Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Ever since catching the coolweb virus three years ago, or maybe two... closer to three, I've had Spybot S&D on my computer. Off an on I have either Zone Alarm of McAfee running.
Lately my computer seems to be... so slow. Its like its running 98% of its ability before I do anything and just opening a browser takes (could take forever) many minutes until I do a CTRL+ALT+DEL or try to spur the computer on. I try to play Star Wars Galaxies online and recently its been very very sluggish.
I run System Mechanic 6 which has its own spyware remover and defragmenter it runs.
I'm just not sure what to do. I'm finding small spywares here and there. McAfee popped a window about a trojan that changed something but was fixed earlier but its still slow. I don't know what to do anymore.
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
0 
I thought you'd never ask =)
Logfile of HijackThis v1.99.1
Scan saved at 8:43:50 PM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe
C:\WINDOWS\system32\CTHELPER.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Documents and Settings\Steve\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab43895.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
0
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe modeDownload and install Ewido Security Suite We will need this later in safe mode
Be sure to update Ewido
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Exit Hijack This but remain in safe mode
Run Ewido from safe mode and let it delete all that it finds.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Reboot into mormal mode.
Run this free online scan from Panda
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.
0
Interesting. Still slow x_X . I also got an email saying jabuck would ruin my computer but the person spelled "at least" as "leest" so, no worries there.
In any case it seems the remaining spyware is in the System Mechanic folder? I don't know.
Before when I ran the ewido it found 162 spywares and adwares that Spybot, Spysweeper, and McAfee failed to find. I think they were also in the System Mechanics 6 folder... hmm...Here is the Panda log you requested. It looks jumbled a bit because of the forum restraints.
Incident Status LocationSpyware:Cookie/Com.com Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{145AF73D-D193-4BA0-879C-001706402B94}\{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt[{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt][.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{145AF73D-D193-4BA0-879C-001706402B94}\{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt[{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt][.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{145AF73D-D193-4BA0-879C-001706402B94}\{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt[{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt][.perf.overture.com/]
Spyware:Cookie/Tucows Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{145AF73D-D193-4BA0-879C-001706402B94}\{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt[{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt][.tucows.com/]
Spyware:Cookie/Enhance Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{145AF73D-D193-4BA0-879C-001706402B94}\{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt[{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt][c.enhance.com/]
Spyware:Cookie/GoClick Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{145AF73D-D193-4BA0-879C-001706402B94}\{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt[{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt][c.goclick.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{145AF73D-D193-4BA0-879C-001706402B94}\{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt[{D5EECBF6-94B1-499E-B7CB-6BFABD6224B4}.txt][ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{22332F0A-436B-4A7E-BF8C-59843ECE9A50}\{6883ED23-6659-421C-90CA-0916CD4C4564}.txt[{6883ED23-6659-421C-90CA-0916CD4C4564}.txt][.com.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{22332F0A-436B-4A7E-BF8C-59843ECE9A50}\{6883ED23-6659-421C-90CA-0916CD4C4564}.txt[{6883ED23-6659-421C-90CA-0916CD4C4564}.txt][ad.yieldmanager.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{26295218-E004-49B1-890D-DA0265E132C6}\{62313096-2A5E-4FA2-AFC4-16B21EEFC865}.txt[{62313096-2A5E-4FA2-AFC4-16B21EEFC865}.txt][.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{26295218-E004-49B1-890D-DA0265E132C6}\{62313096-2A5E-4FA2-AFC4-16B21EEFC865}.txt[{62313096-2A5E-4FA2-AFC4-16B21EEFC865}.txt][.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{26295218-E004-49B1-890D-DA0265E132C6}\{62313096-2A5E-4FA2-AFC4-16B21EEFC865}.txt[{62313096-2A5E-4FA2-AFC4-16B21EEFC865}.txt][.com.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{26295218-E004-49B1-890D-DA0265E132C6}\{62313096-2A5E-4FA2-AFC4-16B21EEFC865}.txt[{62313096-2A5E-4FA2-AFC4-16B21EEFC865}.txt][ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{3E08C3C6-486D-4540-AFCE-8A01DD52B971}\{0E238291-F51B-4C6E-874B-8600759BA9C5}.txt[{0E238291-F51B-4C6E-874B-8600759BA9C5}.txt][.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{3E08C3C6-486D-4540-AFCE-8A01DD52B971}\{0E238291-F51B-4C6E-874B-8600759BA9C5}.txt[{0E238291-F51B-4C6E-874B-8600759BA9C5}.txt][ad.yieldmanager.com/]
Spyware:Cookie/Tickle Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{3E08C3C6-486D-4540-AFCE-8A01DD52B971}\{0E238291-F51B-4C6E-874B-8600759BA9C5}.txt[{0E238291-F51B-4C6E-874B-8600759BA9C5}.txt][.tickle.com/]
