Skip to content
View in the app

A better way to browse. Learn more.
Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Lots of adaware, spyware, etc... (Need Help ASAP)

Cruzn
in Tech and Computers

Featured Replies

Okay, im staying at my grandfathers house tonight, but ill only be here for a day. I leave tommorow.

 

 

 

 

 

 

 

This compute is in HORRIBLE condition.

 

 

 

Running on Windows ME.

 

 

 

Updating to SP2 soon.

 

 

 

 

 

 

 

Problem #1:

 

 

 

I found 711 critical bugs with adaware, but adaware freezes while quarentining. Is there a Windows ME version, or a bug fix?

 

 

 

 

 

 

 

Problem #2:

 

 

 

These spyware keep coming up on spybot S&D.

 

 

 

What do i need to do to get rid of them?

 

 

 

horrible7vd.th.gif

 

 

 

 

 

 

 

Hijackthis Log:

 

 

 

Logfile of HijackThis v1.99.1



Scan saved at 7:09:20 PM, on 6/25/2005



Platform: Windows ME (Win9x 4.90.3000)



MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)







Running processes:



C:\WINDOWS\SYSTEM\KERNEL32.DLL



C:\WINDOWS\SYSTEM\MSGSRV32[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\mmtask.tsk



C:\WINDOWS\BCMDMMSG[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\MPREXE[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\MSTASK[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\SCARDSVR[Caution: ExecutableFile]



C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD[Caution: ExecutableFile]



C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\ZONELABS\VSMON[Caution: ExecutableFile]



C:\WINDOWS\EXPLORER[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\SYSTRAY[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\WMIEXE[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\HIDSERV[Caution: ExecutableFile]



C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\STARTEAK[Caution: ExecutableFile]



C:\COMPAQ\EAKDRV\EAUSBKBD[Caution: ExecutableFile]



C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM[Caution: ExecutableFile]



C:\WINDOWS\STARTER[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS[Caution: ExecutableFile]



C:\COMPAQ\CPQINET\CPQINET[Caution: ExecutableFile]



C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\USBMONIT[Caution: ExecutableFile]



C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR[Caution: ExecutableFile]



C:\PROGRAM FILES\NETGEAR\WG311TSU\UTILITY\GEAR311T[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\SPOOL32[Caution: ExecutableFile]



C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT[Caution: ExecutableFile]



C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC[Caution: ExecutableFile]



C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC[Caution: ExecutableFile]



C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR[Caution: ExecutableFile]



C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPODEV07[Caution: ExecutableFile]



C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08[Caution: ExecutableFile]



C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN[Caution: ExecutableFile]



C:\PROGRAM FILES\SPYWAREGUARD\SGBHP[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\DDHELP[Caution: ExecutableFile]



C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX[Caution: ExecutableFile]



C:\WINDOWS\SYSTEM\STIMON[Caution: ExecutableFile]



C:\WINDOWS\DESKTOP\ANTI-VIRUS\HIJACKTHIS\HIJACKTHIS[Caution: ExecutableFile]







R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumericon&c=2C01&lc=0409



O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll



O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL



O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL (file missing)



O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll



O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX



O4 - HKLM\..\Run: [systemTray] SysTray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme



O4 - HKLM\..\Run: [Hidserv] Hidserv[Caution: ExecutableFile] run



O4 - HKLM\..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\COLOREAL\COLOREAL[Caution: ExecutableFile]



O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK[Caution: ExecutableFile]



O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean[Caution: ExecutableFile]



O4 - HKLM\..\Run: [CpqBootPerfDb] C:\Cpqs\Scom\CpqBootPerfDb[Caution: ExecutableFile]



O4 - HKLM\..\Run: [bCMDMMSG] BCMDMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter[Caution: ExecutableFile]



O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07[Caution: ExecutableFile]



O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS[Caution: ExecutableFile]



O4 - HKLM\..\Run: [uSBMonit[Caution: ExecutableFile]] "C:\WINDOWS\SYSTEM\USBMonit[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T[Caution: ExecutableFile] -hide



O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON[Caution: ExecutableFile] /Consumer



O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]



O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC[Caution: ExecutableFile] /STARTUP



O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC[Caution: ExecutableFile]



O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR[Caution: ExecutableFile]



O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme



O4 - HKLM\..\RunServices: [schedulingAgent] mstask[Caution: ExecutableFile]



O4 - HKLM\..\RunServices: [scardSvr] C:\WINDOWS\SYSTEM\ScardSvr[Caution: ExecutableFile]



O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD[Caution: ExecutableFile]"



O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]"



O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ[Caution: ExecutableFile]" -reg



O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON[Caution: ExecutableFile] -service



O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711[Caution: ExecutableFile]



O4 - HKLM\..\RunOnce: [GrpConv] grpconv[Caution: ExecutableFile] -o



O4 - HKLM\..\RunOnce: [Registering hhctrl.ocx..] C:\WINDOWS\SYSTEM\regsvr32 /s hhctrl.ocx



O4 - HKLM\..\RunOnce: [Registering itircl.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s itircl.dll



O4 - HKLM\..\RunOnce: [Registering itss.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s itss.dll



O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate[Caution: ExecutableFile]" 0 v1.1.4322 GAC + NI NID



O4 - HKLM\..\RunOnce: [RegTLib] C:\WINDOWS\RegTLib[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\StdOle2.Tlb



O4 - Startup: HPAIODEVICE.LNK = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07[Caution: ExecutableFile]



O4 - Startup: HP DIGITAL IMAGING MONITOR.LNK = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain[Caution: ExecutableFile]



O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm



O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS[Caution: ExecutableFile]



O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll



O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll



O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll



O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab



O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

 

 

 

 

 

 

 

Question #1:

 

 

 

What other programs do I need to make this computer safe?

 

 

 

I have:

 

 

 

Adaware SE Personal

 

 

 

Spybot S&D

 

 

 

SpywareBlaster

 

 

 

AVG Anti-Virus: FREE

 

 

 

ZoneAlarm Firewall

 

 

 

Hijackthis 1.99.1

 

 

 

 

 

 

 

Im currently updating his windows, so that might help half the problems.

 

 

 

He has 27 critical updates xD.

Make sure to do the scanning in safemode.

 

 

 

 

 

 

 

Microsoft anti-spyware Beta is also good to have. Most of the time it doesn't find much but has real time protection.

 

 

 

 

 

 

 

Good luck on that computer! It's more messed up than mine :lol: (mine aren't spyware tho)

 

 

 

 

 

 

 

711 objects never heard of that many in one scan.

goldenblade995.png
  • Author

Problem #3:

 

 

 

Okay I reinstalled adaware and it works, got rid of all except about 90...

 

 

 

error8se.th.gif

 

 

 

Theres more than that, but thats all i can see.

 

 

 

Now, im getting a few viruses/trojans from that same directory.

 

 

 

Should I go into that folder and delete the bad ones?

 

 

 

Im guessing that the whole folder is adaware/viruses/etc.

 

 

 

 

 

 

 

I also got rid of problem #2 by deleting them manually.

I'll just repeat what blade said. Scan again in safe mode. That may fix the problem.

 

 

 

 

 

 

 

On a side note, some of the old comps in my school library got over 3000 items by the end of the year. (They were never touched by network admins and of course the cookies were never cleared).

yes do scanning in safe mode adwear freezing is quite often a sign that it has tried to remove a more malicious spywear such as CWS althought there are many others. Secondly running that many programs is pointless in my experience Adaware SE Personal, Hijackthis 1.99.1, and grisoft avg have always been more than enough to deal with any problem.

 

 

 

 

 

 

 

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL (file missing)

 

 

 

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.e3e (CAUTION - executable file)

 

 

 

O4 - HKLM\..\RunOnce: [GrpConv] grpconv.e3e (CAUTION - executable file) -o

 

 

 

O4 - HKLM\..\RunOnce: [Registering hhctrl.ocx..] C:\WINDOWS\SYSTEM\regsvr32 /s hhctrl.ocx

 

 

 

O4 - HKLM\..\RunOnce: [Registering itircl.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s itircl.dll

 

 

 

O4 - HKLM\..\RunOnce: [Registering itss.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s itss.dll

 

 

 

 

 

 

 

are the values that stand out as suspicious and updating windows me wont make much diffrence installing xp is the best idea

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.e3e (CAUTION - executable file)

 

 

 

O4 - HKLM\..\RunOnce: [GrpConv] grpconv.e3e (CAUTION - executable file) -o

 

 

 

O4 - HKLM\..\RunOnce: [Registering hhctrl.ocx..] C:\WINDOWS\SYSTEM\regsvr32 /s hhctrl.ocx

 

 

 

O4 - HKLM\..\RunOnce: [Registering itircl.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s itircl.dll

 

 

 

O4 - HKLM\..\RunOnce: [Registering itss.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s itss.dll

 

 

 

 

 

 

 

are the values that stand out as suspicious

 

 

 

 

 

 

 

...

 

 

 

 

 

 

 

Please. Shut up if you don't know what you're on about. grpconv is used for backwards compatibility on Windows 95/98 and ME. The KB executable is a patch for a vulnerability concerning icons and mouse cursors. The other files are windows help dlls and an activeX control. If you know what's good for you, leave them alone. (and next time, google stuff before throwing dice on what looks suspicious)

Maybe you should install Firefox on that computer to make sure he really doesn't take any ad-aware in there, or atleast less.

 

 

 

What I did at my grandmother's house is install FF, change the name to "Inter net Explorer" and change the icon to the IE-icon. She never noticed. :D

 

 

 

 

 

 

 

Oh and: http://www.windowsstartup.com/wso/search.php

signaturebq4.jpg

 

Member of #darkwebz.

Maybe you should install Firefox on that computer to make sure he really doesn't take any ad-aware in there, or atleast less.

 

 

 

What I did at my grandmother's house is install FF, change the name to "Inter net Explorer" and change the icon to the IE-icon. She never noticed. :D

 

 

 

 

 

 

 

Oh and: http://www.windowsstartup.com/wso/search.php

 

 

 

 

 

 

 

:lol: lmao. :lol:

 

 

 

 

 

 

 

 

 

 

 

Yeah scan in safe mode like they said. That should hopefully get the rest of them cleared out :)

I would strongly reccomend a program called CounterSpy. I read it in this month's edition of PC World, and it's their top spyware rated program. It really cleans the system out, getting rid of all possible threats, including cleaning the registry!

signaturecj5.jpg
  • Author

Okay Ive gotten everything out, except the 90 or so files adaware has found.

 

 

 

Ill try CounterSpy, hope it works.

Create an account or sign in to comment
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.