This is the file that they show: (MEANMACHINE) 2006-08-12 20.06.52.txt, and this is what the internet said it looks like: Startup PRograms (MEANMACHINE) 2006-08-12 20.06.52.txt

0

Ok, I think I see the problem. It was downloaded to "my documents" instead of "desktop". Go to my documents and delete the silent runners folders, probably a zipped folder and a regular folder. Next redownload silentrunners. When you click the silenterunners link click "save">on the right side of the "save in" box click the drop down arrow then click "desktop" and that will place "desktop in the "save in" box> now click save. Once downloaded right click the zipped file> extract all> next> next> double click the "silentrunners" icon> open> click "no" and the scan will begin. The log will be in the silentrunners folder and take about a minute to run.

0

Thank you those directions worked perfectly, "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "pmsngr.exe" = "C:\Program Files\Media-Codec\pmsngr.exe" [file not found] "homepage.monitor.exe" = "C:\Program Files\Media-Codec\isamonitor.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "FRISK FP-Scheduler" = "C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP" ["FRISK Software International"] "F-StopW" = "C:\Program Files\FSI\F-Prot\F-StopW.exe" ["Frisk Software International"] "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1474F601-9B4B-4EB0-81FA-20F753C0E1A4}" = "FRISK extension" -> {HKLM...CLSID} = "FRISK Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\FSI\F-Prot\shexthk.dll" [empty string] "{E443A8D5-D905-4401-8789-16AE23A8A96D}" = "FRISK extension" -> {HKLM...CLSID} = "FRISKLinkExt Class" \InProcServer32\(Default) = "C:\Program Files\FSI\F-Prot\shexthk.dll" [empty string] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook" -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook" \InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MpShHook.dll" [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ FRISK\(Default) = "{1474F601-9B4B-4EB0-81FA-20F753C0E1A4}" -> {HKLM...CLSID} = "FRISK Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\FSI\F-Prot\shexthk.dll" [empty string] Active Desktop and Wallpaper: Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]

0

Temporarily disable any of the following anti-spyware realtime protection programs that you may have Temporarily Disable Realtime Protection Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Download and install Ewido Security Suite We will need this later in safe mode Be sure to update Ewido Download SmitRem.exe and save the file to your desktop. Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. Reboot back into Windows normal mode. Do a search for "smitfiles.txt" usually found a C:\smitfiles.txt and post the results of the scan. Reboot into safe mode Navigate to and delete this folder if found: C:\Program Files\Media-Codec Run Ewido from safe mode and let it delete all that it finds. Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Reboot to normal mode. Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Let me know how you are running.

0

My computer barely will run now that I installed those programs, everything is 100 times slower than usual, I can't do anything the programs do not respond, and I can't even remove them, any suggestions?

0

Those programs are run by thousands of computer experts everyday with no without any incidents so I doubt seriously if that is the cause of the problem. They may have been corrupted during the download by I would not think that could happen to three different downloads as silentrunners was not effected. To uninstall Ewido go to start>control panel>add/remove programs> scroll down and click ewido> click remove>restart the computer. To remove Smitremfix go to start>search> do a search for smitrem and delete the smitrem folder. To remove ATF_Cleaner do search for ATF_Cleaner and delete the ATF_Cleaner files, just right click on them then click delete. I would not empty the recycle bin for a day or two then delete it if you see no problems.

0

I know how to delete them but it is lagging so much that i can't even reach it, I might just re-do windows

0

Probably the best idea. A system restore might be an easier first attempt to resolve. You would only need to reinstall the windows updates.

0

I actually got it working well again, but after the deletion of all of those programs... I am not sure if I should try it again?

0

You might try to run this free online scan from Panda When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.

0

Incident Status Location Dialer:dialer.avv Not disinfected c:\windows\downloaded program files\gdnUS2218.exe Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall6_98.exe Adware:adware/systemdoctor Not disinfected Windows Registry Adware:adware/emediacodec Not disinfected Windows Registry Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Josh\Cookies\josh@2o7[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Josh\Cookies\josh@atwola[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Josh\Cookies\josh@tribalfusion[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Josh\Local Settings\Temp\Cookies\josh@atwola[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Josh\Local Settings\Temp\Cookies\josh@com[1].txt Adware:Adware/SpywareQuake Not disinfected C:\Documents and Settings\Josh\Local Settings\Temp\temp.fr8C76 Adware:Adware/SpywareQuake Not disinfected C:\Documents and Settings\Josh\Local Settings\Temp\tmpFF.tmp Virus:Eicar.Mod Not disinfected C:\Program Files\FSI\F-Prot\fpav-help.chm[/prob-scan-ok.html] Virus:Eicar.Mod Not disinfected C:\Program Files\InstallShield Installation Information\{9FD12630-1991-46F5-8479-92DE1EAE87DA}\data1.cab[fpav-help.chm][/prob-scan-ok.html] Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\739BE1CB-D144-4CD6-A5E9-D7DE07\800846CB-CFAC-4C90-8FBB-6D4EB7 Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E9F07E13-2C5C-4ED1-B24B-0F04AA\5DEC1608-C133-4956-B856-815C06

0

After you download Smitremfix but before you run it go offline and temporarily disable any of the following anti-spyware realtime protection programs that you may have Temporarily Disable Realtime Protection You are still infected with SmitRem and a few others, run download the and run the following tool then uninstall it after you post the results. Download SmitRem.exe and save the file to your desktop. Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. Reboot back into Windows normal mode. Do a search for "smitfiles.txt" usually found a C:\smitfiles.txt and post the results of the scan. Reboot into safe mode and delete these files if found: c:\windows\downloaded program files\gdnUS2218.exe c:\windows\NDNuninstall6_98.exe While still in safe mode navigate to and delete the contents of these folders (not the folders): C:\Documents and Settings\Josh\Local Settings\Temp C:\Program Files\Microsoft AntiSpyware\Quarantine

0

smitRem © log file version 3.1 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="6.0000" The current date is: Fri 08/18/2006 The current time is: 11:43:30.29 Running from C:\Documents and Settings\Josh\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "coursings"="{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Trust Cleaner uninstaller NOT present SpyHeal uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ amcompat.tlb nscompat.tlb ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 844 'explorer.exe' Killing PID 844 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

0

I could not find any of those files in safe mode, or even the contents of those folders you wanted me to delete.

0

Perhaps they are hidden> Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok. Reboot into safe mode and search for the files again.

0

The things that you told me to change were already like that

0

If that is thae case then you should be clean. Are you running any better?

0

Yeah it seems alright except my toolbar doesn't show up I think that's the only thing Thanks for all of your help i appreciate it

0