Downloading not Allowed

See if you can do any of the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

Try to do them in the order written. Skip anything you have a problem doing and let me know which you had problems with.

Have you run a full scan with AVG yet. If not, please do so in safe mode.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

 

What about the Scanning And Cleaning Steps?Are you able to do any of those as indicated (in safe mode where possible)?


Can you download any of the programs listed?

 

Thanks Goldie! I missed the fact that Ginger is not clicking on the links given in the READ ME FIRST to do the downloads. But if this is like similar problems I have seen, it will not matter which site is used.

 

Ginger,

Step 4 gives you all the links to download files from and they are all from MG's. Please try downloading from our links as the read me indicates.

 

Do you have downloading enabled?

See Tools, Internet Options, Security, Internet Custom Settings, and look for Downloads

 

So right now, the problem is: no matter where you go and no matter what you try to download...you cannot download? Right?


Do you have a copy of HijackThis on this PC or can you get it there some how?

 

I thought you could not download anything??? Did you download it using a different PC?

Make sure you have version 1.98.2 and place it into the correct folder as we specify in our HJT tutorial.

 

Please save the log files as a .txt file from now on. You must just change the save as type in HijackThis.

 

You have several issues in your log I'm working on including Gain Bundle crap. You need to stay away from programs like Kazaa.

Look in Add/Remove programs for Gain, CME, BonzaiBuddy, PrecisionTime, and Date Manager and uninstall them if found.

Also any WildTangent stuff should be uninstalled.

Do this and post your results while I work on your log.

I will leave in lines (in my fix procedure) relate to the above crap assuming they are not uninstalled.

 

Okay ignore anything I have below that is already fixed.

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:
regsvr32 /u C:\WINDOWS\WINDOWSIE.DLL
then click OK. If a dialog box confirming this action appears, click OK.

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:
regsvr32 /u C:\WINDOWS\SYSTEM\WWJIRYJ.DLL
then click OK. If a dialog box confirming this action appears, click OK.

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:
regsvr32 /u C:\WINDOWS\SYSTEM\MOB030612.DLL
then click OK. If a dialog box confirming this action appears, click OK.

Make sure you have system restore disabled and viewing of hidden files enabled.

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below processes and End them:
PRECISIONTIME.EXE
DATEMANAGER.EXE
MOSTAT.EXE

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: WindowsIE.clsIS - {2E12B523-3D4C-4FAC-9B04-0376A8F5E879} - C:\WINDOWS\WINDOWSIE.DLL
O2 - BHO: TChkBHO Class - {9B01F341-A326-11D7-873C-00E02950AB65} - C:\WINDOWS\SYSTEM\WWJIRYJ.DLL
O2 - BHO: IEHlprObj Class - {1BAB1320-B42E-11D6-873C-00E02950AB65} - C:\WINDOWS\SYSTEM\MOB030612.DLL
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://a1440.g.akamaitech.net/7/1440/291/02000089/central1.clevercontent.com/02000089/cccabs/CleverContent.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://tab.webex.com/client/latest/training/ieatgpc.cab
O16 - DPF: {8A8F3D75-6564-4599-A7DC-313B43A89E1D} - http://www.kazaa.net.cn/digital/AdInstaller.ocx

Boot into safe mode and use Windows Explorer to delete (if they exist):
C:\PROGRAM FILES\PRECISIONTIME <--- the whole directory
C:\PROGRAM FILES\DATE MANAGER <--- the whole directory
C:\PROGRAM FILES\COMMON FILES\CMEII <--- the whole directory
C:\Program Files\Common Files\GMT <--- the whole directory
C:\PROGRAM FILES\WILDTANGENT <--- the whole directory
C:\Program Files\AWS <--- the whole directory
C:\WINDOWS\SYSTEM\MOSTAT.EXE
C:\WINDOWS\WINDOWSIE.DLL
C:\WINDOWS\SYSTEM\WWJIRYJ.DLL
C:\WINDOWS\SYSTEM\MOB030612.DLL

No reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Okay! Only one line remains to be fix with HJT (make sure not browsers are open when fixing):
O2 - BHO: (no name) - {2E12B523-3D4C-4FAC-9B04-0376A8F5E879} - (no file)


How are things working now? Can you now download and run the tools in the READ ME?

 

You cannot email (same as a copy) the files from Ad-Aware from one PC to the other. It must be installed. You should have tried emailing the Ad-Aware SE installation file from the other PC to you. Then try to install it.

Your default page was not about blank. It was
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/

Are you saying your log has now changed since the last one? If so, reboot your PC and immediately after reboot and before doing anything else, get a new HJT log and post it here.

You are correct about System Restore. It does not apply to Win98SE.

 

Download ProcessExplorer from: http://www.sysinternals.com/files/procexp9x.zip
Unzip it to a folder (create one for it. I suggest C:\SysInternals). It does not require an install. Now run ProcessExplorer and lets configure some options first:
Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked. Now click on explorer.exe. Now also under the View menu choose "Select columns" and put a check mark on "Image Path".
Now click on File and then Save As. And save the process list. Post it back here as an attachment. Also, from now on if I say to kill a process, use ProcessExplorer instead of Task Manager. Sometimes ProcessExplorer can show and kill things that Task Manager cannot.

 

No! That's not a problem. That is not what you have on you system. It is what HijackThis will set things to when fixing unwanted pages. It has no idea what your start page should be so about:blank is the standard default. The other three items for searches are Microsoft defaults. You can change the Default start here to what you want and HJT will use it any time it has to reset those items.

You would have to determine where she downloads files to and look there or do a search on the PC using Windows search. Look for aawsepersonal.exe . This is asuming she even has it. Otherwise you would have to download it again.