Fatal errors in IE when trying to run online Trend Micro and Symantec scans

Thanks for the site.
I read your sticky threads on basic spyware/virus removal and am having trouble getting past the online scans. I was unable to run the scans from safe mode with networking support because the options to connect to internet via modem were grayed out in safe mode. In normal mode, I click on the link to Trend Micro scan from your thread and the title bar of the page loads and then has a fatal error in internet explorer. When I click the Symantec scan link, I get their page and then a pop-up for the scan to run. The progress bar at the bottom says the page is done but nothing shows up on the screen--just an arrow with hour glass. I'm not having this problem with any other sites using internet explorer. Could this be due to spyware? Any thoughts on a way around it? The only changes I have recently made to my computer are the installation (not running) of the programs listed in your thread and the latest Windows update--if these could have anything to do with it. Look forward to your reply.

 

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there!

Sysclean Package

Pattern.zip

Once you have these downloaded into the folder you just created, double click the file sysclean.com

When the system cleaner loads, click SCAN to start the scanner. After you have completed this scan above procede with the below.


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Thanks for giving me my computer back! I was having problems with about:blank and Only the Best pop ups. I followed your sticky thread directions esp. the generic solution for "only the best" aka "HSA" and about:blank Hijackers. All seems fine so far after some browsing and several reboots.

Couple questions though:

I've attached my most recent HJT log after the last reboot like you asked. Anything still look fishy?

I've download Mozilla now as my browser. Should I uninstall Internet Explorer or just not use it as a browser?

And, how do I donate to your site? You guys do great work!

 

OK

So i fixed the items in HiJack This and rebooted in safe mode.

With options for hidden files to be shown checked, hide file extensions disabled, and protected operating system files to be shown, I looked for the four files in question:

I deleted baseula.exe

When searching for wmadmod (with no file extension), windows explorer only found wmadmod.dll (not .exe) in the following folders:

C:\I386
C:\WINDOWS\$NTServicePackUninstall$
C:\WINDOWS\system32
C:\WINDOWS\ServicePackFiles\i386
C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989

I did not delete any of these files

I deleted winpack.exe

When searching for sysinv (with no file extension), windows explorer only found sysinv.dll (not .exe) in the following folders:

C:\I386
C:\WINDOWS\system32
C:\WINDOWS\system32\DLLCache

I did not delete or rename any of these files.

I ran CCleaner, deleted all prefetch files, reset web settings, and rebooted.

Here's the lastest HJT log.

 

Doh! Forgot to attach the HJT log to the last post. Not sure how to edit so I'm attaching it here. Sorry.

 

Now I'm a little worried

Today the network connection refused to produce the dialog box it usually does to establish my dial-up connection. The icon was not grayed out--just didn't do anything when I clicked it.

Also, PowerDVD (a software that plays DVD's) crashes shortly after it opens. It worked fine as of about 2 days ago when I last used it.

Because I couldn't get back to this post without an internet connection, I had to reboot, unfortunately.

On reboot, I received the following error message: "Generic Host Process for Win32 services encountered a problem and needed to close."

The internet connection now works fine, but PowerDVD still crashes. I tried to print from a site that sells online postage and received the error message: "Spooler subsystem App has encountered a problem and needs to close." Printing other things like Word documents seems to be OK.

Not sure what's going on. Should I use System Restore to go back to the last restore point and start the whole clean-up process from square one again? The system restore function is still currently disabled from when I started the clean-up.

I attached the HJT log that I saved before I did anything after this last reboot.

 

Glad to hear that the log checks out clean!

I used the advanced options for hidden, system, and sub folders when I did the search earlier. I only deleted the files with the exact path that you listed in your post.

It turns out the that "Generic Host Process" error, the spooler error, and the problems with powerDVD were all related to some Windows automatic updates that had installed since the prior reboot. They took effect after the reboot and caused the issues. I uninstalled the updates and everything is back to normal.

My computer is clean by all online scans and both the main and secondary Spyware Removers I downloaded from your site.

Thanks for all your help! How can I support your site?