CMD help!

Welcome to MGs!

I'm not sure whether you have malware problems or not. The only way to be sure would be to follow standard cleaning procedures given below.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.

 

No! It more than likely would not help us!

 

Please complete ALL the steps as requested in the READ & RUN ME. I do not see MS Antispyware installed . It is a require scanning step.

You did not complete step 6 of the READ & RUN ME and attach the two requested logs.

Also you must follow step 7 of the READ & RUN ME completely. You do not have HJT installed correctly. In fact you have it installed exactly where we ask that it not be installed. You also must exit browser sessions before running HJT. You had 3 Internet Explorer sessions running.

You still have a couple items from F-Secure antivirus running (see below) but you have Symantec AV. Only one antivirus should be installed:
O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - Unknown owner - C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe (file missing)

See if these appear in Add/Remove programs and uninstall them.

 

Well try the simple approach using HJT first. If that does not work, we will use another approach.

Did you install HJT properly now??? If not, you must fix that before we continue with the next steps.

And what about MS Antispyware and where are the two logs from step 6. I can see that BitDefender was not even run.

 

That's the reason for it being there and why I requested you run it. Steps 1 thru 7 must be followed completely. Not doing so only hurts you not us.

 

No it won't! It will help us to find any malware that you may have hidden on your PC. Without doing this, many problems could be hiding. What is your CPU speed and what type and how much RAM do you have?

Also note, you can always uninstall software later. That's your decision but you need to be properly protected and you are not right now.

One of your biggest security issues is the following:
b
Your OS and IE versions are way out of date and represent a major security risk to you. After we fix your current problems, you must get updated.

 

What processor type (Pentium, AMD etc)?


While this is a slow processor (by today's standards) and your amount of RAM is on the low side, it should be okay. You would be much better off with 512 Mb or RAM.

 

Well my personal opinion is no! But if you like cluttering up your Desktop, they should install no matter where you put them. Just don't run HJT from the Desktop or any subfolder in Documents and Settings. Install HJT as indicated in step 7.

 

Please follow ALL the directions in the READ & RUN ME completely. Do not post again until you have followed and completed ALL steps. And have attached the required logs given in steps 6 and in step 7.

 

No! Read the directions in my last message and follow ALL the steps in the READ ME. Both online scanners logs from step 6 must be attached and you did not follow step 7 of the READ ME to install HJT properly. And you are also running MSCONFIG:
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

 

Did you have Ad-Aware fix what it found? Did it fix them without any problems?

Attach a new HJT log now? Make sure it is install properly this time. And make sure you are no longer using msconfig.

 

You have both Symantec AV and F-Secure antivirus applications install. The below seem to be possibly left over from a previous install of F-Secure:

O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - Unknown owner - C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe (file missing)

We will need to get you setup to be running only one AV. I assume you will want to remove F-Secure. See if anything is in Add/Remove programs for F-Secure or for this COGECO Security Services and uninstall if found.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - (no file)
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\adsldpbf.dll
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

It's located where I showed you in your HJT log. Just follow the steps I gave you and post the results when completed. We can remove the services later!

Please do not quote messages unnecessarily. It only clutters up the thread. There are time when it may be necessary (like answer a bunch of particular questions or to refer to an older message).

 

Okay you are clean of malware but we need to get rid of the below two services before we worry up updating your OS:

O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - Unknown owner - C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe (file missing)

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to COGECO Security Services (or if not found look for the short name: BackWeb Plug-in - 9867844) ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Now repeat the above for the below service name:
fsbwsys

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

COGECO Security Services

If that does not work try entering the short name: BackWeb Plug-in - 9867844

Now repeat the above HijackThis steps for the below service name:
fsbwsys

Now exit get a new HJT log and make sure those two O23 lines are gone. You don't need to attach it. Just verify they are gone and tell me the result. If they are gone, then continue with the below which will also get you updated.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome!

Make sure you complete all of the How to Protect yourself from malware! thread

 

If a firewall did not allow access to a site like MSN or other main reputable sites, they would never sell their software.

You did not configure it to allow you to go there. It is just trying to protect you. All firewalls work the same way. The first time an application is run you have to decide whether to allow it and whether to always do so. You also have to allow or deny access to various websites. This is the end user responsibility. Running without a firewall is not a safe thing to do these days.

 

Yes install FireFox and then move to the next step.

Try the link to the automatic removal process. Did you complete step 1 of the READ ME? Are you now running Win XP SP2? Are you sure?

 

Okay! Do you have FireFox and Sun Java installed now?

 

Are you referring to the automatic removal tool? MSJVM Removal Tool 1.0a

It is used to remove MS Java automatically for you. You may not even have MS Java anymore after upgrading to SP2.

 

Okay! So are you having any further problems?

 

I don't know what you are talking about! Internet Explorer is supposed to be on your system. It is a required and necessary component of Windows. It has nothing to do with step 8 either.