ending up back at my desktop when I try to play on club pogo/or move around the net

[shannon]

Hi I was told to post my problem here , so here it is again. when I go to pogo to try and play when the room comes up and startes to load I end up back at my desk top, This also happend when I went to ms to ask for help when I clicked submit question I ended up back at my desktop ok I hope you get the picture. I have been dealing with this for over a month. Here Is what I have done up to this point, nothing has helped. I tried a different browser, turned of my accelerator, turned off AVG,diskcheck, defrag empted cacha,cookies,temp files, downloaded windows definder & malicious removal tool, I think thats it oh no Gateway said the problem was memory so yes I bought 512mb took out one of my 128mb and now have 640mb. Any help would be greatly appreciated. I hope I have given enough information if not let me know. I am not computer literate so please be gentle. Thank you

 

[Rik]

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shannon]

Thanks rik for responding, This may take me a while ok day or two because I don't have a clue what all of this is. I don't use my computer for anything other than keeping in touch with family ,friends and playing games and just looking up stuff nothing important, as long as I can play , email & surf I'm happy.

well I made it to the run the online virus scanner and ended up at my desktop. This has really got me stressed. Im ready to just let the stupid thing sit. It seems to be getting worse. I've ran other scans one was regcure,it showed 2362 errors, avg anti-spyware 185 malware said signature in database 595,848. I dont have a clue what any of that is talking about. Sorry but I just don't know where to go from here. Thanks

 

[Rik]

Just do as much as you can skip the things that won't work.


This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shannon]

Ok I will give it another try, Sorry but I have to ask a dumb question . When you say post fresh hjt and avg anita spyware logs how do i obtain them? and if I can figure that out how do I bring them here and attach them. I'm so sorry but I just don't work with that kind of stuff much I'm still in aw when my friend shows me something new, and I've had my computer sence the end of 2002. Well thanks for hanging in there with me I really do appreciate it.

Sorry , should have read more before I ask how to obtain them. I am going to try and do that now . thanks for your patience.

 

[Rik]

You need to reread the instructions, your HJT log must be an ATTACHMENT.
The instructions also ask for an AVG antispyware log.


This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shannon]

ok sorry will try again. thanks

Ok rik I went back and reread the instructions did what it told me I made it as far as tool1 and couldn't get beond step one. I also noticed my hotmail icon is gone from my desktop , So Im sure that I have done something wrong and have just made matters worse. So what happins now if i have to leave it until I can find someone smarter then me to do this . I do thank you for all your help but I just dont know enough about this to go any farther.Would appreciate and advice. Also there were some steps it wouldn't let me do for what ever reason. shannon

 

[howard_hopkinso]

Thread tidied.

Skip the rest of the instructions and do an AVG Anatispyware scan and a HJT scan. Then, post the HJT log as an attachment, along with the AVG Antispyware log.

Regards Howard

This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shannon]

Ok thanks howard I'll try again and see if I can figure it out.

well heres avg report, I know i saved the hjt but at this time I cant find it . should I run it again? shannon

 

[howard_hopkinso]

Yes, I need to see a fresh HJT log.

Regards Howard

This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shannon]

HJT Log

Well I sure hope this is the right thing. Did you get the AVG log?
Thanks again shannon

 

[Rik]

In the instructions that I gave you in my first post, one of the things it told you to do was rename hijackthis.exe. You have not done so.

From your hijackthis log - C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 4 for hijackthis[1].zip\HijackThis.exe

you need to reread the instructions.



This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[howard_hopkinso]

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

NavExcel
NavHelper
v2.0.4c
WebSavingsfromEbates
Screensavers.com
iWon
iWonBar

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

DealsvilleUpdate.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: indows.

O2 - BHO: Dealsville - {00862AF8-2CA6-40f1-A71E-D39903061398} - C:\WINNT\Dealsville.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - (no file)

O3 - Toolbar: (no name) - {EDCA450D-EFEB-4AAD-A574-3AF56D19A94D} - (no file)

O4 - HKLM\..\Run: [DealsvilleUpdate] C:\WINNT\DealsvilleUpdate.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt191KUUS

O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ISP.COM High Speed\gui_resource.dll/327

O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ISP.COM High Speed\gui_resource.dll/328

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {3C5B2DBA-9C59-4A9D-8CB2-D67F93863962} (CSGI Control) - http://www.crystalsquid.com/games/CSGI.cab

O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Downloads\piratepoppersSetup-dm[1].exe
C:\Downloads\jewelminerSetup-dm[1].exe
C:\Downloads\fatelowam-dm[1].exe

C:\Downloads\bobSetup-dm[1].exe
C:\Downloads\PiratesOfTreasureIsland-dm[1].exe
C:\Downloads\MysterySolitaireSetup-dm[1].exe

C:\Downloads\JewelOfAtlantisSetup-dm[1].exe
C:\Downloads\GMVegasSetup-dm[1].exe
C:\WINNT\2020install.exe

C:\Program Files\Screensavers.com<Delete the entire folder.
C:\Program Files\iWon<Delete the entire folder.
C:\Program Files\WebSavingsfromEbates<Delete the entire folder.

C:\Program Files\NavExcel<Delete the entire folder.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

These are the filepaths you need to enter into killbox.

C:\WINNT\DealsvilleUpdate.exe
C:\WINNT\Dealsville.dll
C:\WINNT\system\Install_All.DLL
C:\WINNT\system\Update_Hosts.DLL

Once your system has rebooted, rehide your protected OS files.

Rename HijackThis.exe as per the instructions in this thread HERE.

Post fresh HJT and AVG Antispyware logs.

Regards Howard

This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shannon]

when trying to send fresh hjt & avg logs (hjt rename analyze.exe it says invaild file) when I try to send ave it says I already sent. what am I doing wrong. am I in the wrong place for sending them or did I once again do something wrong. Thanks shannon

 

[howard_hopkinso]

I have removed you previous attachments, hopefully this will help you to attach fresh HJT and AVG Antispyware logs.

You attach them exactly the same way as you did before. The only difference is you HijackThis.exe file, needs renaming to Analyze.exe. Instructions on how to do this can be found in this thread HERE.

Regards Howard

This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shannon]

trying to get the hjt log, don't know whats wrong now.

dont know it this is right , It would not let me rename it , and yes I followed the direction. dont know what Im doing wrong . It says if I rename it it could be lost?

 

[howard_hopkinso]

You must follow the instructions below exactly.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

WebSavingsfromEbates
Screensavers.com
iWon
iWonBar
NavExcel
NavHelper
v2.0.4c

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

KeenValue.exe
piratepoppersSetup-dm[1].exe
jewelminerSetup-dm[1].exe

fatelowam-dm[1].exe
bobSetup-dm[1].exe
PiratesOfTreasureIsland-dm[1].exe

MysterySolitaireSetup-dm[1].exe
JewelOfAtlantisSetup-dm[1].exe
GMVegasSetup-dm[1].exe

2020install.exe
NHUninstaller.exe
PowerReg SchedulerV2.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [KeenValue] C:\Program Files\Common files\KeenValue\KeenValue.exe

O4 - Startup: PowerReg SchedulerV2.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Common files\KeenValue
PowerReg SchedulerV2.exe<Search your system for this file and delete all instances found.

C:\Program Files\WebSavingsfromEbates<Delete the entire folder.
C:\Program Files\NavExcel<Delete the entire folder.
C:\WINNT\2020install.exe

C:\Downloads\piratepoppersSetup-dm[1].exe
C:\Downloads\jewelminerSetup-dm[1].exe
C:\Downloads\fatelowam-dm[1].exe

C:\Downloads\bobSetup-dm[1].exe
C:\Downloads\PiratesOfTreasureIsland-dm[1].exe
C:\Downloads\MysterySolitaireSetup-dm[1].exe

C:\Downloads\JewelOfAtlantisSetup-dm[1].exe
C:\Downloads\GMVegasSetup-dm[1].exe
C:\Program Files\iWon<Delete the entire folder.

C:\Program Files\Screensavers.com<Delete the entire folder.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

These are the filepaths you need to enter into killbox.

C:\WINNT\system\Install_All.DLL
C:\WINNT\system\Update_Hosts.DLL

Once your system has rebooted, rehide your protected OS files.

Post fresh HJT and AVG Antispyware logs.

Regards Howard

This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shannon]

Hi Howard I will try this again , when I did it before I didn't find alot of the programs that are listed above . It't will be a few days . We have 8in of snow on the ground and have had no heat for 4days so its to cold to sit here on the computer. thanks again for your help will get back to you in a few days . Shannon

 

[shannon]

Dear Howard & Rik Just wanted to thank you both for all your help. I greatly appreciate it. I have decided to reinstall as I am having to much trouble with the computer It is getting worse everyday, thing I could do yesterday I can't do today. I now have 2 trojan horse virus in my virus vault. So again I thank you for all your help. sincerley Shannon

 

[howard_hopkinso]

I think you`re probably making the correct decision and thanks for letting us know.

Regards Howard

This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shannon]

one last queation where can i get insturctions on how to reinstall. I have my operating system cd, drivers,applications,is that all I need.thanks

 

[howard_hopkinso]

You need to do the following.

Disconnect from the net.

1 Restart your computer and go to setup usually by pressing the F2 or delete key.

2 Once you get into setup look for the boot menu and make sure you set it to boot from cd first followed by your hard drive.

3 Put the Windows xp disk into your cd.

4 Now save your settings and exit setup.

5 While your computer is booting you will see a message that says "press any key to boot from cd" press any key.

6 When the welcome to setup screen appears press enter and then press F8 to accept the Microsoft licence agreement.

7 You will be prompted to repair an insallation press the escape key.

8 Now select the partition that you want to reformat and press the D key to delete it you will be asked to confirm that you want to delete the partition.

9 Now press C to create a brand new partition you will be asked what size you want the partition to be in mega bytes. If you just press enter then the partition will be the maximum size that you can have. This is perfectly ok if you don`t want to create multiple partitions.

10 You will now be asked to format the partition select the ntfs file sytem and do a full format.

11 Once the format is complete setup will continue.

Your computer will restart during the remaining setup again you will be asked to press any key to boot from cd DO NOT PRESS ANYTHING. and setup will continue. Once the setup is complete and you are back in Windows remove the Windows cd from your cd drive.

You will now need to install your firewall software before connecting to the net.

Install the drivers for your system and run Windows updates.

Then install the rest of your software programmes etc.

Regards Howard

This thread is for the use of shannon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shannon]

Thanks Howard what you people are doing here is a good thing. Bless you all