MSN Messenger/email freezing up + internet windows too

Hello
I have joined your world in appreciation of your knowledge and with high hopes that you could help me figure out my most recent problem in a series of problems.

It seems that my abilities to operate in my hotmail home page are limited to seeing and then freezing. I have recently been using many scans to eliminate any bad programs out there (Avast, MSAntiSpyware, SpyBot, and A-square <just today>). Each one has found some bad program and has eliminated it from my puter. I still have problems accessing the net.

For example, when I became a member tonight, the registration code was sent to my email address. When I attempted to click onto the registration address you sent, my window froze. I went to task manager and it reported that it was still running, yet I couldn't do anything. About the only thing that seems to function half decently is Yahoo messenger and I am working with my friend to figure out the problem.

I am guessing that I might have to remove the msn messenger program and download it again. But I don't want to do that until I have tried out a few more virus/trojan/worm seeking programs to see if they can pick anything up.

If you could give me any suggestions, I would really appreciate. Even if it is to refer to a particular subject on your forum.

Much appreciative of any help
Me
ps. my puter specks are below me







System Security Status CIS Benchmark Score


Available only for Windows 2000, XP Pro, and 2003




Virus Protection


Up-to-date




Microsoft Security Updates


Up-to-date

Log attached!

 

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

HaaaaaaH. Breathing Now
Hello Shadow_Puter_Dude

When I made my first cry for help, I was in lucid state of panic. Looking for solutions and yelling my head off while doing it.

Last night, I was unable to get to the links to read the information you have presented (thank you very much by the way). However, I was able to find the information at another computer and so followed the steps.

CCleaner didn't show up in safe mode so I scanned when I hit normal boot.

The rest worked well enough. With Ad-Aware se I found Virtumonde in: HKEY_CLASSES_ROOT:ms... twice and Once at the end (sorry didn't think to write it all down)
and a whole shwack of DataMiner cookies. Eliminated all of them

MS AntiSpyware did a clean sweep and found nothing

SpyBot found 9 entries of Hotbar so I eliminated them and the file made for safe keeping. I also noted as I was watching the files flit by that WinFixer2005 was scanned with no indications.

CCleaner found 385 items and so they were cleaned up.

Then I unzipped HiJackthis and created a log.

I have yet to do an online virus/trojan scan. Which I will do soon.

Whats Going on Now is...
went into MSN messenger and attempted to get into email. During the process I received an error detected message: www.winfixer.com - Error Detected - Microsoft Internet Explorer

Im not sure if it means anything but I have copied the properties info. Here it is...

Protocol: HyperText Transfer Protocol
Type: HTML Document
Connection: not encrypted
Address (URL): http://www.winfixer.com/pages/scanner/index.php?aid=vm_sv_wfx5h_5&p=6&ed=2&ex=1&ax=2
Size: 1018 bytes
Created: 25/11/2005
Modified: 25/11/2005

Certificates
Message:
This type of document does not have a security certificate

I guess there are two questions I am asking here

1. Is this WinFixer programs really binding me up or is there something else in here that I don't know about?

2. How do I get rid of WinFixer forever?

Thanks for any guidance you can give.

 

Okay

Ive done scanned BitDefender and Kapersky and they both came up clean. I will try the other online scanners tomorrow.

Have a good night.

 

Make sure you run HijackThis at the end and post the log as an ATTACHMENT.

Winfixer can cause real problems on your computer; and there is a good chance that you have other infections as well.

 

Hello Shadow_Puter_Dude

Thanks for your help so far and also for your reassurance that I am not altogether batty. I have created a HijackThis log but am unsure of how to attach. I will attempt to do so until I feel satisfied with my results but please forgive my ignorance if I don't manage to get this log attached - Brain is not working well today.

Also, my friend informed me that I have left some pretty personal info in my first scream onto your forum. I would like to either edit it or erase it, but not sure how to go about this. Perhaps you would be so kind as to point me in the right direction??????? - as close to sheepish as I'll ever be

 

Hey Chaslang,
Mucho apprecianado in taking out that stuff. Can I edit myself or must I bother someone else to edit my script all the time.

It would admittedly make me think twice before posting, but then, I would probably post anyways.

Other than that? No, no more queries at the moment.

tanks vedy much.
Jules

 

Please follow the instructions in the following threads:
How to view hidden, system files & folders!
Searching for Hidden Files on WinXP

Please make sure System Restore is OFF.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning and a list of forums to seek help at.
  it should look like this

• At this point press enter one time.
• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\geebb.dll
​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\bbeeg.*​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
• The fix will run then HijackThis will open.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:

• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

Once your machine reboots please following the instruction in this thead Running Spy Sweeper and attach a fresh HJT log from normal mode.

 

Hello Shadow

I have just copied down the instructions for HijackThis File that you provided. I do have one question regarding the instructions...just want to be sure Im doing this right as my brain is in deadlock mode.

In "Search for hidden files on XP" I am supposed to type a filename in the "All or part of file name box" What filename am I looking for?
I am assuming that it is WinFixer2005 or do I leave this area blank? Or...do I put the name "hidden Files" in there?

I apologize for this inconvenience as I am probably making it more complicated than it should be.

Other than that, the instructions are clear and I should be able to send a report asap.

By the way, do you know what evil lurks in the hearts of men? Only the Shadow knows.

smiles
Jules

 

Just the files names I provided in my last post.

 

Greetings People of the World and Kindest regards to You Shadow.

I have completed the steps as requested and have discovered a few slight differences while working thru them.

1. After downloading VundoFix and extracting and setting it up ready to go, I went into safe mode where I discovered it wasn't there. Did a search and found it in my "My Downloads" folder where I had saved the package before running it the first time. Ran it again and started KillVundo. bat

2. In the KillVundo program, all they required was my pressing "Enter" (not F6 then enter again).

3. Followed instructions for HJT file, scanned and removed identified items and saved log.

4. Rebooted into normal mode and ran spysweeper (found a lot of interesting items). A message appeared midway thru informing me that spysweeper has successfully removed a known IE hijacker from my computer but that my internet settings (home page or search capabilities) have not improved and to follow the steps outlined (which I did) - basically setting IE page settings to default.

5. Then, out of curiosity, I reran HJT. The results showed the very same files I was requested to remove in safe mode.

6. I re removed these items and scanned once more - have saved both logs.

I am therefore sending you three attachments instead of the two you requested. okay, perhaps I won't. I will have to send the third attachment separately.

 

Final log stardate today

Here is the latest log on HJT

 

There is no visible malware in your HijackThis log.

Follow the instruction is this thread Running Ewido Security Suite

Post the Ewido log when complete.

 

As requested, I have run
A long time coming is this one
Ewido scan results attached (reported 5 items found and removed)
One thing that interests me most is that HotBar keeps coming up even after every scan program has detected and deleted the thing. Just wondering is all.

 

Run the Hotbar Unistaller to remove Hotbar from your computer.

 

My security settings won't allow me to go to Hotbar Uninstaller.

Did a search on Hotbar and found it in Games Room in cookies department.

Do you think Hotbar is the cause of all my computer troubles?

 

Hi Shadow

Sorry to bother you but I was doing some thinking here and wanted to put my results to you

I have already uninstalled Hotbar through the Add/Remove program on windows - this was a long time before I went to the majorgeeks website for answers

My friend found a website on removal of Hotbar where I saw a recommendation to manually remove certain lines from my registry using regedit.

Now, I am very leary of touching anything that operates the windows system. I am thinking of setting a Restore point first then going into the registry, taking out these lines and seeing what happens.

What are your thoughts on this?

 

Hello Shadow

Just one final report before this squirrel goes to her lil nest

I checked out the regedit to see if there were any crumbs of hotbar left.

No dice. Is it possible that Ive eradicated this vermin?

If so, bring out the champagne and lets celebrate

Kuddos to you Shadow for your patience and guidance.

Thanks so very much
Jules

 

Sorry for taking so long to get back to you; I was not feeling very well yesterday.

You were fine doing what you did with Huntbar.

Please post a fresh HijackThis log, so I can take a look at it.

 

Hello Shadow

I hope your feeling tons better this week.

I will be away for a few days and so won't be able to send you a HijackThis log until Friday at the earliest.

enjoy life
Jules

 

That will be fine.

Got a touch of the flu; feeling much better today.

 

Good Evening Shadow
I have returned to tell you....that Im taking the champagne back. Apparently the fat lady did not sing for me and Im still wallowing in hotbar irritation.

Im sorry to hear that its the flu but hopefully it will flee your body soon so you can feel on top of the world again.

Here is the HijackThis recent log you requested.

I shall continue my journey into the understanding of how to safeguard my computer.

Take care
Jules

 

Check and see if this file is missing: C:\WINDOWS\System32\msjava.dll

If it is acutally missing then have HijackThis fix the following:

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments

 

OK Lets see if this works now.

Hi Shadow Puter Dude

I have just emerged from the land of chaos and am able to provide you with the info you requested. However, there is good news and there is bad news.

The good news....I have all three logs as you requested.

The bad news....I couldn't find the following file anywhere on my computer: C:\WINDOWS\System32\msjava.dll

You suggested that I go to HijackThis to replace the following files and I wasn't able to find them in the recovery section.

If it is acutally missing then have HijackThis fix the following:
Quote:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

 

Here is what I think is the panda online scan log.
Kicking myself for not putting panda in the file name.
Let me know if I should scan it again.

Thanx Shadow Puter Dude

Jules

 

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Hi Chaslang

No. Im not using either program. I have downloaded a version of Visual Basic a few months back however. Could that be the reason why I have these .pdb files?

jules

 

Hey Shadow Puter Dude;

I was wondering if I could leave out the aswboot.exe?

 

Ok

Thanks Chaslang.

Im going thru with the instructs but eliminating the aswboot.exe from the kill list

see ya'll in a momentito