doing everything you told me, including rebooting in SAFE mode:
Logfile of HijackThis v1.97.7
Scan saved at 1:37:21 AM, on 3/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
OK, for all you people having netspry problems. Here's something you should do, when the hompage appears, go to the VERY BOTTOM of the webpage. AT the bottom, there is a blue link that goes to "about us, blah blah blah, removal" click on removal and you will get the information on how to remove the homepage. OVERALL, this is what oyu have to do: Exit out of iexplorer, GOTO C:/program files/ and delete the folder called 'homepage' and everything in that folder, RESTART iexplorer and change the homepage to whatever you desire.
Don't go through all the bullsh*t of getting a unistall sofware when the website has the removal instructions for YOU!!!!!!
Spybot s&d, Ad-aware Run weekly - or after a heavy internet session.
Spywareblaster & Spywareguard, first sets kill bits to stop known bad activeX controls installing, second acts like your AV to stop browser hijacks and installing of known badies.
Also ie-spyad (Link on my site), puts 4000 bad sites in your restricted (banned) sites list, to stop you accidentaly getting sent to a bad site, it has optional list of "bad" adult sites to install as well.
All those with links from my site. Do remember just like AV they need to be updated regularly, I do mine weekly, AV daily.
With these and a firewall in place I have to try various bad sites when checking peoples hijackthis logs looking to sort bad from good, and I have not yet been infected. Still time for it to happen LOL.
Turtle8 wrote: I want to say thanks for the expert service on not only helping me, but everyone else who has similar problems. Your welcome.
I also wanted to run by a few other things with you. The clock at the bottom right hand part of the screen is always an hour behind, no matter how many times I go into "Adjust Date/Time" and change it. It might be virus-related, because it happens all the time. But it's not a major problem. Daylight saving time - and/or the region time is set wrong. - Try the winXP board if that does not fix it, lots of windows experts, they would know.
Another thing: do I delete the tons of "backup files" I seem to have in my DOWNLOADED PROGRAMS FOLDER? They appeared after I ran all the anti-spyware programs. And what exactly is my "AV"? Yes the backups can be deleted after you are sure that you dont wish to restore any of them, leave a week or so. AV - sorry shorthand for Anti-Virus, I tell others off for using them, then go and use them myself LOL.
Thanks, Mike
Do check out the link below to my site for hints and tips on computer safety.
I want to say thanks for the expert service on not only helping me, but everyone else who has similar problems.
I also wanted to run by a few other things with you. The clock at the bottom right hand part of the screen is always an hour behind, no matter how many times I go into "Adjust Date/Time" and change it. It might be virus-related, because it happens all the time. But it's not a major problem.
Another thing: do I delete the tons of "backup files" I seem to have in my DOWNLOADED PROGRAMS FOLDER? They appeared after I ran all the anti-spyware programs. And what exactly is my "AV"?
ChrisRLG
3.9K Posts
0
March 1st, 2004 21:00
You have a pepper infection
http://www.memorywatcher.com/uninst.exe
When you run the uninstaller, you MUST have an internet connection active for it to work.
Please run this twice with a reboot in between.
----------------------------
Check these in hijackthis, AND WITH ALL OTHER WINDOWS CLOSED, fix checked.
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem217.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
Then Reboot to safe mode (F8 on boot) and delete the following files/folders:-
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
Then Reboot and post a fresh log for me to check.
Turtle8
8 Posts
0
March 2nd, 2004 04:00
Logfile of HijackThis v1.97.7
Scan saved at 1:37:21 AM, on 3/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\DOWNLOADED PROGRAMS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.com"); (C:\Documents and Settings\Mike Strandberg\Application Data\Mozilla\Profiles\default\5lmrjirv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mike Strandberg\Application Data\Mozilla\Profiles\default\5lmrjirv.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.1.8P.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
FixthisNOW
5 Posts
0
March 2nd, 2004 05:00
OK, for all you people having netspry problems. Here's something you should do, when the hompage appears, go to the VERY BOTTOM of the webpage. AT the bottom, there is a blue link that goes to "about us, blah blah blah, removal" click on removal and you will get the information on how to remove the homepage. OVERALL, this is what oyu have to do: Exit out of iexplorer, GOTO C:/program files/ and delete the folder called 'homepage' and everything in that folder, RESTART iexplorer and change the homepage to whatever you desire.
Don't go through all the bullsh*t of getting a unistall sofware when the website has the removal instructions for YOU!!!!!!
ChrisRLG
3.9K Posts
0
March 2nd, 2004 21:00
Hi Turtle8, Ignor the flamer.
Your log is now clean of not just the Netspry but also all the other problems you had.
----------------------
This is my normal post for when you are clear - which you now are:-
------------------------
How on earth did I get infected with all that spyware in the first place? http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051
Also available from her :- http://www.computercops.biz/postlite7736-.html or http://boards.cexx.org/viewtopic.php?t=957
--------------
Look at the info on my website regarding malware (Link below). Some things you can do to stop getting infected again:-
Spybot s&d, Ad-aware Run weekly - or after a heavy internet session.
Spywareblaster & Spywareguard, first sets kill bits to stop known bad activeX controls installing, second acts like your AV to stop browser hijacks and installing of known badies.
Also ie-spyad (Link on my site), puts 4000 bad sites in your restricted (banned) sites list, to stop you accidentaly getting sent to a bad site, it has optional list of "bad" adult sites to install as well.
All those with links from my site. Do remember just like AV they need to be updated regularly, I do mine weekly, AV daily.
With these and a firewall in place I have to try various bad sites when checking peoples hijackthis logs looking to sort bad from good, and I have not yet been infected. Still time for it to happen LOL.
ChrisRLG
3.9K Posts
0
March 2nd, 2004 22:00
Do check out the link below to my site for hints and tips on computer safety.
Turtle8
8 Posts
0
March 2nd, 2004 22:00
I also wanted to run by a few other things with you. The clock at the bottom right hand part of the screen is always an hour behind, no matter how many times I go into "Adjust Date/Time" and change it. It might be virus-related, because it happens all the time. But it's not a major problem.
Another thing: do I delete the tons of "backup files" I seem to have in my DOWNLOADED PROGRAMS FOLDER? They appeared after I ran all the anti-spyware programs. And what exactly is my "AV"?
Thanks,
Mike