Msparse64.exe Causing Problems?

DELL XPS GEN 5 OS XP PRO (MEDIA CENTER EDITION) VERSION 5.1.2600 SERVICE PACK 2 BUILD 2600 2 Gig of RAM

Superantispyware does not recognize msparse64.exe. It is causing me problems, also, winivstr.exe. I ran sdfix and got rid of problems with mcafee security center so it now functions properly (except site advisor does not work); sdfix got rid of braviax.exe and sysrest32.exe; I think it got rid of most of Ultimate Defender too, however, it's still in my Start-Up list, though it is unchecked. I'm sure I have lots of problems remaining. Please help me. This is my first time trying to work on any forum, so I'm very ignorant about how to operate and navigate.

 

Hi BMUS!
Welcome to Major Geeks!

It sounds like you've done a lot already. Please run through the READ & RUN ME FIRST and attach the requested logs with your next post so we can see what files still remain that may be causing problems.

Thanks.
abri

 

I ran through READ & RUN ME FIRST, twice. It got rid of a lot of problems. My clock did not reset to 12 hour both times I ran combofix. I still cannot uninstall RegistryCleaner. My computer is still running on the slow side. I'll attach the 3 files you requested. I hope I am responding correctly.

 

Hi BMUS,
Please attach your logs.
Thanks.
abri

 

Here they are.

 

Hi BMUS,

Please do the following:

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O4 - Global Startup: Adobe Gamma Loader.lnk = ?

Did you set the following restriction? If not, please have hijackthis fix this entry:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Do the following entries need to be in your trusted zone? If not, please have HijackThis fix them as well.

O15 - Trusted Zone: Frank.Francis@gcww.cincinnati-oh.com
O15 - Trusted Zone: *.info@oplates.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.msn.com

After you click fix, just close hijackthis.

2) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

3) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


4) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

1. Is it a bad thing for me to have dell4me.com/myway as my home page?
2. I have mcafee.com in my Trusted Zone, because I use McAfee Security Suite for my internet security. Is it wrong for me to have it listed in my Trusted Zone? Is it not necessary for it to be in my Trusted Zone? My McAfee Security Suite is constantly updating. If it's not in my Trusted Zone, is it going to have trouble doing its automatic updating?
3. I thought beep.sys was a critical system file. Does Avenger completely delete the beep.sys file in those 2 locations, or does Avenger replace beep.sys with a clean (the original uninfected) beep.sys file? Is there an original copy of the beep.sys file in a cabinet file somewhere on my computer?
4. And lastly, regarding "O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present", I don't know if I set these restrictions or not. I assume it wont hurt to have HiJackThis fix this entry?
Please be patient with me; I know little about the inner workings of a computer. Thank you.

 

Not if you made the decision to put it there yourself and want it there. MyWay is adware. It is normally put on your computer without your knowledge and without any way to remove it via add/remove programs.

It is not normally necessary to put most things in your trusted zone. If a program requests that you add it to your trusted zone and you say no, in most cases it will work fine without being there. It increases the vulnerability of your computer to have things in the trusted zone.

Sorry, you are right in this. These two are not infected and don't need to be included in the Avenger fix.

We ask you to fix this item if you did not set it this way yourself, because otherwise it prevents some of the fixes we do from working.

Don't worry about asking questions. As you can see, it's a good idea to ask when you're not sure.
abri

 

Should I still include the following in the Avenger fix?

C:\WINDOWS\system32\drivers\ittemvobxswa.sys
C:\WINDOWS\system32\drivers\vvutbujwjjog.sys

I am asking this question, because in your original recipe for fixing my problems, you had stated in step 2) that I should “Copy everything in the quote box below, and paste it in the box that opens:”

Now, when I click on the link to respond to your response, I get no Quote box for “Files to delete”.

 

Hi BMUS,

I hope this will be clearer:

1) Download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

2) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


3) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Here they are.

 

Hi BMUS,
How is your computer running? And did Combofix reset your clock? If not, go to Start / Control Panel and choose Regional and Language and make sure your options are set correctly. I'll post the final cleanup instructions. If you're not having futher problems, you can go ahead with them:

abri

 

You’ve been absolutely terrific. Thank you very much for your patience. You've made me one very happy camper! I will donate to your site. Here are a few comments and questions.
1. Computer seems to be running faster now.
2. Control panel opens slowly; is this normal?
3. When I open my system configuration utility using Start Run Msconfig, and then click the start-up tab, under the start-up items column there is AdobeUpdater checked and under the Command column it reads C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe, however, there is also Reader_sl checked under the start-up items column and under the Command column it reads “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”. Is this normal for Adobe?
4. A second question about start-up; if I see something in start-up that I do not want to load at start-up, is it safe to simply uncheck the box under start-up item, or will that cause a problem?
5. Combofix did not reset my clock and date settings; I reset them through the Regional and Language settings.
6. IE browser windows are slow to open, perhaps this is because my McAfee is performing scanning while each window is opening?
7. When I have several IE browser windows open at the same time, focus will change from one window to another. Should I try Tweak UI or something else?
8. Am I free of rootkits? Should I try out a free rootkit killer, just in case I have a rootkit on my system?
9. I let HiJackThis fix all 7 items that you recommended.
10. I have unchecked the key for the ctfmon.exe value start-up item shown in the Spybot Search & Destroy, since I turned off the advanced text services.
11. Are you an MCSE, a computer systems analyst, a four year (B.S. degree) computer engineer? Where can I learn how to clean a system on my own or am I crazy for even thinking about it?

BMUS

 

Hi BMUS,

Thank you. I'm glad your computer is running faster.

Some of your questions are software related and I would ask you to start a thread in the Software Forum and get some answers over there. It is not normal that the Control Panel opens up slowly except right after you've booted up when all the programs are still loading.

For questions regarding startup programs, please see this:

Questions about your browser can best be answered in software. I would ask you though if you're only using Internet Explorer? Do you have the same experience if you use another browser like Firefox or Opera? If you want to test this, go to www.majorgeeks.com and on the left side you'll see a set of buttons for different download software. Choose Browser. In the window that opens up, the first entry at the top should be Mozilla Firefox. If you don't already have it, I recommend trying that to see if it has the same problems as Internet Explorer. Some slowness is caused by the Pfishing filter in IE7.0. I don't remember which version you have, but if you have 7.0, you may want to turn off that filter. And yes, the Security Suites can be resource hogs. If you reset McAfee not to do this, you can see if it might be the cause of performance problems. I think you'll get more info about your browser problems if you post in the Software Forum.

I didn't see any sign of a rootkit infection. You can always go to the Alternate Scans and scroll about halfway down the page and select a few of the rootkit scans to run. They tend to find a log ot hidden entries that are legitimate, so you may need help with the logs.


There are a number of forums where you can learn how to clean a system on your own. One of these is the Malware University which is part of Safer Networking which is where Spybot Search and Destroy comes from. They have a methodical and extensive course which you can work pretty much at your own pace and they ask that in exchange for the training that you work for them for awhile.

I know this didn't answer all your questions, but I hope it answered some of your questions.

abri

 

I can't find the place to donate. It's probably right in front of me.

 

Hi BMUS,
If you wish to make a donation, please speak to Chaslang about it privately.
In any case, you may enjoying the other forums here.
Best of experiences to you and your computer!
abri

 

How do I contact Chaslang?

 

click on his name and send him a private message