Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

* * * Computer is slow [CLOSED]

Started by michael311 , Dec 07 2005 04:40 PM

  • This topic is locked This topic is locked

#1
michael311
Posted 07 December 2005 - 04:40 PM

michael311

    New Member

  • Member
  • Pip
  • 5 posts
I don't know what is going on with my computer. It is extremely slow. Microsoft's anti spyware program reports nothing wrong. McAfee virus scan shows nothing wrong. I disabled McAfee and ran AVG and it didn't find anything.

Panda Active Scan says I'm clean.

When I run Spybot S&D it says: This application has been changed since it was created. Since Spybot-S&D does not change itself, we recommend you check your system for malware and viruses instantly!

I have downloaded and installed Spybot from various sites trying to get it to work but keep getting the same message. I have completely uninstalled it and reinstalled it several times.

Most of the time when I run Ad-Aware it tell me that it has performed an illegal function and will shut down. It used to work fine.

Everything I do on this computer is very slow. I am running XP sp2 with auto updates.

Please help.

Here is my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 5:18:50 PM, on 12/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dad\Start Menu\Programs\Microsoft AntiSpyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\michael\prefs.js)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133922770548
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  • 0

Advertisements

#2
michael311
Posted 26 December 2005 - 01:13 PM

michael311

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:06:05 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Documents and Settings\dad\Start Menu\Programs\Microsoft AntiSpyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\michael\prefs.js)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133922770548
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
  • 0

#3
michael311
Posted 26 December 2005 - 01:31 PM

michael311

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is some more info of things I tried:

I had already run scan disk and defrag but I went ahead and ran them again after running CCleaner. Then I downloaded and installed spybot and ad-aware but I still get the same messages (see original post).

I also installed and ran Install ewido security suite... but still no help.

I been checking around and maybe these links will help you help me. The first is a thread on the Spybot site on this issue:

http://forums.spybot...ph...ed created

The next link is from a cached Google page that links to some sort of forum on this topic. It looks like the last post is a big clue, but I am not smart enough to understand what to do. Unfortunately this thread ended without any statement of a resolution.

http://72.14.207.104...:WzP...f"&hl=en



I manually downloaded and installed the latest reference file but still got the same results.

I checked the the digital signature for spybot and it said "OK" .

I also ran SFC /scannow and it restored some XP files from the XP cd, but I still cannot run spybot or ad-aware.
  • 0

#4
lovethepirk
Posted 26 December 2005 - 01:47 PM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Well I am not entirely sure what is wrong but if I cannot help you I will find someone that may be able to. For now it would help to get an uninatll list from you and maybe run a Kaspersky scan. I want to eliminate some things before tackling the spybot and adaware issues.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post with another HJT log.
Please post the uninstall list as well.

Regards,

LTP
  • 0

#5
michael311
Posted 26 December 2005 - 08:59 PM

michael311

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
LTP,

Here are the logs you requested:

uninstall_list.txt
1999 TurboTax Deluxe
2000 TurboTax Deluxe
2001 TurboTax Premier
Adaptec UDF Reader
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
AnalogX MaxMem
AnalogX POW!
CCleaner (remove only)
Citrix ICA Web Client
CleanUp!
DDC Testing Center
ewido security suite
Family Lawyer 2000
FileAlyzer 1.4
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HP DeskJet 830C Series (Remove only)
InteGrade Pro
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_10
JumpStart 2nd Grade v1.2
JumpStart Kindergarten 2001
JumpStart Kindergarten Reading v1.0
JumpStart Parent Resource Center v1.0
JumpStart Phonics
Math Blaster Ages 6-7
Mavis Beacon Teaches Typing 9.0.0
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee VirusScan
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Home Publishing Express 2000
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office 2000 Professional
Motorola SM56 Modem uninstall
Mozilla Firefox (1.5)
NASCAR Racing 1999 Edition Demo
Netscape Communicator 4.73
NoFlash (remove only)
Panda ActiveScan
Quicken Deluxe 2000
QuickTime
Reader Rabbit Learn To Read With Phonics
Reader Rabbit's Kindergarten
Reader Rabbit's Math Ages 6-9
RealArcade
RealPlayer G2
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Shockwave
SiS Multimedia V1.08
Spybot - Search & Destroy 1.4
The Plain-Language Law Dictionary
TrojanHunter 4.2
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
Visioneer 7600 Scanner Driver
Visioneer PaperPort 6.1
VivoActive Player v2.1
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinFrame Client
Winpix
Yahoo! Internet Mail
Yahoo! Messenger


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, December 26, 2005 21:21:00
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/12/2005
Kaspersky Anti-Virus database records: 167622
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
Z:\

Scan Statistics:
Total number of scanned objects: 68395
Number of viruses found: 1
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 19038 sec

Infected Object Name - Virus Name
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/nicabbot.eml/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 11:25:56 -0400]/nicabbot.1.doc.pif Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/nicabbot.eml Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/FAC/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 14:35:53 -0400]/FAC Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/FAC Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/Hello/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 17:43:47 -0400]/Hello Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/Hello Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/Generic/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 20:54:48 -0400]/Generic Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/Generic Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/FEBRUARY/[From "Nigel Hayes"<[email protected]>][Date Mon, 30 Jul 2001 00:11:37 -0400]/FEBRUARY Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/FEBRUARY Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/Doc1.eml/[From "Nigel Hayes"<[email protected]>][Date Mon, 30 Jul 2001 03:46:49 -0400]/doc1.doc.pif Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/Doc1.eml Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/NEW/[From "Nigel Hayes"<[email protected]>][Date Mon, 30 Jul 2001 07:59:49 -0400]/NEW Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/NEW Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/UPs/[From "Nigel Hayes"<[email protected]>][Date Sat, 4 Aug 2001 09:44:08 -0400]/UPs Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/UPs Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/New/[From "Nigel Hayes"<[email protected]>][Date Sat, 4 Aug 2001 11:25:04 -0400]/New Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/New Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/To.eml/[From "Nigel Hayes"<[email protected]>][Date Sat, 4 Aug 2001 13:09:52 -0400]/to.doc.pif Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/To.eml Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/nicabbot.eml/[From "Nigel Hayes"<[email protected]>][Date Sat, 4 Aug 2001 14:46:02 -0400]/nicabbot.1.doc.pif Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/nicabbot.eml Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/First/[From "Nigel Hayes"<[email protected]>][Date Sat, 4 Aug 2001 16:18:26 -0400]/First Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/First Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/UPs/[From "Nigel Hayes"<[email protected]>][Date Sat, 4 Aug 2001 17:49:44 -0400]/UPs Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/UPs Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/Steve/[From "Nigel Hayes"<[email protected]>][Date Sat, 4 Aug 2001 19:22:21 -0400]/Steve Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/Steve Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/Doc1.eml/[From "Nigel Hayes"<[email protected]>][Date Sat, 4 Aug 2001 21:08:41 -0400]/doc1.doc.bat Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Nigel Hayes"<[email protected]>][Date Sun, 29 Jul 2001 08:16:28 -0400]/Doc1.eml Infected: Email-Worm.Win32.Sircam.c
C:\Documents and Settings\dad\Application Data\Identities\{D3CCBC60-B3E1-11D3-9DA0-E158F4F89A26}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Sircam.c

Scan process completed.



HJT

Logfile of HijackThis v1.99.1
Scan saved at 9:58:09 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Documents and Settings\dad\Start Menu\Programs\Microsoft AntiSpyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\michael\prefs.js)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133922770548
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab



Thanks for your help.
Michael
  • 0

#6
lovethepirk
Posted 28 December 2005 - 02:45 PM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Let's try a couple things.

First, let's delete those files that Kaspersky found to be infected...

Open the inbox of outlook and delete the messages found to be infected above..they are all from "Nigel Hayes"<[email protected]> and then empty the Deleted Messages folder (to avoid having those restored).

Second, you should go into your add/remove section of your control panel and uninstall:
Spybot - Search & Destroy 1.4
Viewpoint Media Player
---we will try to get Spybot working again later...

Third, I would like to get you into a firewall and antivirus.

Here are two free Av's : (you only need one of them)
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com...ast_4_home.html

and a good free firewall...

Zone Alarm: http://www.zonelabs....n.jsp?lid=ho_za

We should try a defragmenting of your hard drive now if you have not done it recently.
This is an excellent website to see how it is done...
http://uis.georgetow...ragmenting.html

If you could check this once again before your next reboot...
Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal

Then reboot.

Post another HJT log for us with feedback on how things are and went.


Regards,

LTP
  • 0

#7
michael311
Posted 31 December 2005 - 06:25 PM

michael311

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Kaspersky files have been deleted.

Spybot S&D is uninstalled.

Why do you want me to delete viewpoint? Spybot worked fine with it before.

I have McAfee for an antivirus and firewall. I also have AVG but it is disabled. I have also disabled McAfee to make sure it wasn't causing the spybot problem. I don't want Zone Alarm.

If you read my previous posts you will see I already defraged twice.

I had normal startup in msconf but I deslected several programs under the startup tab such as yahoo messenger, avg, msn, ect. I don't want all that stuff runing at startup.
  • 0

#8
lovethepirk
Posted 02 January 2006 - 12:58 AM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Michael,

Are you running 256 Ram?

And when you were getting help at Castlecops did you ever use system restore?

Viewpoint is regarded as spyware by some as it sends information from your computer to its servers. You be the judge.
  • 0

#9
lovethepirk
Posted 15 January 2006 - 01:22 AM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP