Help with Win ME problems

Hi,

Working on a friend's PC and it was very bad initially.

Did some clean up and installed Zone Alarm and I am getting a notice of an attempt made to connect to 192.168.0.102.

I ran thru all of the steps mentioned and disabled the System Restore.

Ad-Aware also consistently points to some c:\_restore\temp\ .cpy and Archive files but is unable to clean them. I tell Ad-Aware to clean them on reboot but that does not appear to work as Ad-Aware does run when the system is first Powered Up.

SpyBot does not find anything.

AntiVirus does not find anything.

When the system boots, it shows a text message saying:

"Please wait while Setup updates your configuration files".

Is this "normal" for Win ME?

I also noticed that there would be a lot of "bad" URLs loaded into the hosts file.

So, I'd like to know what you would suggest as a next step in getting this rascal disinfected.

Thanks in advance for your help.

 

192.168.0.102 would be an IP for a router or similar device. Is the computer connected to a router?

Post a HijackThis log as an ATTACHMENT.

 

Attachment as requested.

Yes - This system attaches to a router and then the cable modem.

Thanks.

 

There is no indication of an infection in the HijackThis log.

192.168.0.102 is most likely the router IP, and you need to grant access to it in ZoneAlarm.

Your are getting the "Please wait while Setup updates your configuration files". message because WIN ME install is corrupt. You could try running Windows update or doing a 'Dirty' install, which is installing ME right over the top of itself.

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments

 

Thanks Shadow_Puter_Dude -

Here they are.

 

And the last one.....

 

Please follow the directions in the following thread:
Look2Me VX2 Removal

 

Hi....

Is Look2Me VX2 Removal compatible with Win ME?

I get the following not.txt (notepad) Message:

Not compatible with 9x or windows nt

 

Spy Sweeper results.

Thanks!!!!!

 

Affirmative - do the results indicate some type of problem?

 

System restore was disabled.

I use CCleaner before Shutdown each time.

I seem to having some other wierd things happening.
All of the 'Folder' Icons turned into the AOL Icon for a while.

Explorer comes active and when I try to "End Task" it the "windows Shutdown" scren appears.

Anything else I can try on this system?

Thanks for all your assistance!!!

 

Yes - this system only has 128 of RAM.

Spy Sweeper was the only thing running...it detected 875 items that needed to be fixed.

What if I run and stop the scan after 100-150 items...fix those..and then start the scan again?

Does that sound like a plan?

Thanks.

 

Run the PandaActive Scan and RKFiles again, and post fresh logs. We will attempt a manual clean from Safe Mode first, and then from DOS Mode if needed.

 

Hi,

I did do the incremental Spy Sweeper last night.
It appears to have cleaned everything that it found when limiting the number of problems to about 150 for each run.

I will re-run the other scan as instructed and post the results later.

Thanks again for your help!!!

 

Here they are.....

 

Re: Help with Win ME problems - chaslang or Shadow_Puter_Dude????

Hi,

Are either of you guys around today to review the results of the scans I posted?

Thanks.

 

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner.

REBOOT to Normal Mode.

Run PandaScan and RKFiles Tool again and post the logs.

 

Thanks again....

Here they are.

 

Please make sure System Restore is OFF. Leave it off during the entire time.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following:

Now run CCleaner.

REBOOT to Normal Mode.

Run PandaScan and post the log.

 

OK - Did as instructed.

Latest Panda Scan attached.

Thanks again for helping get this unit cleaned up!!!!!

 

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following:

PurityScan keeps respawning.

PurityScan provides an uninstaller on its web site, click the following link to download the uninstaller and follow the instructions to uninstall it.

http://www.purityscan.com/ps_uninstaller.exe

 

Great - looks like it's almost clean.

I ran the PurityScan uninstaller.

Do I have to do anything about this one?

Adware:adware/downloadware No disinfected Windows Registry

Should this be manually removed from the registry?

Thanks again!!!

 

Since there is no registry key given by PandaScan you could run a registry cleaner to remove any orphaned registry entries.

Let's ran the PandaScan one more time to make sure that PurityScan is gone.

 

Whew...been real busy ay work and finally got a chance to get back at this rascal.

Here is the latest Panda Scan.

Thanks!!!

 

Delete the following:
C:\WINDOWS\Favorites\TECHNOLOGY\Adware Remover.lnk
C:\WINDOWS\SYSTEM\log.~

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Hi,

Here are the WinPFIND scan results.

Thanks again for all your help!!!

 

Copy the contents of the quote box to notepad and save as RegPatch.reg to your desktop.

Double click RegPatch.reg, say Yes when asked if you want to merge.

Reboot

How is your system running?

 

Hi.....Did as you instructed.

The machine appears to be running much better.
It will boot much faster and I have a lot less problem shutting it down.

It does seem to hang every so often usually with a "xxx not responding" wheb I use CTRL+ALT+DEL to see what all is running.

But it definitely is much much better than it was before.

I can't say thinks enough for improving the system as much as you have already.

Anything in paticular I can do so that this rascal does not get re-infected?

I'm running ZoneAlarm and AVG Free Edition along with A2 Guard.

Thanks again for all your help!!!!!

 

Is that the acutal message, are is the something else for "xxx?"

See How to Protect yourself from malware!

 

The "xxx" represents some application.

Most often it is the Internet Explorer, but there are times when it is another application.

Once in a while it will freeze but it is no where near as frequent as it was when you first started helping me get this unit cleaned up.

Occasionally, it will not completely "Shutdown" and I have to hold the power button it to turn it off.

And I am not getting the "Please wait while Setup updates your configuration files" message everytime the system boots.

Anything else I should look at or scan?

I do appreciate all of your time in working on this system!!!!!

 

Your system should now be clean of Spyware/Malware.

The problems you are experiencing are most likely software/OS related. You may need to run sfc /scannow at the command prompt to replace any missing or corrupt files.

 

Hi,

Is sfc.exe available for Win ME or is it just for XP?

If is only for XP, is there something equilalent for Win ME?

Thanks....

 

OK - I will pull the modem and see what things look like after that.

One more question - when running Spybot S&D I get:

"You have PestPatrol installed.
PestPatrol is known to cause some false positives in combination with Spybot-S&&D.
If PestPatrol should detect cd_clint.dll (as a trojan) or zipdll.dll (as an exploit) in your Spybot-S&&D folder, please ignore them, and update your PestPatrol."

I do not see PestPatrol on the list of apps when I try to remove it using "Add/Remove Programs" thru Control Panel.

Is this in the Registry and, if it is, is there an easy way to remove the entry for PestPatrol?

Thanks again for all of your assistance!!!!!

 

Just wanted to say "THANKS !!!"

Thanks for all your help!!!

The box is running better than I have ever seen it and I really appreciate all the time you spent in helping clean it up!!!!

Best of luck to you !!!!