Results 1 to 9 of 9
  1. #1
    Joined
    Mar 2004
    Location
    Texas
    Age
    60
    Posts
    26

    Unhappy 2 infections - future protection?

    If this topic should be moved to another Forum, please direct me to the correct one.

    BACKGROUND:
    We have 2 computers at home. One is used for emails and surfing the internet. The other is my work computer, known as "Blackie". My sig shows the work computer. The surfing computer is an old Compaq Presario 5610, Pentium 2, with MS-XP, known as "TinCan".
    We use AOL for our ISP. Ok, stop laughing.
    PROBLEM:
    Seems my son got on line without turning on Norton AntiVirus and SpySweeper, then downloaded some game mods. Then he moved the downloads from "TinCan" over to "Blackie" via our Lexar memory stick. Now both computers are messed up, but not in the same way.

    "Blackie" now gets "General Fault Protection" errors when you attempt to play all games. Plus it now has random boot problems, freezes when the loading Windows screen is up or when it posts before Windows starts.
    Norton AntiVirus found nothing. SpySweeper found "Alexa Toolbar", which is now in quarantine.

    "TinCan" can no longer access any Windows related programs like Control Panel or Windows Explorer. MS tries to generate a Error Report stating something is wrong with file MSPX32.dll. When you select "Don't Send" report, the screen flashes, goes black, then pops back up.
    Norton AntiVirus found nothing. SpySweeper found "Alexa Toolbar", LRPatch.exe, both are now in quarantine. SpySweeper shows an alert that IE homepage been changed/hijacked, plus something called "HKCU:Run" is now in my startup or registry.

    What ever problem I have, it will not allow me to use the Symantec or Webroot websites for help. It seems to block access to the different functions offered, as in, I select "Update Definitions" or select "Scan my Computer" then nothing happens, but the screen flashes to black then pops back up. I updated both programs 2 weeks ago.

    Other strange things include: double flashing of screen when websites are loading, mouse pointer will travel to the left side of screen for no reason, looonnnng load times compared to the usual long load times and very limited search capablities on the NET. I get directed to a lot of German langauge sites.

    How do I prevent this from happening again? We want to network our computers, just to learn how, but I can not risk an infection this bad on my work computer. How can I stop these types of infections?
    Oh, how do I fix this mess????
    LanParty NF2 Ultra B (10/15/03 BIOS)
    Athlon XP 3200
    Thermaltake UFO
    WD Caviar SE16 SATA 400gb
    Corsair XMS 1GB (2) 512mb DDR400
    eVGA GeForce 6800 Ultra
    OCZ powerstream 520W
    XP Pro w/ SP2
    Logitec MX-500
    On board sound w/Boston 5.1 speakers
    Emprex DVDRW 10081M 8x, Ver059
    Benq P211 Monitor

  2. #2

    Re: 2 infections - future protection?

    Boot into safemode w/internet and see if you can run this:
    TrendMicro/Housecall
    Download and run this:
    Spybot Search and Destroy
    Download and run this:
    Ad-Aware SE Personal 1.05
    Go here. Read the EditorsNote. Download and run. Post a log.
    Don't touch anything unless you know what you are doing.
    HijackThis
    If you can't download these programs, have someone do it for you and burn to a disk.
    It's All About Having Fun ..... Isn't It?

    Gigabyte GA-990FXA-UD3 | AMD FX8350 Black Edition | CoolerMaster Hyper 212 EVO | Corsair XMS3 16GB DDR3
    XFX Radeon HD 7950 3GB DDR5 | Acer G246HL 24" WideScreen
    Samsung 840 EVO 500GB | Western Digital Caviar Black 500GB (Storage) | Samsung SH-S224 DVD Burner
    HT|Omega Claro | Technics SL-1210 MKll ~ Stanton 681EEE MKlll
    Esoteric Sounds Rek-O-Kut Professional Phono Preamp MKII
    Klipsch Pro Media v4.1 | Sennheiser HD 580 Precision ~ Sennheiser PC165 (Mic/Headset)
    Lian Li Lancool PC-K7B w/ Enermax NAXN 82+ 750W
    Win7 x64

  3. #3
    Joined
    Dec 2003
    Location
    Orlando, FL
    Age
    40
    Posts
    3,062

    Re: 2 infections - future protection?

    I don't want to beat a dead horse but why do you use AOL? That is your # security issue IMO.

    You need to get rid of them ASAP. Then you need to look into installing "Spybot 1.3" which auto loads when XP or what ever os you have begins. This will be very minimal but should work.

    I run AVG 6 for anti virus and have never had an issue and I surf a lot of porn.

    So I suggest you load:

    - AVG 6 Free
    - Spybot 1.3
    - AdAware 6
    - Firefox for web browsing

    That is a step in the right direction.
    ./

  4. #4
    Joined
    Mar 2003
    Posts
    1,180

    Re: 2 infections - future protection?

    Quote Originally Posted by carlwill
    I don't want to beat a dead horse but why do you use AOL? That is your # security issue IMO.

    You need to get rid of them ASAP. Then you need to look into installing "Spybot 1.3" which auto loads when XP or what ever os you have begins. This will be very minimal but should work.

    I run AVG 6 for anti virus and have never had an issue and I surf a lot of porn.

    So I suggest you load:

    - AVG 6 Free
    - Spybot 1.3
    - AdAware 6
    - Firefox for web browsing

    That is a step in the right direction.
    I second this post! AOL gotta go- too many holes and all the squirells know them. AVG is nice Kaspersky is better Sophos may be even better in some respects. I have been using spybot forever and it is very nice. Ad aware SE is the next one up on Adaware. Firefox is ok but as most people find some sites need IE. Good luck with your issue I am sure you will get it resolved.

    PS. That alexa sure is a pain

  5. #5
    Joined
    Mar 2004
    Location
    Texas
    Age
    60
    Posts
    26

    Re: 2 infections - future protection?

    Yes, AOL will be going away as soon as I can cleanup this mess in my computer. My new ISP will be up and running soon.

    Now it's time to start downloading.
    I'll post a reply on how things go over the weekend.
    LanParty NF2 Ultra B (10/15/03 BIOS)
    Athlon XP 3200
    Thermaltake UFO
    WD Caviar SE16 SATA 400gb
    Corsair XMS 1GB (2) 512mb DDR400
    eVGA GeForce 6800 Ultra
    OCZ powerstream 520W
    XP Pro w/ SP2
    Logitec MX-500
    On board sound w/Boston 5.1 speakers
    Emprex DVDRW 10081M 8x, Ver059
    Benq P211 Monitor

  6. #6
    Joined
    Mar 2004
    Location
    Texas
    Age
    60
    Posts
    26

    Re: 2 infections - future protection?

    I have downloaded and run both Ad-Ware SE Personnal 1.05 & Spybot Search & Destory. They both found spyware junk that I have now deleted.

    My problem with Windows still exists in normal Startup mode, but not in SAFE mode.
    I get a error message box stating: "Application Explorer.exe has encountered a problem and needs to close.....", I'm sure you have seen this before.
    The module name in the error message with Explorer.exe is mspxs32.dll.
    I cannot find any mention of mspxs.dll on the microsoft websites.
    The only info I can get out of the file is:
    orginal name; bho.dll
    created; 14/06/2004 11:41pm
    size; 30KB
    I have tried to open it with NotePad, but the code offers very little extra info.

    Has anyone heard of this file? It's not on my other computer which has the same OS.

    I can't get rid of AOL until I can reset my internet connections, which don't work in either Safe or normal startup.

    Help!!!!!
    LanParty NF2 Ultra B (10/15/03 BIOS)
    Athlon XP 3200
    Thermaltake UFO
    WD Caviar SE16 SATA 400gb
    Corsair XMS 1GB (2) 512mb DDR400
    eVGA GeForce 6800 Ultra
    OCZ powerstream 520W
    XP Pro w/ SP2
    Logitec MX-500
    On board sound w/Boston 5.1 speakers
    Emprex DVDRW 10081M 8x, Ver059
    Benq P211 Monitor

  7. #7

    Re: 2 infections - future protection?

    Read my previous post regarding HijackThis.
    Go here. Read the EditorsNote. Download and run. Post a log.
    Don't touch anything unless you know what you are doing.
    It's All About Having Fun ..... Isn't It?

    Gigabyte GA-990FXA-UD3 | AMD FX8350 Black Edition | CoolerMaster Hyper 212 EVO | Corsair XMS3 16GB DDR3
    XFX Radeon HD 7950 3GB DDR5 | Acer G246HL 24" WideScreen
    Samsung 840 EVO 500GB | Western Digital Caviar Black 500GB (Storage) | Samsung SH-S224 DVD Burner
    HT|Omega Claro | Technics SL-1210 MKll ~ Stanton 681EEE MKlll
    Esoteric Sounds Rek-O-Kut Professional Phono Preamp MKII
    Klipsch Pro Media v4.1 | Sennheiser HD 580 Precision ~ Sennheiser PC165 (Mic/Headset)
    Lian Li Lancool PC-K7B w/ Enermax NAXN 82+ 750W
    Win7 x64

  8. #8
    Joined
    Mar 2004
    Location
    Texas
    Age
    60
    Posts
    26

    Cool Problems gone - bye bye AOL

    I ran the following in SAFE mode and came away with a much cleaner and faster system. Spybot Search and Destroy
    Ad-Aware SE Personal 1.05
    HijackThis
    (Deleted obvious bad stuff, but I'm still reading thru the info before I post a log)
    SpySweeper
    Norton AntiVirus
    CWShredder

    I rebooted after each scan and even did the scans in normal bootup mode. Now things are much better
    Thanks for the help.
    LanParty NF2 Ultra B (10/15/03 BIOS)
    Athlon XP 3200
    Thermaltake UFO
    WD Caviar SE16 SATA 400gb
    Corsair XMS 1GB (2) 512mb DDR400
    eVGA GeForce 6800 Ultra
    OCZ powerstream 520W
    XP Pro w/ SP2
    Logitec MX-500
    On board sound w/Boston 5.1 speakers
    Emprex DVDRW 10081M 8x, Ver059
    Benq P211 Monitor

  9. #9
    Joined
    Nov 2004
    Posts
    1

    Re: 2 infections - future protection?

    I had the exact same problem on my computer and just fixed it, I think.

    Apname:Explorer.exe ModName:mspxs32.dll

    I ran Spybot S&D, Ad Aware, CWShredder, and Norton Anti-Virus numerous times in both safe-mode and regular.

    This found lots of stuff but didn't solve the problem. I just used HijackThis
    and selected to fix :

    O2-BHO-{06CAD548-14DD-4fa3-9EA9-05F83C18CBD7}-C:\WINDOWS\System32\mspxs32.dll

    This seems to have fixed the problem but I was wondering if someone more knowledgeable
    could look at my log file and tell me if there was anything else I should delete or processes that I should kill. Any help is greatly appreciated.

    Logfile of HijackThis v1.98.2
    Scan saved at 8:34:31 PM, on 11/1/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
    C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
    C:\Documents and Settings\Erin McKiernan\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Erin McKiernan\Desktop\Spybot\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ISP50\MAXSPEED\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ISP50\MAXSPEED\pac-image.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098777899750
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A3AC92C-9A64-4DCF-A416-DADBDD4F085B}: NameServer = 198.81.17.134


    Oh yahh, lets all laugh. I also use AOL

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •