Tried all suggetions & still having problems!

Hi..am new....have been visit'g your site and following advise for awhile now....did some of your downloads too! thanks for all your help!!..but I'm still struggling..have Adaware, Spyblaster, Bitdefender, firewall, Norton, and finally did the whole " safe mode" thing and then " Hijack this"..saved my log as instructed and am hoping one of you intellegent people can view my log and make suggestions as I'm lost now!...Hence the user name above! Just a bit of a bubblehead ..
thanks
Bubbles46

 

Hi Bubbles,

If you've exhausted the resources in the Cleanup Tutorial (including the Online Scans), go ahead and send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’ve been tied up with work these days, but somebody will try to take a look when they get a chance.

PP

 

Hi P.P....thanks so much for your offer of help! I hope I do this right, I'm not the sharpest tool in the tool box when it comes to my pc...but i try!..Main complaint is an added toolbar that hides behind my bar from MS..It pops up and stays up when I open my home page..I thought it had to do with google but when I changed home pages and rebooted, it was still there. I've tried everything and I believe my daughter had downloaded something that caused this, probably a music download site, but I'm not savy enough to fihure out what it is and how to get rid of this..I have managed to lose something to do with the program that helps me burn CD's as well...I probably deleted it as that seems to be the answer to everything for me!..anyway...here goes...thanks for any help you can offer....If I've done it wrong, please let me know...
Bubbles46

 

Hi Bubbles,

You have a few things in your log that I am not familiar with. Some look online-gaming related. A couple look like Trojans. So, look closely at the items I ask you to remove and, if you recognize any as needed, leave those alone.

It looks like you are running both Norton and BitDefender at same time (or did you try to uninstall Norton?) You should have only one resident AV.

You should uninstall SpyKiller and Best Popup Blocker. They are rogues – see this link: Rogue List
You can do better with some of the free tools here at MGs. Plus, you ought to get the Google Toolbar if you want a really good Popup Blocker! The one you have with SP2 isn’t too bad either.

You should Uninstall Wild Tangent as it leads to more headaches!

You MUST Uninstall Messenger Plus!3 – It puts LOP and other malware on your machine!!


Please look in Add or Remove Programs for the following and Uninstall them if found:

BestPopUpKiller
Wild Tangent
Messenger Plus!3
SpyKiller

Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ysljegatgrbjpurmcgxdznit...qBqnnu0VAv2rSiqKAuMmPhVAi/Qbziy_CFIIiPnJd.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grandecache.ca/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca8.hpwis.com/

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {84639B16-F2A1-2C31-9C3D-8B46890B0EF7} - C:\DOCUME~1\Owner\APPLIC~1\AIMPHO~1\Peakstore.exe (file missing)
O2 - BHO: (no name) - {DFA06EB0-6F7F-2869-CA04-90A04DDE963B} - C:\DOCUME~1\Owner\APPLIC~1\AIMPHO~1\OPEN MOVE.exe (file missing)

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Greatdalegramhope] C:\Documents and Settings\All Users\Application Data\Vctwogreatdale\litecool.exe
These two look like Trojans – If you recognize them as needed, then keep them.
O4 - HKLM\..\Run: [daleloadsavebore] C:\Documents and Settings\All Users\Application Data\flag surf dale load\Driveproc.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOWNLO~1\OREGON~1.EXE /r ---> Is this online gaming related? Do you recognize it?

O4 - HKCU\..\Run: [Grid obj] C:\DOCUME~1\Owner\APPLIC~1\PLAYER~1\MIX DRAW GPL.exe
I do not know what these two are. Do you?
O4 - HKCU\..\Run: [Brainteasers1.exe] C:\DOWNLO~1\BRAINT~1.EXE /r

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O23 - Service: .NET Framework Service - Unknown - C:\WINDOWS\svchost.exe (file missing)
Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following Folders if they should remain:

C:\Program Files\Messenger Plus!
C:\Program Files\SpyKiller
C:\Program Files\BestPopUpKiller
C:\Program Files\WildTangent
C:\Documents and Settings\All Users\Application Data\Vctwogreatdale
C:\Documents and Settings\All Users\Application Data\flag surf dale load

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log. Also, reset your web settings.

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com OR www.phillies.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP

 

Thanks P.P...Have printed your instructions off and will work on this today...will let you know how it goes!..I really appreciate your time and help! I love this site!!....I come back over and over again for new ideas and help. You guys are great!...Will let you know how it goes.
Bubbles46

 

Hi again P.P....The new hijack this log has come up with other things..Thought I had better send that log to you before I start checking boxes? Hope this is ok..Please see the text attached..Thanks again..
Bubbles46

 

In your first log, you had HJT in a safe location - C:\Program Files\HijackThis.exe

Now it is here - C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe - - How did this happen? Do not run it from ZIP - In fact, delete the Zip File and run from C:\Program Files\HijackThis.exe as before!


Go ahead and finish my first set of instructions and submit new log and we'll see what remains. I'll try to check back tonight!

PP

 

Hi P.P...sorry...how could this happen???!!!...just like I said..." not the sharpest tool in the drawer"!... I beg you to be patient with me ...here it is again..is it finally right?
Bubbles46Please

 

Hi Bubbles,

Now that Hijack this is in the right place, please run through my instructions in POST #4 - They still apply.

PP

 

Hi there P.P......did everything you suggested and all looks fine!! ..thanks so much!!! The tool bar is gone and it left as soon as I deleted Messenger Plus 3...I will attach the final log from Hijack this in the hopes I've followed your tutorial as I should have! I can't tell you how much I appreciate your expertise...I am grateful!

 

You're Welcome

Your HJT Log looks OK! I trust everything is behaving properly now?

While you're here, take a peek at Chaslang's Suggestions!!

PP

 

Hi..everything is a-ok!...Got rid of Microsoft Java and downloaded Sun Java but am a bit leary of changing to Mozilla....probably because I'm clueless as to what I'm doing!...can you expalin to me better what this is and what it does? And , I was wondering if majorgeeks was my homepage, would it have a " search" for when I want to browse for info off the net?....

enjoying balmy Alberta!
Bubbles46

 

Generally, if you try to be a safe surfer and put into place the protections suggested by Chas in his sticky post, IE is OK.

FireFox is easy - Just download and install and set it as default browser. Any questions about it can be posted in the Software Forum. The regulars there have many tweaks, plugins, etc... for it that they would be happy to share with you.

For searches, use Google. I think MGs has Google on main page now.

Best
PP