Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Outlook Express and DLL problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Outlook Express and DLL problem

Unread postby johno » February 12th, 2007, 5:43 am

This has been going on for ages and it's now really getting me down.
It started when my Outlook Express wouldn't open cos it said msoe.dll was missing.
I checked, and it was, and still is, in there.
I tried replacing it and repairing it but to no avail.
I tried uninstalling the whole thing but nothing happened.
I've virus-scanned and run SpyBot, RegistryFix and numerous other applications and am now at the end of my tether.
OE won't even respond now, my pc just emits a beep with no error message or anything.
On top of this, when my pc starts up I get an error message saying w035c8fb.dll won't load.
I don't know if these 2 things are connected but I thought I'd put it in anyway.
Here's my HJT log, hoping someone can help,
Regards,
Johno.

Logfile of HijackThis v1.99.1
Scan saved at 09:32:45, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dial.blueyonder.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: (no name) - {6A1F23CE-E473-437E-9890-9BE10897E7E6} - (no file)
O2 - BHO: (no name) - {6A9E79F9-031B-4C19-A1E4-131E04B8FD04} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [fyj7b6d2] RUNDLL32.EXE w035c8fb.dll,n 0017b6d10000000a035c8fb
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm579YYGB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tasha4chris.spaces.msn.com//Phot ... nPUpld.cab
O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/gdownloader.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} - http://advnt01.com/dialer/internazionale_ver10.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/se ... loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
johno
Active Member
 
Posts: 10
Joined: February 10th, 2007, 8:40 am
Advertisement
Register to Remove

Unread postby Vino Rosso » February 12th, 2007, 7:23 am

Hi johno and welcome to the Malware Removal forums.
My name is Vino Rosso - if it helps, you can call me Vino for short. I would be glad to take a look at your log and help you with solving any malware problems.

HijackThis logs can take a little time to research so please be patient and I'd be grateful if you would note the following:
  • I will working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Finally, please reply to this thread. Do not start a new topic.
I'm working through your log and will be back soon. Meanwhile, please do the following:

1 - VundoFix
Please download VundoFix.exe from >here< and save it to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run again on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

When VundoFix has finished, use Windows Explorer to go to C:\vundofix.txt and double-click on the file - Notepad will open.
In Notepad, click the Format menu and make sure that Wordwrap is NOT ticked. If it is then click on it to UNtick it.
Click Edit > Select All then Edit > Copy
Paste (Ctrl+V) the content with your next reply.

2 - Check on status
After you have completed the above, please provide:
  • the vundofix.txt report
  • a new HijackThis log
If you can, it's worth printing these instructions out before you start.

Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby johno » February 12th, 2007, 8:56 am

VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 11:40:17 12/02/2007

Listing files found while scanning....

C:\WINDOWS\system32\eylfxmkn.exe
C:\WINDOWS\system32\fpmpftgd.exe
C:\WINDOWS\system32\iontqqeg.exe
C:\WINDOWS\system32\ntqdftsn.exe
C:\WINDOWS\system32\rnfvguuh.exe
C:\WINDOWS\system32\snjkxbgl.exe
C:\WINDOWS\system32\svspjrbb.exe
C:\WINDOWS\system32\sykgwrso.exe
C:\WINDOWS\system32\vwpovyny.exe
C:\WINDOWS\system32\wrrhwybk.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\eylfxmkn.exe
C:\WINDOWS\system32\eylfxmkn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fpmpftgd.exe
C:\WINDOWS\system32\fpmpftgd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\iontqqeg.exe
C:\WINDOWS\system32\iontqqeg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ntqdftsn.exe
C:\WINDOWS\system32\ntqdftsn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rnfvguuh.exe
C:\WINDOWS\system32\rnfvguuh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\snjkxbgl.exe
C:\WINDOWS\system32\snjkxbgl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\svspjrbb.exe
C:\WINDOWS\system32\svspjrbb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\sykgwrso.exe
C:\WINDOWS\system32\sykgwrso.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vwpovyny.exe
C:\WINDOWS\system32\vwpovyny.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wrrhwybk.exe
C:\WINDOWS\system32\wrrhwybk.exe Has been deleted!

Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 12:52:24, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dial.blueyonder.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: (no name) - {6A1F23CE-E473-437E-9890-9BE10897E7E6} - (no file)
O2 - BHO: (no name) - {6A9E79F9-031B-4C19-A1E4-131E04B8FD04} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [fyj7b6d2] RUNDLL32.EXE w035c8fb.dll,n 0017b6d10000000a035c8fb
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm579YYGB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tasha4chris.spaces.msn.com//Phot ... nPUpld.cab
O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/gdownloader.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} - http://advnt01.com/dialer/internazionale_ver10.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/se ... loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe

Many thanks for your time and effot...........Johno.
johno
Active Member
 
Posts: 10
Joined: February 10th, 2007, 8:40 am

Unread postby Vino Rosso » February 12th, 2007, 2:01 pm

Hi johno

Looks like Vundo found a few things :)

Just before the next steps, I'd like to draw your attention to two programs on your computer.

Note 1
Messenger Plus! (MessengerPlus2, MessengerPlus3) (MP) is an add-on for Microsoft's free messaging programs Windows Messenger and MSN Messenger. It is a 'free' download (with a few stingers in its tail). MP includes an optional Sponsor Program provided by C2Media. The Sponsor Program is commonly known in the anti-spyware and adware world as 'Lop' or 'Lop.com'. There has been a problem since Messenger Plus! first started including the Sponsor Program in approximately May 2003, with users installing the Sponsor Program without understanding what the Sponsor Program is, what it does to a user's system, or the privacy implications involved.

Messenger Plus!, if installed to include the 'sponsor program', will install adware on your computer that generates pop up windows. The Sponsor Program will also change your home page, your search engine settings, place numerous links in IE favorites (including online casino and gambling links) and place more links on your desktop. The search toolbar that is installed cannot be turned off. The pop up advertising windows will appear even if you are running IE's pop-up blocker. This is because the Sponsor Program adds its advertisement URLs to the pop-up blocker exclusion list. If you want to reinstall MessengerPlus3, make sure you click "I refuse, do not install the sponsor program". This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program from starting automatically so that it does not take up necessary resources. The items to fix in HijackThis are shown below.

Note 2
Although Incredimail is considered to be a legitimate program that people install intentionally, please read this information regarding Incredimail very carefully and use your best judgment in deciding if you want to keep this program on your computer or not.
The use of Incredimail opens your system to attacks and, in the End User License Agreement, claims permanent ownership of everything sent through their mail service. See the full article. Though the article is dated 10/10/02, the EULA still contains this statement.
SHould you decide to uninstall Incredimail:
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight Incredimail, click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.
This is the item to fix in HijackThis is shown below.

Note: It is worth printing out these instructions as you will not have access to the internet during this fix.

1 - Download Latest Java
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of perceived vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
  • Download the latest version of Java by clicking >here<.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove ALL older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove ALL Java versions.
  • Reboot your computer once all Java components are removed.
  • Using Windows Explorer, go to: C:\Program Files\Java and, in the Java folder, delete any folders like jre1.5.0_0x, if present.
Do NOT install the latest version just yet.

2 - Clean Out Temporary Files
Download ATF Cleaner by Atribune © from >here<
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.
  • Make sure that all browser windows are closed
  • Double-click the shortcut on your desktop to run the program.
  • Under Main, choose Select All
  • UNtick Prefetch
  • Click Empty Selected
  • If you use Firefox browser,
    • Click Firefox at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • If you use Opera browser,
    • Click Opera at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
3 - Prepare AVG Anti-Spyware
Download the trial version of AVG Anti-Spyware from >here< and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.
Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
You will need to change the following settings:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under How to act? click Recommended actions and select Quarantine from the menu.
You can now close AVG Anti-Spyware. Do not scan yet.

4 - Run HijackThis Scan and Fix
Start HijackThis and click Do a system scan only
Tick the following entries, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {6A1F23CE-E473-437E-9890-9BE10897E7E6} - (no file)
O2 - BHO: (no name) - {6A9E79F9-031B-4C19-A1E4-131E04B8FD04} - (no file)
O4 - HKLM\..\Run: [fyj7b6d2] RUNDLL32.EXE w035c8fb.dll,n 0017b6d10000000a035c8fb
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
** See Note 1 above
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c ** See Note 2 above
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart ** See Note 1 above
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm579YYGB
O15 - Trusted Zone: http://locator.cdn.imageservr.com
** Please see O15 note below
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/gdownloader.ocx
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} - http://advnt01.com/dialer/internazionale_ver10.CAB
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O20 - Winlogon Notify: ddccc - C:\WINDOWS\
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\


O15 Lines
It may be helpful to know that when you put an item in your Trusted Zone, it pretty much has full access to your computer. Are you sure you trust these sites to that degree? If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowlingly permit this access yourself, then please fix the O15 entry.


Close all windows except HijackThis
Click Fix Checked in HijackThis.

5 - Find and Delete Suspect Files
Using Start > Search > All Files and Folders
Enter w035c8fb.dll in the 'All or part of file name' box
Select C: in the 'Look in' dropdown box
Click Search Now
Right-click on w035c8fb.dll and select Delete
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

6 - Boot to Safe Mode and Scan With AVG-AS
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting (a menu appears).
  • Use up-arrow key to select Safe Mode and press Enter.
Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan? - Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
Reboot in Normal Mode.

7 - Install Latest Java
Double-click on jre-6-windows-i586.exe on your Desktop to install the latest version of Java.

8 - Check on status
After you have completed the above, please reboot and provide:
  1. the AVG Anti-Spyware Scan report
  2. a new HijackThis log
  3. and a description of how your PC is behaving - what problems are you now experiencing?
Remember, if you can, it's worth printing these instructions out before you start.

Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby johno » February 13th, 2007, 9:45 am

Logfile of HijackThis v1.99.1
Scan saved at 13:35:39, on 13/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dial.blueyonder.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tasha4chris.spaces.msn.com//Phot ... nPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/se ... loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe





---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:48:08 13/02/2007

+ Scan result:



C:\Program Files\Bug Doctor -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\Bug Doctor Help.chm -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\Get Bonuses.url -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\LiveUpdate_disable.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\LiveUpdate_normal.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\LiveUpdate_pressed.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\LiveUpdate_rollover.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\SubMainDisable.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\SubMainNormal.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\SubMainPressed.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\SubMainRollOver.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\bug.swf -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\fix_complete-disable.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\fix_complete-normal.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\fix_complete-pressed.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\fix_complete-roll_over.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\fixing_error-disable.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\fixing_error-normal.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\fixing_error-pressed.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\fixing_error-rollover.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\main_disable.jpg -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\main_enable.jpg -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\main_pressed.jpg -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\main_roll_over.jpg -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\mask.bmp -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\mask1.bmp -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\scan.swf -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\scan_complete-disable.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\scan_complete-normal.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\scan_complete-pressed.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\scan_complete-roll_over.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\scancomplete.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\scanning_error-disable.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\scanning_error-normal.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\scanning_error-pressed.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\scanning_error-rollover.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\schedule_disable.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\schedule_normal.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\schedule_pressed.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\schedule_rollover.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\support_disable.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\support_normal.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\support_pressed.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\support_rollover.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\unlock_key-disable.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\unlock_key-normal.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\unlock_key-pressed.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\skin\unlock_key-roll_over.gif -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\Bug Doctor\unins000.dat -> Adware.BugDoctor : Cleaned with backup (quarantined).
C:\Program Files\SysProtect Free\Activate.exe -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\Program Files\SysProtect Free\FlFxr15.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\Program Files\Media Access\MediaAccC.dll -> Adware.MediaAccess : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20070213-095756-638.dll -> Adware.SearchTwo : Cleaned with backup (quarantined).
C:\Program Files\SysProtect Free\FWraper.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\Program Files\SysProtect Free\FxCore.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\Program Files\SysProtect Free\MMFx.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\Program Files\SysProtect Free\PCheck.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\Program Files\SysProtect Free\InstHelp.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
C:\Program Files\SysProtect Free\Updater.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\WINDOWS\icc2.dll -> Dialer.GBDialer.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr Dean Johnston\My Documents\Naomi's music2\Divine Music __ Your Number One Music Code Resource __files\enter.htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
C:\WINDOWS\AрpPatch\APPATC~1\!update-4120.0000 -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\ICD15.tmp\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\ICD17.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\ICD18.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{23D6A3E7-6C21-40B8-9C6E-C5C405B408FE}\RP1140\A0220095.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{23D6A3E7-6C21-40B8-9C6E-C5C405B408FE}\RP1140\A0220096.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{23D6A3E7-6C21-40B8-9C6E-C5C405B408FE}\RP1140\A0220097.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{23D6A3E7-6C21-40B8-9C6E-C5C405B408FE}\RP1140\A0220098.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{23D6A3E7-6C21-40B8-9C6E-C5C405B408FE}\RP1140\A0220099.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{23D6A3E7-6C21-40B8-9C6E-C5C405B408FE}\RP1140\A0220100.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{23D6A3E7-6C21-40B8-9C6E-C5C405B408FE}\RP1140\A0220101.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{23D6A3E7-6C21-40B8-9C6E-C5C405B408FE}\RP1140\A0220102.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{23D6A3E7-6C21-40B8-9C6E-C5C405B408FE}\RP1140\A0220103.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{23D6A3E7-6C21-40B8-9C6E-C5C405B408FE}\RP1140\A0220104.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\eylfxmkn.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\fpmpftgd.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\iontqqeg.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\ntqdftsn.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\rnfvguuh.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\snjkxbgl.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\svspjrbb.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\sykgwrso.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\vwpovyny.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\wrrhwybk.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\CRACK\rtcw-crack.zip/rtcw-crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr Dean Johnston\My Documents\My Music\stuff\CRACK\rtcw-crack.zip/rtcw-crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\Cookies\mr dean johnston@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\Cookies\mr dean johnston@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\Cookies\mr dean johnston@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\Cookies\mr dean johnston@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\Cookies\mr dean johnston@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\Cookies\mr dean johnston@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\Cookies\mr dean johnston@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\Cookies\mr dean johnston@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\Cookies\mr dean johnston@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Mr Dean Johnston\Local Settings\Temp\Cookies\mr dean johnston@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wcpsvit.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

Hi Vinno, here are the reports. The error message on reboot (w035c8fb.dll) no longer appears, outlook express still does not open.
When i double click the icon i still only get a beep, nothing more.
Many thanks..........johno.
johno
Active Member
 
Posts: 10
Joined: February 10th, 2007, 8:40 am

Unread postby Vino Rosso » February 13th, 2007, 3:08 pm

Hi johno

Here are the first couple of things we can try to repair OE:

Reregister Outlook Express
Damaged or missing entries in the Windows registry can cause Outlook Express to act oddly. A simple procedure causes Outlook Express to rewrite its main registry keys and so corrects such issues.
  1. Click Start >Run > type msimn /reg and then click OK (Note that you will not see anything happen.)
  2. In Internet Explorer click Options on the Tools menu.
  3. Click the Programs tab and select Outlook Express as the default e-mail client and as the default news client. You can change those later if you wish.
Reregister libraries
Dynamic Link Libraries (DLLs) are files that contain functions that may be shared by other programs, such as recognizing hyperlinks, displaying rich content, and so forth. These specific DLLs are used by Outlook Express, and can cause glitches in the visual display if they are damaged. Reregistering a DLL using regsvr32 is similar to reinstalling those functions and thus makes sure they are installed and working correctly.
  1. Click Start > Run > type regsvr32 urlmon.dll and then click OK.
  2. Repeat step 1 for each of the following commands:
    • regsvr32 mshtml.dll
    • regsvr32 shdocvw.dll
    • regsvr32 browseui.dll
Please post back and let me know if OE now starts.
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby johno » February 13th, 2007, 5:01 pm

Hi Vino, i followed the instructions, but OE still will not open.
All i get is a beep through my speakers.

most grateful for your efforts thus far................johno.
johno
Active Member
 
Posts: 10
Joined: February 10th, 2007, 8:40 am

Unread postby Vino Rosso » February 13th, 2007, 6:00 pm

OK, our options are:
  1. Check for corrupted system files
  2. Re-install OE
  3. Re-install Windows

Let's start with the first one. To run a check on the files and see if one or more is corrupted use the System File Checker that is included with Windows XP.

1 - System File Checker
Go to Start > Run, enter sfc /scannow (note the space between the "c" and "/") and click on OK.

This will look for and attempt to replace any corrupt system files that can be found. There are backups of some of these files on your PC and Windows will check for a copy here first. If you are prompted to insert your Windows XP disc, do so. If you don't have this disc and are asked for it, you will have to cancel at this point. There is a work-around that can be found >here<

Please post back with what happens.
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby johno » February 14th, 2007, 5:09 am

Vino, thanks for your help so far.
My pc didn't come with an XP disc, so I will try the workaround.
If that doesn't work, would a borrowed XP disc be acceptable or will that make things worse?
I've got to work today (it doesn't half get in the way sometimes!!) so I'll try later and get back to you.
Thanks again..........Johno.
johno
Active Member
 
Posts: 10
Joined: February 10th, 2007, 8:40 am

Unread postby johno » February 14th, 2007, 7:31 am

Hi Vino, my pc is an "acer.....aspire" machine, it came pre-loaded with xp.
All i have is: recovery-cd 1/2
recovery-cd 2/2
resource-cd
microsoft works-cd

Thanks again............johno.
johno
Active Member
 
Posts: 10
Joined: February 10th, 2007, 8:40 am

Unread postby Vino Rosso » February 14th, 2007, 9:40 am

OK, if you had no luck with following the steps under "Why does this happen?" on the link in my last post, the next option is to re-install Outlook Express.

This involves editing the registry and reinstalling Outlook Express 6 via Internet Explorer 6. The standard cautions apply whenever you are editing the registry.

1 - Back up the Registry
This is so the registry can be restored to this point if we need it.
Download ERUNT from >here< and save it to your Desktop
Install ERUNT following the default selections.
Allow ERUNT to backup your registry, again using the default folder of C:\Windows\ERUNT\[today's date]
Click OK and 'Yes' to allow ERUNT to create the folder.

2 - Edit The Registry
Start > Run > type regedit > OK
Use the left hand window to navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} and click on the entry
In the right-hand window, right-click on IsInstalled and select Modify
In the Value data field, change the value from 1 to 0 and click OK
Exit the registry by clicking File > Exit

3 - Download Internet Explorer 6
Download and install Internet Explorer 6 from >here<. The Internet Explorer 6 download includes Outlook Express 6.
After installing, reboot and test for proper operation.

Please post back with what happens.
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby johno » February 19th, 2007, 6:37 am

Hi Vino, sorry about the delay, Firefighting has a tendancy to get in the way of real life, but we all have to earn a crust !

Okay. Everything went fine until i came to download i.e.6, a message came up saying: "setup has detected a newer version of i.e. already installed on this system, setup cannot continue."

As a result of this message, i downloaded i.e.7, but yet again outlook express refused to open, all i got was a "beep" so i uninstalled it.

When i started the p.c. this morning, a message said: "i.e.6 has been removed from your system do you want to organise your personal settings?"

Because of this message, i tried to download i.e.6 again but the same message about a newer version popped up again.

many thanks..................johno.
johno
Active Member
 
Posts: 10
Joined: February 10th, 2007, 8:40 am

Unread postby Vino Rosso » February 19th, 2007, 9:34 am

One of my learned colleagues has highlighted the following Newsgroup answer to a similar question by MS-MVP Frank Saunders:

Errors in DIRECTDB.DLL or MSOE.DLL generally indicate corruption in the message store.
Start by moving Folders.dbx to an empty Windows folder (with OE closed).
Note: the DBX files are hidden in Win2K, WinXP and Win2K3. You will lose your folder hierarchy and the lists of newsgroups on the news servers, but it might get you into OE.

If that doesn't do it then move all of the DBX files to the same folder as
Folders.dbx (again with OE closed). You should now get into OE. Try importing the messages from the folder you moved the DBX files to. If you can't, you can use this tool to extract the messages:

DBXtract ($5):
http://www.oehelp.com/DBXtract/

Note: It can take a long time (days with really large folders).

The messages can then be dragged from the Windows folder back into a folder in an open instance of OE.


Please post back with what happens.
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby johno » February 23rd, 2007, 2:36 pm

Hi Vino, sorry but didn't understand the last instructions so i asked a
friend of mine who is a bit more "in the know" about computers and it lost him also. Could you break it down a little for me.

many thanks for your patience................. johno.
johno
Active Member
 
Posts: 10
Joined: February 10th, 2007, 8:40 am

Unread postby Vino Rosso » February 23rd, 2007, 3:26 pm

Hi johno

Apologies, I should have made this clearer.

Make sure Outlook Express is closed

1 - Show hidden files
We need to show files and folders that are normally hidden.
In Windows Explorer, select Tools > Folder Options > View
Set 'Hidden files and folders' to Show hidden files and folders
Untick Hide protected operating system files.
OK
Instructions can also be found >here<.
** These files are hidden to stop something important being removed accidentally. It is advisable to hide them again after fixing your computer. **

2 - Move Folders.dbx File
Using Windows Explorer, create a new folder in your C: drive called OEfiles
Then go to C:\Documents and Settings\Login Name\Local Settings\Application Data\Identities\{CLSID}\Microsoft\Outlook Express - the CLSID is a unique long string of letters and numbers
In this folder will be various .dbx files that coincide with your OE folder names.
One file, folders.dbx, stores the structure of your OE folders
Left-click once on folders.dbx so it is highlighted.
Press and hold the Shift key on the keyboard then left-click and hold on folders.dbx
Drag folders.dbx to the folder C:\OEfiles
Let go of the mouse button then let go of the Shift key.
This will move the file folders.dbx to the C:\OEfiles folder.
NOTE: You will lose your folder structure in OE but you may get it started.

Now try opening Outlook Express. If OE starts OK, stop here.

3 - Move All .dbx Files
If OE still does not start, repeat the above file moves and move all the .dbx files in the folder to C:\OEfiles.

Now try opening Outlook Express. It should now start.

4 - Import Messages Back Into OE
Because we moved the .dbx files away from the default folder, OE will open with no messages.
In OE, click File > Import > Messages > Microsoft Outlook Express 6 > Next
Click Import mail from an OE6 store directory > OK
Click Browse and browse to C:\OEfiles > OK
Click Next and follow the instructions to import each of the files.

If the wizard cannot import the messages, another option is:

DBXtract ($5):
http://www.oehelp.com/DBXtract/

Note: It can take a long time (days with really large folders).

The messages can then be dragged from the Windows folder back into a folder in an open instance of OE.

Please le me know how you get on.

Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 281 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware