|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
windows me problems, pc running really slow and loading lots, help
Hi
im running windows me and lately it has got slower and the virtual memory is always popping up saying its to low. my friend has told me i might have spyware on it,i dont know what to do, it even has trouble loading programs after the pc has been running for a while.can anyone please help? thank you |
#2
|
||||
|
||||
Hello boyracer_xr2, welcome to the community.
![]() I'll move your post over to the Security Forum and someone there will help you out. |
#3
|
|||
|
|||
thank you
thank you very much, i look forward to hearing from you
|
#4
|
||||
|
||||
Quote:
![]() |
#5
|
|||
|
|||
im still having the problem, its really not helping when i try to do work on it, ive tried incresing my virutal memory allowence but doesnt seem to make a difference
|
#6
|
||||
|
||||
Howdy boyracer_xr2,
Sorry for the response delay. Sounds like a swap file issue of some sort, so let's see if infection is involved there. Please do the following. Download HijackThis from Here. Then click on the downloaded file, and select Do a system scan and save logfile. Use copy/paste and post that log back here for review. Also, Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here. |
#7
|
|||
|
|||
hijack this file
Logfile of HijackThis v1.99.1
Scan saved at 15:47:34, on 30/04/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\CNXDSLTB.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE C:\PROGRAM FILES\ZINIO\ZINIODELIVERYMANAGER.EXE C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 MY CUSTOM EDITION\CALCHECK.EXE C:\WINDOWS\WUAUCLT.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.ebay.co.uk/ROLEX-OYSTER-D...QQcmdZViewItem R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: (no name) - {03C7A5AE-2AD9-28B2-5AC6-34ED4B7CFE39} - C:\WINDOWS\APPLICATION DATA\CLOCK ITCH HIDE\JUNK USER.EXE (file missing) O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CnxDslTaskBar] C:\WINDOWS\SYSTEM\CnxDslTb.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EX E -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe" O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRAM FILES\ZINIO\ZINIODELIVERYMANAGER.EXE /autostart O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Supportthis] C:\WINDOWS\APPLIC~1\SOAPDA~1\16 OOZE BODY.exe O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\REGISTRYREPAIRPRO.EXE 4 O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 |
#8
|
|||
|
|||
startup file
Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows Me (Millennium Edition) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "Zinio DLM" = "C:\PROGRAM FILES\ZINIO\ZINIODELIVERYMANAGER.EXE /autostart" ["Zinio Systems, Inc."] "MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart" ["Patchou"] "Supportthis" = "C:\WINDOWS\APPLIC~1\SOAPDA~1\16 OOZE BODY.exe" [file not found] "Windows Registry Repair Pro" = "C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\REGISTRYREPAIRPRO.EXE 4" [file not found] "Free Download Manager" = "C:\Program Files\Free Download Manager\fdm.exe -autorun" [file not found] "msnmsgr" = ""C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS] "TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS] "PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS] "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "CnxDslTaskBar" = "C:\WINDOWS\SYSTEM\CnxDslTb.exe" ["Conexant Systems Inc."] "LoadQM" = "loadqm.exe" [MS] "internat.exe" = "internat.exe" [MS] "OmgStartup" = "C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe" ["Sony Corporation"] "WorksFUD" = "C:\Program Files\Microsoft Works\wkfud.exe" ["Microsoft® Corporation"] "Microsoft Works Portfolio" = "C:\Program Files\Microsoft Works\WksSb.exe /AllUsers" ["Microsoft® Corporation"] "Microsoft Works Update Detection" = "C:\Program Files\Microsoft Works\WkDetect.exe" ["Microsoft® Corporation"] "REGSHAVE" = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."] "QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."] "SystemTray" = "SysTray.Exe" [MS] "LWBMOUSE" = "C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [empty string] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "Symantec Core LC" = ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer" ["Symantec Corporation"] "AdaptecDirectCD" = ""C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"] "CreateCD50" = "C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.E XE -r" ["Roxio"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services\ {++} "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "SchedulingAgent" = "mstask.exe" [MS] "*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS] "ATIPOLAB" = "ati2evxx.exe" [file not found] "MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"] "StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS] "SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS] "KB891711" = "C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE" [MS] "ccEvtMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] "ccSetMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] "ISSVC" = ""C:\Program Files\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"] "ccProxy" = "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" ["Symantec Corporation"] "ScriptBlocking" = ""C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg" ["Symantec Corporation"] "ALU Scheduler Service" = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" ["Symantec Corporation"] HKLM\Software\Microsoft\Active Setup\Installed Components\ PerUser_CVT_Inis\(Default) = "Windows Setup - FAT32 Converter" \StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL" ["Safer Networking Limited"] {03C7A5AE-2AD9-28B2-5AC6-34ED4B7CFE39}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\APPLICATION DATA\CLOCK ITCH HIDE\JUNK USER.EXE" [file not found] {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security" -> {HKLM...CLSID} = "CNisExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data] "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\" [file not found] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices" -> {HKLM...CLSID} = "Universal Plug and Play Devices" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\UPNPUI.DLL" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL" ["RealNetworks, Inc."] "{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive" -> {HKLM...CLSID} = "GMail Drive" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\SHELLEXT\GMAILFS.DLL" ["Bjarke Viksoe"] "{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet" -> {HKLM...CLSID} = "GMailFS Property Sheet" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\SHELLEXT\GMAILFS.DLL" ["Bjarke Viksoe"] "{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler" -> {HKLM...CLSID} = "GMailFS Drop Handler" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\SHELLEXT\GMAILFS.DLL" ["Bjarke Viksoe"] "{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu" -> {HKLM...CLSID} = "GMailFS Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\SHELLEXT\GMAILFS.DLL" ["Bjarke Viksoe"] "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "My Phones" -> {HKLM...CLSID} = "My Phones" \InProcServer32\(Default) = "C:\PROGRAM FILES\SONY ERICSSON\MOBILE\FILE MANAGER\FMGRGUI.DLL" ["Sony Ericsson Mobile Communications AB"] "{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension" -> {HKLM...CLSID} = "Adaptec DirectCD Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\shellex.dll" ["Roxio"] HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Desktop\untitled.jpg" WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] "SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\MYPICT~1.SCR" (My Pictures Screen Saver.scr) [MS] Startup items in "Startup" & "All Users...Startup" folders: ----------------------------------------------------------- C:\WINDOWS\Start Menu\Programs\StartUp "Exif Launcher" -> shortcut to: "C:\Program Files\Exif Launcher\QuickDCF.exe" ["FUJI PHOTO FILM CO., LTD."] "Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] "Microsoft Works Calendar Reminders" -> shortcut to: "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"] "Ulead Photo Express Calendar Checker For My Custom Edition" -> shortcut to: "C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe" ["Ulead Systems, Inc."] Enabled Scheduled Tasks: ------------------------ "Tune-up Application Start" -> launches: "walign" [MS] "PCHealth Scheduler for Data Collection" -> launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS] "7D904D4A6E15DA67" -> launches: "c:\progra~1\soapda~1\safefouractive.exe" [file not found] "Norton AntiVirus - Scan my computer - Ashley Demenezes" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\WINDOWS\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" -> {HKLM...CLSID} = "Norton Internet Security" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL" ["$"] "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" -> {HKLM...CLSID} = "Norton Internet Security" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {HKLM...CLSID} = "Web Browser Applet Control" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\MSJAVA.DLL" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome" [Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome" Missing lines (compared with English-language version): [Strings]: 2 lines Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monito rs\ SYSFMON\Driver = "SYSFMON.DLL" ["Conceptual Systems."] BJ Language Monitor WW i450\Driver = "CJPLM4W.DLL" ["CANON INC."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 18 seconds, including 3 seconds for message boxes) |
#9
|
||||
|
||||
The log does show infection, and a likely source of it as well. We'll start repairs and see how that effects the issues you have been having. Please do the following.
The procedures we are about to do will remove your Messenger 3 software. See Here why this is not only undesirable to have on board, buy why it is also a likely source of the Lop infection showing in your log. Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel. Messenger Plus! 3 Next, run the below uninstallers (If your AV queries the download, allow it. It's not malicious). http://lop.com/new_uninstall.exe http://lop.com/toolbar_uninstall.exe Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" Do a search ( Start - Search/Find - Files or Folders) for the following hilighted files/folders (shown in Bold), and if found, delete them. C:\Program Files\Messenger Plus! 3 (the entire folder) Then reboot. Go here for an online AV scan (requires IE to run). Scan "Local Disks" and when finished save the scan log and then post the log here, along with a new HijackThis log please. |
#10
|
|||
|
|||
panda active
virus detected 3 disinfected 3
spyware detected 80 disinfected 0 dialers detected 1 disinfected 0 I couldnt open the report due to an error |
#11
|
|||
|
|||
new hijack this
Logfile of HijackThis v1.99.1
Scan saved at 03:14:10, on 01/05/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\CNXDSLTB.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE C:\PROGRAM FILES\ZINIO\ZINIODELIVERYMANAGER.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 MY CUSTOM EDITION\CALCHECK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\WUAUCLT.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.ebay.co.uk/ROLEX-OYSTER-D...QQcmdZViewItem R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CnxDslTaskBar] C:\WINDOWS\SYSTEM\CnxDslTb.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EX E -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe" O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRAM FILES\ZINIO\ZINIODELIVERYMANAGER.EXE /autostart O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\REGISTRYREPAIRPRO.EXE 4 O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab |
#12
|
||||
|
||||
Hmmm, actually the Panda report was the object of the scan, as it gives a guide to files/folders and their locations. What error did you receive? You might try running the Activescan again and see if you can post back the report then.
|
#13
|
|||
|
|||
active x
i think it said something due to active x, but i am trying it again, thank you for all your help, i'll post the report asap
|
#14
|
|||
|
|||
yay it worked
heres the report
Incident Status Location Adware:Adware/PurityScan Not disinfected C:\WINDOWS\Downloaded Program Files\start.INF Dialer ![]() Spyware:Spyware/Hyperbar Not disinfected C:\My Documents\desktop\other docs\WarezP2P.exe[NavHelperInner.msi][unk_0016][HyperbarSS3.dll] Spyware:Spyware/Hyperbar Not disinfected C:\My Documents\desktop\other docs\WarezP2P.exe[NavHelperInner.msi][unk_0016][Hyperbar.dll] Spyware:Spyware/New.net Not disinfected C:\My Documents\desktop\other docs\WarezP2P.exe[NNWARZ3_88.exe] |
#15
|
||||
|
||||
Good, that helps. Please do the following.
Close Internet Explorer and all open windows and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis. R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" Do a search ( Start - Search/Find - Files or Folders) for the following hilighted files/folders (shown in Bold), and if found, delete them. C:\WINDOWS\Downloaded Program Files\start.INF C:\WINDOWS\switchagreement.txt C:\My Documents\desktop\other docs\WarezP2P.exe Then Empty your temp folders. - Go to Start > Run, enter %temp% and click on OK. Delete all the files that you find there. - Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there. Do this for all Usernames. - Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files... Check the box to the left of 'Delete all offline content' and then click on OK. And reboot. Run a new scan with Panda and check for any items remaining. Also post back what system issues you are experiencing now. |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Laptop loading slow internet running slow | ira82 | Windows XP | 11 | April 3rd, 2010 04:09 AM |
Lots of pop ups....running slow...here is my HJT log..Please Help!!! | Timsgirl | Malware Removal | 10 | May 13th, 2007 07:11 AM |
PC Running A Little Slow ... Lots of Processes Running ... HJT LOG | xupugh | Malware Removal | 42 | January 26th, 2006 12:08 PM |
Software problems loading or running win2k | Thunder2k | Malware Removal | 3 | March 8th, 2005 06:20 PM |
WIndows XP running unusually slow.... Like REALLY REALLY slow. Any ideas?? | FrankieBonez | Windows XP | 8 | July 24th, 2004 06:59 AM |
All times are GMT +1. The time now is 12:43 AM.