Dowload this file and when you run it select repair - let me know if that works
Win32:TratBHO(Trj), Win32:Gaobot-2435(Trj), Win32:Agent-SND(Trj), Win3
#16
Posted 20 March 2008 - 01:27 PM
Dowload this file and when you run it select repair - let me know if that works
#17
Posted 20 March 2008 - 08:13 PM
Know a few more things,
1st if I try and use internet explorer because for microsoft.com websites to do most things you have to be using explorer. I get all these scripting messages, cookie messages, what am I suppose to do when this happens, or is there a way to make it so the scripting and cookies don't prompt me.
2nd My avast atomatic update is not able to make the proper internet connection to update. And every 240 minutes I get the error message, but it doesn't tell me how to fix it.
3rd I have a new application called click me in the start up menu and I cannot delete it.
and last but not least I want to know if there is a way to remove some of the processess constantly running on my computer. The ones that show up on task manager. I have like 10 svchost.exe files are all those truly necessary. Also there is this file CTSVCCDA.EXE and I have no idea what it is. Help Again I am so thankful for your assistance.
#18
Posted 21 March 2008 - 06:45 AM
Go to control panel and select Internet options1st if I try and use internet explorer because for microsoft.com websites to do most things you have to be using explorer. I get all these scripting messages, cookie messages, what am I suppose to do when this happens, or is there a way to make it so the scripting and cookies don't prompt me.
Select the advanced tab
Under browsing ensure that there is a tick in the script debugging options
Go to control panel and select Add/Remove programs2nd My avast atomatic update is not able to make the proper internet connection to update. And every 240 minutes I get the error message, but it doesn't tell me how to fix it.
Select Avast and you will be offered several options on the left hand side of the uninstall window
Select repair
3rd I have a new application called click me in the start up menu and I cannot delete it.
Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
- Close ALL OTHER PROGRAMS.
- Open the OTScanit folder and double-click on OTScanit.exe to start the program.
- Check the box that says Scan All User Accounts
- Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
- Under Additional Scans check the following:
- Reg - Desktop Components
- Reg - Disabled MS Config Items
- File - Additional Folder Scans
- File - Purity Scan
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
To attach a file, do the following:
- Click Add Reply
- Under the reply panel is the Attachments Panel
- Browse for the attachment file you want to upload, then click the green Upload button
- Once it has uploaded, click the Manage Current Attachments drop down box
- Click on to insert the attachment into your post
#19
Posted 21 March 2008 - 09:45 AM
Also the anti virus avast hadnt detected any bad files because ir hasn't been ran since the 9th until yesterday because I wanted to make sure we fix all that we can at this point. It found adware, a trj, and malware. I started the scan before I went to bed last night and i got up and it was still running and had only made it through 33,000 files out of 90,000. Is there a quicker scanner that we can use so that we can fix these things. One of the problems was in Sun Java, one a system file and I cannot remember the other. Thank y
#20
Posted 21 March 2008 - 11:14 AM
OTScanit shows only remnants and a few errors to resolve
Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Registry - Non-Microsoft Only] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ YN -> WebBrowser\\{E413A417-D00B-4A3B-9C17-19048046F1CE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults YN -> shell -> shell protocol not assigned < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults YN -> shell -> shell protocol not assigned < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults YN -> shell -> shell protocol not assigned < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults YN -> shell -> shell protocol not assigned [Files Created - Additional Folder Scans - Non-Microsoft Only] NY -> @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 NY -> SpywareGuard.lnk -> %UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk [Files Modified - Additional Folder Scans - Non-Microsoft Only] NY -> @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 NY -> {6448F0A6-6813-11D6-A77B-00B0D0160050} -> %UserProfile%\Local Settings\Application Data\{6448F0A6-6813-11D6-A77B-00B0D0160050} [Empty Temp Folders]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
#21
Posted 21 March 2008 - 02:41 PM
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E413A417-D00B-4A3B-9C17-19048046F1CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E413A417-D00B-4A3B-9C17-19048046F1CE}\ not found.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
C:\Documents and Settings\Owner\Local Settings\Application Data\{6448F0A6-6813-11D6-A77B-00B0D0160050} folder moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DF6954.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DF9802.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_168.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.6.0 fix logfile created on 03212008_132217
Hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:39 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTSyncU.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: avast! service GUI component.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
--
End of file - 6942 bytes
Well I still have the click me file on my start up. Cannot delete it. As far as avast, I am going to re download it and delete the old one because something just isnt right with it. I tried to run the online kapersky and firefox shut down about half way through it and then my computer shut off.
#22
Posted 21 March 2008 - 04:15 PM
Lets try an online AV
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, in the menu, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
#23
Posted 22 March 2008 - 01:04 AM
Dr.Web CureIt
RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0002147.reg;C:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP14;Trojan.StartPage.1505;Deleted.;
A0003033.exe;C:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP16;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0003856.reg;C:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP17;Trojan.StartPage.1505;Deleted.;
A0000206.reg;C:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP5;Trojan.StartPage.1505;Deleted.;
Ok it seams to be running a little rough now.
#24
Posted 22 March 2008 - 06:06 AM
As for Avast I am a bad person to ask as it is my AV and has been for the last 5 years, running with no problems and no infections
Lets clear your restore points again
Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:
1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE
You now have a clean restore point, to get rid of the bad ones:
1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done
#25
Posted 22 March 2008 - 01:21 PM
little something. But thats just between the computer and myself, I wouldn't say I know enough to try and help someone else on there computer, I would definately have to refer them your direction.
OK, ONE MORE MAJOR THIN TO MAKE SURE OF BEFORE WE CLOSE. What is the CLICK IT APPLICATION on the right hand bottom middle side of my start menu options. I try and right click on it and all it says is Click It and I am afraid to click it because I do not know what it is. It wasn't there before, is there a way to get rid of it.
HAPPY EASTER, Bless you for all your service to my computer and I.
#26
Posted 22 March 2008 - 01:50 PM
Double click OTScanit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself
#27
Posted 26 March 2008 - 12:49 PM
Have a wonderful day and Bless you all.
#28
Posted 26 March 2008 - 03:28 PM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users