What is wrong with my computer???

BethieD · Aug 23, 2005

I am having a lot of trouble with my computer. A few weeks ago I started getting a pop-up error message that says: ""msmsgs.exe Application Error: The instruction at 0x00f89bb3 referenced memory at 0x10005260. The memory could not be read." This pops up all the time, whether I'm on the internet or working in a Word document--all the time.

When I e-mailed Dell tech support they said it was spyware. So I ran my virus scan to make sure that wasn't the problem. No viruses. I then came here and followed the directions to remove viruses & spyware. I downloaded and ran Ad-Aware SE, Ad-Aware VX2 Cleaner Plug-in, CCleaner, Spybot, Spyware Blaster, McAfee AVERT Stinger, CWShredder, Kill2me. I did everything as explained, step-by-step. Several viruses/adwar/malware were found and deleted/quarantined. When I rebooted in normal mode, the popup message started back immediately.

I have also removed MSN messenger from the add/remove window components window.

I wasn't sure if I needed to install and run Hijack This, so I thought I'd post and see if there's anyone who's had this problem or knows how to fix it. From reading this, you can tell that I'm no computer expert. I'm at a loss on what to do now. I'm leaning towards taking it to someone who can repair it, but I'd really like to figure it out on my own - very stubborn. Does anyone have any thoughts on what's going on and how I can fix it? Thanks so much for your help!

~Beth

chaslang · Aug 23, 2005

Please follow the below steps exactly:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

BethieD · Aug 23, 2005

I've attached the log file. Let me know what you think.

Thanks!
Beth

BethieD · Aug 23, 2005

I just realized that I ran hijack this from the wrong place - temp file. I re-ran it, so here's the corrected log. Please ignore last post. Thanks!

chaslang · Aug 23, 2005

First goto Add/Remove Programs and uninstall the below if found:

- WeatherBug
- BookmarkExpress

If you do not use Windows Messenger and are still having problems with msmsgs.exe, you should disable Windows Messenger. Use this: Disable/Remove Windows Messenger

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\BMUpdate.exe
C:\Program Files\AWS <--- delete the whole folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

BethieD · Aug 24, 2005

Thanks for the reply Chaslang. I did everything that I could exactly as you said. The BookmarkExpress wasn't in my Add/Remove Programs list, so I couldn't uninstall it from there. After running HijackThis, I was able to fix everything except the "04-HKCU\...Run:[Weather]C:\Program Files...." -the 3rd one down. It wasn't there - I guess because I was able to remove the WeatherBug in the Add/Remove Programs window. When I was in safe mode, I wasn't able to delete C:\WINDOWS\System32\BMUpdate.exe because it wasn't there, but I did delete the other one. Other than those things, I was able to do everything else exactly as you said.

So far there have been no popups, but sometimes it doesn't start popping up right away. I've attached my current HijackThis logfile for you to look at. Hopefully the problem has been fixed and if so, THANK YOU SO MUCH!! If it comes back, I'll post again and let you know.

Thanks again!
Beth

chaslang · Aug 24, 2005

You're welcome. Your log is now clean. If you are not having any further malware issues you should check out the steps in the below thread to help keep you clean:

How to Protect yourself from malware!

Log in or Sign up

What is wrong with my computer???

BethieD Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

BethieD Private E-2

Attached Files:

Logfile of HijackThis v1.doc

BethieD Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

BethieD Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member