Spyware:Cookie/Target Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{617CEDC5-0CCF-4D1B-92C6-46FCF29A4D8D}\{F110C488-A23F-47A3-BA6B-A654CFA8FE75}.txt[{F110C488-A23F-47A3-BA6B-A654CFA8FE75}.txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{67A11409-39F3-4E85-AE40-5EF034D3ED14}\{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt[{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt][.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{67A11409-39F3-4E85-AE40-5EF034D3ED14}\{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt[{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt][.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{67A11409-39F3-4E85-AE40-5EF034D3ED14}\{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt[{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt][ad.yieldmanager.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{67A11409-39F3-4E85-AE40-5EF034D3ED14}\{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt[{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt][.azjmp.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{67A11409-39F3-4E85-AE40-5EF034D3ED14}\{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt[{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt][.hitbox.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{67A11409-39F3-4E85-AE40-5EF034D3ED14}\{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt[{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt][.apmebf.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{67A11409-39F3-4E85-AE40-5EF034D3ED14}\{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt[{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt][.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{67A11409-39F3-4E85-AE40-5EF034D3ED14}\{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt[{860C94AF-FBC3-49B9-9CFE-55EC2CE93715}.txt][.qksrv.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{7522EF85-2526-4D9C-934F-318332B1264A}\{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt[{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt][ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{7522EF85-2526-4D9C-934F-318332B1264A}\{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt[{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt][.advertising.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{7522EF85-2526-4D9C-934F-318332B1264A}\{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt[{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt][.com.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{7522EF85-2526-4D9C-934F-318332B1264A}\{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt[{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt][.perf.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{7522EF85-2526-4D9C-934F-318332B1264A}\{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt[{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt][.2o7.net/]
Spyware:Cookie/Go Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{7522EF85-2526-4D9C-934F-318332B1264A}\{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt[{92F42A4A-D4AF-4AEA-B870-08604DD95D3B}.txt][.go.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A0EFC308-2840-4920-A651-02B077EBB974}\{4D58F3D5-B321-40B3-8955-B8FBEE3D39A7}.txt[{4D58F3D5-B321-40B3-8955-B8FBEE3D39A7}.txt][.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A0EFC308-2840-4920-A651-02B077EBB974}\{4D58F3D5-B321-40B3-8955-B8FBEE3D39A7}.txt[{4D58F3D5-B321-40B3-8955-B8FBEE3D39A7}.txt][ad.yieldmanager.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A0EFC308-2840-4920-A651-02B077EBB974}\{4D58F3D5-B321-40B3-8955-B8FBEE3D39A7}.txt[{4D58F3D5-B321-40B3-8955-B8FBEE3D39A7}.txt][.spylog.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A0EFC308-2840-4920-A651-02B077EBB974}\{4D58F3D5-B321-40B3-8955-B8FBEE3D39A7}.txt[{4D58F3D5-B321-40B3-8955-B8FBEE3D39A7}.txt][.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A128CEC2-15AA-4369-8031-95F587AC8B70}\{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt[{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt][.2o7.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A128CEC2-15AA-4369-8031-95F587AC8B70}\{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt[{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt][.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A128CEC2-15AA-4369-8031-95F587AC8B70}\{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt[{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt][.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A128CEC2-15AA-4369-8031-95F587AC8B70}\{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt[{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt][.com.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A128CEC2-15AA-4369-8031-95F587AC8B70}\{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt[{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt][.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A128CEC2-15AA-4369-8031-95F587AC8B70}\{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt[{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt][.qksrv.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A128CEC2-15AA-4369-8031-95F587AC8B70}\{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt[{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt][ad.yieldmanager.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A128CEC2-15AA-4369-8031-95F587AC8B70}\{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt[{36DA2CCF-CECF-4CD6-B56A-484807ED6BD4}.txt][searchportal.information.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A8218C71-42E8-45D4-B810-24296690C327}\{67C8443D-3C29-4D30-97AB-1D022DEBAF0E}.txt[{67C8443D-3C29-4D30-97AB-1D022DEBAF0E}.txt][.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A8218C71-42E8-45D4-B810-24296690C327}\{67C8443D-3C29-4D30-97AB-1D022DEBAF0E}.txt[{67C8443D-3C29-4D30-97AB-1D022DEBAF0E}.txt][.com.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{A8218C71-42E8-45D4-B810-24296690C327}\{67C8443D-3C29-4D30-97AB-1D022DEBAF0E}.txt[{67C8443D-3C29-4D30-97AB-1D022DEBAF0E}.txt][ad.yieldmanager.com/]
0
I just went in and deleted the contents of that folder. If needed I could probably get them back, but for now it seemed the best thing to do. *shrug*
0
That wonderful person spends a lot of time emailing everyone I try to help to tell them I'm going to blow up their computer(lots and lots of lol) and apparently spends little or no time trying to help other, strange isn't it. They don't know how easy it is to find them. It would be great if you (or any one else who has experienced this) would save their email address and give to Justin Weber the owner of the Computing.net forum. Just start a new thread and in the subject line write "Justin Weber need help", he will respond within a day usually and help you get the info to him , and thank you for reporting that misconduct.
On deleting the files, best thing to do as they we mostly cookies.
Run Hijack This again,click the "open misc tools section" button> click the "open uninstall manager" button> click save list> save> yes> copy that and paste it into your next post>
Please download SilentRunners from this link http://www.silentrunners.org/Silent%20Runners.zip. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.
This could be a newer version of coolweb and if it is it may take a little work to file it.
0
For the record, the adobe software I have are just trials- - not pirated. I'm not into that anymore.
Uninstall List from Hijack This:
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Premiere 6.0
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Advanced RealMedia Export Plug-in for Premiere 6.0
Avid Free DV
Belarc Advisor 7.0
Cleaner 5 EZ
EAX Unified
ewido anti-spyware 4.0
EZ Macros
Google Earth
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
iolo technologies' System Mechanic 6
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Macromedia Shockwave Player
MathPlayer
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Standard Edition 2003
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (1.5.0.6)
MSN
MSN Encarta Plus Support Files
MSN Messenger 7.5
NVIDIA Drivers
Panda ActiveScan
QuickTime
ScummVM 0.9.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Skype 2.0
Sound Blaster Live! Web 2K/XP
Spy Sweeper for MSN
Spybot - Search & Destroy 1.4
Star Wars Galaxies: The Total Experience
STARWARS: The Battle of Endor version 2.1
STARWARS: The Battle of Yavin version 1.1
TeamSpeak 2 RC2
Trillian
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Ventrilo Client
Verizon Online
Verizon Online Help & Support
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
ZD Soft Game Recorder
ZD Soft Screen Recorder
0
I double click the silent runners.vbs and it opens it up in notepad. It wont run as a program, any prerequisite plugins I need?
0
Ah. I got it. Ran it through command prompt.
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
----HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"A Verizon App" = "C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe" ["Verizon Internet Solutions"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Verizon Broadband Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll" [file not found]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" [file not found]
"{FF393560-C2A7-11CF-BFF4-444553540000}" = "History"
-> {HKCU...CLSID} = "History"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{88C6C381-2E85-11D0-94DE-444553540000}" = "ActiveX Cache Folder"
-> {HKCU...CLSID} = "ActiveX Cache Folder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\occache.dll" [MS]
"{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Subscription Folder"
-> {HKCU...CLSID} = "Subscription Folder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * smrgdf C:\Program Files\iolo\System Mechanic 6\ SsiEfr.e SsiEfr.e" [file not found], [MS], [file not found], [null data], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Default executables:
--------------------INFECTION WARNING! HKLM\Software\Classes\htafile\shell\open\command\(Default) = "NOTEPAD.EXE %1" [MS]
INFECTION WARNING! HKLM\Software\Classes\scrfile\shell\open\command\(Default) = "NOTEPAD.EXE %1" [MS]
Active Desktop and Wallpaper:
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Desktop Background.bmp"Active Desktop web content:
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "file:///C:/DOCUME~1/Steve/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL" = "file:///C:/DOCUME~1/Steve/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
Enabled Screen Saver:
---------------------HKCU\Control Panel\Desktop\
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
--Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
-------Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}"
-> {HKLM...CLSID} = "Verizon Broadband Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll" [file not found]HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" = (no title provided)
-> {HKLM...CLSID} = "Verizon Broadband Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll" [file not found]
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {HKLM...CLSID} = "McAfee VirusScan"
\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
--------ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe"" [MS]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe" ["McAfee Corporation"]
McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]
McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 36 seconds)
0
Download SmitRem.exe and save the file to your desktop.
Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
Reboot back into Windows normal mode.Do a search for "smitfiles.txt" usually found a C:\smitfiles.txt and post the results of the scan.
Next download Spybot's newest 1.4 version from here (if you already have the 1.4 version just update it): http://www.safer-networking.org/en/download/index.html
Run Spybot-S&D.
Select "Search for updates" and then select all available updates.
Click on the drop-down box in the top center to choose a download location nearest to you.
Then click "Download updates". When all updates have downloaded, close Spybot-S&D.
Next, please open Spybot Search & Destroy again.
Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems".
Do NOT fix these two problems if you see them:
Windows Security Center.FirewallDisableNotify
Windows Security Center.AntiVirusDisableNotifyReconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.Go to C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
In the right pane, click on Date Modified to sort the files by date.
Find the latest copy of the 2 text files that start with:
Checks.SOME_DATE.txt (ex - Checks.060724-0555.txt)
Fixes.SOME_DATE.txt (ex - Fixes.040615-2034.txt)Post the contents of those two files.
0
smitRem © log file
version 3.1by noahdfear
Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Wed 08/16/2006
The current time is: 19:54:36.59Running from
C:\Documents and Settings\Steve\Desktop\smitRem~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.comRegistry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
checking for drsmartload2 key
drsmartload2 key not present!spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
amcompat.tlb
nscompat.tlb
~~~ Icons in System32 ~~~~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 828 'explorer.exe'
Killing PID 828 'explorer.exe'Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.comRegistry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~CLEAN! :)
0
The folder you said the spybot logs would be in, wellt hey were, but the most recent one was from 2005. There is also a folder called "All Users.WINDOWS" as well as an "All Users" folder in the Documents and Settings folder.
Do you still want the logs from "All Users" that were "modified" from 2005?
0
With the newest verision of Spybot(1.4 update today) run a scan with spybot then post the contents in the requested files.
Remember not to delete these:
Windows Security Center.FirewallDisableNotify
Windows Security Center.AntiVirusDisableNotify
If they show up "red", meaning remove, in the Spybot scan.
0
The following is from "All Users.WINDOWS" folder Application Data.
Checks.060816-2225.txt
--- Report generated: 2006-08-16 22:25 ---
Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-776561741-2111687655-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-08-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-08-11 Includes\Cookies.sbi (*)
2006-08-11 Includes\Dialer.sbi (*)
2006-08-11 Includes\Hijackers.sbi (*)
2006-08-11 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-08-11 Includes\Malware.sbi (*)
2006-08-11 Includes\PUPS.sbi (*)
2006-08-11 Includes\Revision.sbi (*)
2006-08-11 Includes\Security.sbi (*)
2006-08-11 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-08-11 Includes\Trojans.sbi (*)Fixes.060816-2048.txt
--- Report generated: 2006-08-16 20:48 ---Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-776561741-2111687655-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-19 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-08-11 Includes\Cookies.sbi (*)
2006-08-11 Includes\Dialer.sbi (*)
2006-08-11 Includes\Hijackers.sbi (*)
2006-08-11 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-08-11 Includes\Malware.sbi (*)
2006-08-11 Includes\PUPS.sbi (*)
2006-08-11 Includes\Revision.sbi (*)
2006-08-11 Includes\Security.sbi (*)
2006-08-11 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-08-11 Includes\Trojans.sbi (*)
0
Still looks clean as a whistle.
Try uninstalling Ewido from add/remove programs.
Let me know if that changed anything.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
