I'm being attacked by ads

[tabdynamo]

Attached is my HijackThis log file. the symptoms are this:

-homepage on IE leads to patchyoursystem.com, yeah, f-ing bogus. :unch:
-from time to time I'll receive message boxes about being infected with spyware, one says "for instant access click YES", there is no "YES" button, only an "OK" button. :haha:
-from time to time I'll get various pop-ups about lame software and "hot dudes".

HELP!

 

[tabdynamo]

Ps

PS. i've tried several methods for fixing this from similar problems, as described around here. i'm guess i'm special today.

 

[Spike]

That log is pretty clean (very small. is it complete? I hope so! )

boot into safemode and disable system restore

go to start -> run and type in the following...

regsvr32 /u C:\Program Files\RXToolBar\sfcont.dll

run HJT and let it fix the following...
C:\WINDOWS\system32\1024\ldF694.tmp
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

delete the entire C:\Program Files\RXToolBar\ directory
delete the file C:\WINDOWS\system32\1024\ldF694.tmp

empty these files from that recycle bin.

turn system restore back on, and reboot to normal mode.

Let us know if this solves the prblem. If not, post another log.

 

[RealBlackStuff]

You had Kazaa on your PC. We have a good Irish expression: eejit!

Boot in Safe Mode, see how here.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the Process (if there) and click End Process for:
ldF694.tmp
hp4FEC.tmp
intell32.exe

Next, click on Start/Run and type in (followed by press Enter):
regsvr32 /u C:\Program Files\RXToolBar\sfcont.dll

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
C:\WINDOWS\system32\1024\ldF694.tmp
O2 - BHO: (no name) - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\system32\hp4FEC.tmp
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
XP only: Delete ALL files from C:\WINDOWS\Prefetch.
Boot normal. When all OK, switch System Restore back on.

 

[Spike]

Looks like I missed a whole lot of stuff last night.

We live and learn ...

 

[tabdynamo]

problem still exists

first of all, thanks for your help thus far guys. but the problem is still here.

secondly. when attempting to perform RealBlackStuff and Spike's instructions (i combined them), i ran into these problems:

>Next, click on Start/Run and type in (followed by press Enter):
>regsvr32 /u C:\Program Files\RXToolBar\sfcont.dll

***LoadLibrary(C:/Program") failed - the specified module could not be found.***

>Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................... .............................
***C:\WINDOWS\system32\1024\ldF694.tmp*** (this was not in the list.)

>delete the entire C:\Program Files\RXToolBar\ directory

***this directory did not exist (i double checked to see that "show hidden files and folders" was active).***

i'll run HJT again now and post my log file.

thanks again guys.

 

[howard_hopkinso]

Open task manager, and stop these entries if there.

C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\hp4FEC.tmp

Go into the above directories and delete mssearchnet.exe, and nvctrl.exe,and hpA6AF.tmp



Regards Howard

 

[tabdynamo]

almost there

i got my homepage back!

most of the symptoms are gone accept for one that i've noticed thus far. a message box pops up from time-to-time saying :

top title bar: microsoft internet explorer
text in message box: for your instant access please click YES
button: OK
graphic: Triangle with exclamation inside.

(aardvark = pro-recording soundcard.)

attached is my current HJT log file.

thanks again!

 

[howard_hopkinso]

If you have an aardvark = pro-recording soundcard, then that message is legit.

As far as I can tell, you HJT log looks clean.

Regards Howard

 

[howard_hopkinso]

Just as an after thought.

If that message is annoying you.

Click start/run, and type services.msc into the run box, and hit the enter key.

When the services window opens, maximise it, and find the entry for Service: Aardvark Professional Audio Manager (aardvarkpm).

Right click on it, and if it`s running select stop. Click on properties, and set the startup type to disabled. Click apply/ok.

If after doing that, you experience any trouble with your soundcard, just reverse the procedure.

Regards Howard

 

[RealBlackStuff]

Don't you think it's time to install an Antivirus program and a Firewall?
You should not come back here until you protect your PC, we'd be wasting our time otherwise.

 

[howard_hopkinso]

Don't you think it's time to install an Antivirus program and a Firewall?
You should not come back here until you protect your PC, we'd be wasting our time otherwise.

Yes RBS is spot on again lol

Without a firewall and antivirus programme your system can be infected within seconds.

You do have a responsibility to protect your computer.

Regards Howard

 

[tabdynamo]

so you're saying "spybot" and "adaware" are not sufficient anti-virus software? are you also saying that the Win XP firewall is not sufficient as a firewall?

if i need other programs i will get them, try the instructions again and hopefully you'll never hear from me on this again because, as you might have expected, all of the symptoms have returned. ARRGGGHH!

ps. in order for me to fulfill my responsibility of having a stable machine, i must be properly informed as to how to do that! :stickout:

 

[Spike]

so you're saying "spybot" and "adaware" are not sufficient anti-virus software? are you also saying that the Win XP firewall is not sufficient as a firewall?

No, what they mean is that spybot and adaware are not anti-virus programs!

Download avg free (http://free.grisoft.com/)

and you could continue using the windows firewall 9which isn't really the best firewall in the world, but we'd advise using a third party one such as Sygate personal Firewall (http://soho.sygate.com/ - but get it quick before symantes turn it to crap! lol They own it now!)

If you want, look at the Nice or Nasty Norton thread in The Meeting Spot. I posted a wide selection of links to various anti-viruses, firewalls, etc in it about 8 or so posts down.

 

[tabdynamo]

thanks spike

i now have:

AVG Free Edition Anti-Virus
Agnitum Outpost Personal Firewall

i have also repeated everyone's combined instructions above. so at this point it's 'wait and see'. how am i to know what to block if the firewall is questioning something?

anyway, so far so good.

thanks again.