Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dr. Watsons Postmortem debugger [resolved]


  • Please log in to reply

#16
Chloelm

Chloelm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi,
The computer is still running slow, but not as much as before. I had done all the steps in the article you mentioned before i recontacted you. The scan came up with nothing. I think we are having particular problems with Groupwise and freezing. And Internet explorer and Mozilla are also freezing.
Thanks
  • 0

Advertisements


#17
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Did you download the blacklight program and run it? Results?
  • 0

#18
Chloelm

Chloelm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The scan showed nothing at all. It sayed it found nothing.

Edited by Chloelm, 14 July 2005 - 12:16 AM.

  • 0

#19
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Download and install EasyCleaner:
http://personal.inet...rts/ecleane.htm

After installing it check under Settings > Registry tab if the backup
option is checked and if the directory it points to exists.
This should be true by default, but check anyway.

Then click OK and click Registry
Then click Search. When it is done select all the items per color,
(most, if not all should be green) and click Remove.

Reboot when you are done and let us know how it goes.

Does each family member have different profiles?
  • 0

#20
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
http://www.besttechi...?showtopic=1488

Also, try this about buster program (follow this great tutorial by besttechie)
  • 0

#21
Chloelm

Chloelm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ok I did the easy cleaner and it came up with 270 results, which i deleted. However, i had to restart the comp twice to allow me to run the program. I had no problem downloading it, but windows would not let me install it for some reason. Also while on the comp, internet explorer froze twice on me at dell.com. It started freezing on the internet when i started using mozilla firefox like you instructed. I thought it was the browser, so i uninstalled it. However, now its happening to internet explorer, so i do not know what the problem is. We do not have seperate profiles on the comp for people in the family. The computer was not originally set up that way when we got it, so we never set up different accounts.

The results for the buster program are:
AboutBuster 5.0 reference file 30
Scan started on [7/14/2005] at [9:44:15 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:44:45 PM


AboutBuster 5.0 reference file 30
Scan started on [7/14/2005] at [9:59:50 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:00:47 PM

and here is another hijack this scan for good measure:

Logfile of HijackThis v1.99.1
Scan saved at 10:04:32 PM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093019502000
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
  • 0

#22
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
If it is still freezing, I would reset your restore points to when it was working better. I use the easy cleaner as a last resort. There are only a few more options I have:

(sometimes a computer just gets slower with age.) After you try these things and if it doesn't restore its performance, you can post your question on the 2000, xp forum.

Run this program and give me it's log.


rkfiles

Give me a panda scan and post the results.

here

Download the free VX2 Cleaner here[list]
Close Ad-Aware SE build 1.05 and Ad-Watch (if running)
Install the VX2 Cleaner
Start Ad-Aware SE build 1.05
Go to “Plug-ins”
Select the VX2 Cleaner plug-in and click “Run Plugin”
If your computer isn't infected, click "close"
If your computer is infected:
Select “Clean System”
Reboot your computer
Scan your computer with Ad-Aware
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer

Reset your host file. Click Here to download HostsFileReader. To reset the host file to default, simply open the program, click the "reset default" button, and confirm the changes.

Please re-run silent runners


Download Silent Runners
Unzip it to a permanent folder.
Start SilentRunners.vbs
When your antivirus is giving an alert, do not block this. Allow the script.
Copy and paste the content of the txtfile you get afterwards in your next reply.
  • 0

#23
Chloelm

Chloelm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
rkfiles scan:
C:\DOCUME~1\loic\LOCALS~1\Temp\_ZCTmp.Dir

The VX2 scan came out clean. however, i realized i had an older version of Ad-aware, so i downloaded the newer one then ran the scan. I still came out with nothign, but i ran the regular ad-aware scan to see if i could find anything.

Edited by Chloelm, 16 July 2005 - 02:17 AM.

  • 0

#24
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
C:\DOCUME~1\loic\LOCALS~1\Temp\_ZCTmp.Dir


Try determining what program is creating this file. Open a copy of the
file in a text editor.
  • 0

#25
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Where is the panda scan? :tazz:
  • 0

Advertisements


#26
Chloelm

Chloelm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
That was at 11 and the panda scan looked like it would take several hours so i went to bed. My sister closed the window, so I had to run the scan again.


From the new ad-aware scan, it found around 600 files, which i deleted. I can show you the log if you want.

Anyway as it is still scanning, I tried opening that other file in Word adn in Microsoft notepad. All i got was: |C:\Documents and Settings\loic\Local Settings\Temp\_ZCTmp.Dir\_ZC000.TMP|
not very helpful im afraid. Did i do it wrong?
  • 0

#27
Chloelm

Chloelm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
panda scan:


Adware:adware/ipinsight No disinfected C:\DOCUMENTS AND SETTINGS\LOIC\LOCAL SETTINGS\TEMP\alchem.inf
Spyware:spyware/marketscore No disinfected C:\WINDOWS\SYSTEM32\osmim.dll
Spyware:spyware/tvmedia No disinfected C:\DOCUMENTS AND SETTINGS\LOIC\APPLICATION DATA\tvmknwrd.dll
Spyware:spyware/virtumonde No disinfected C:\WINDOWS\dpusys.ini
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/wintools No disinfected C:\PROGRAM FILES\COMMON FILES\BTLINK
Adware:adware/apropos No disinfected C:\DOCUMENTS AND SETTINGS\LOIC\APPLICATION DATA\POP!
Spyware:spyware/searchcentrix No disinfected HKEY_CURRENT_USER\SOFTWARE\DYNAMIC TOOLBAR
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Adware:adware/keenvalue No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\PERFECTNAV
Adware:adware/myway No disinfected HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Spyware:Spyware/MarketScore No disinfected C:\Documents and Settings\loic\Local Settings\Temp\ab1.exe
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\loic\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\loic\Local Settings\Temp\alchem.ini
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\loic\Local Settings\Temporary Internet Files\Content.IE5\UDOZELE5\diamond[1].cab
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\loic\Local Settings\Temporary Internet Files\Content.IE5\UDOZELE5\diamond[1].cab[m67m.inf]
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\loic\Local Settings\Temporary Internet Files\Content.IE5\UDOZELE5\diamond[1].cab[m67m.ocx]
Adware:Adware/HuntBar No disinfected C:\Program Files\Common Files\BTLINK\btlink.dll
  • 0

#28
Chloelm

Chloelm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Silent runners:
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AIM" = "C:\Program Files\AIM95\aim.exe -cnetwait.odl" ["America Online, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"vptray" = "C:\PROGRA~1\NavNT\vptray.exe" ["Symantec Corporation"]
"AdaptecDirectCD" = ""C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]
"(Default)" = (empty string)
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\windows\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{F0F08737-0C36-101B-B086-0020AF07D0F4}" = "Quick View Plus - Shell Extension object"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Quick View Plus\PROGRAM\QVPSE2.DLL" ["Inso Corporation"]
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{52c68510-09a0-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{40E85620-3DCB-11D3-8A0D-0060080C1EFA}" = "ZipCentral"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ZipCentral\zccm.dll" ["Johan Savås"]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"]
"{2b232f20-fa0d-11d1-8a3e-00c0f64105cd}" = "Shuttle Shell Extension for Drive"
-> {CLSID}\InProcServer32\(Default) = "stlhook.dll" ["SCM Microsystems Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * ntdel.exe mad.dll" [file not found], [MS], [file not found], [null data], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
QuickViewPlusMenu\(Default) = "{F0F08737-0C36-101B-B086-0020AF07D0F4}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Quick View Plus\PROGRAM\QVPSE2.DLL" ["Inso Corporation"]
ZipCentral\(Default) = "{40E85620-3DCB-11D3-8A0D-0060080C1EFA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ZipCentral\zccm.dll" ["Johan Savås"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
QuickFinderMenu\(Default) = "{C0E10002-0028-0003-C0E1-C0E1C0E1C0E1}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Corel\WordPerfect Office 2002\Programs\pfse100.dll" ["Novell, Inc., c/o Corel Corporation Limited"]
ZipCentral\(Default) = "{40E85620-3DCB-11D3-8A0D-0060080C1EFA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ZipCentral\zccm.dll" ["Johan Savås"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
NetWareUNCMenu\(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
ZipCentral\(Default) = "{40E85620-3DCB-11D3-8A0D-0060080C1EFA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ZipCentral\zccm.dll" ["Johan Savås"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\loic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "loic" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
INFECTION WARNING! "strings.exe" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\windows\googletoolbar2.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\windows\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\windows\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM95\aim.exe" ["America Online, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Client Service for NetWare, NWCWorkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\nwwks.dll" [MS]}
DefWatch, DefWatch, "C:\Program Files\NavNT\defwatch.exe" ["Symantec Corporation"]
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Client, Norton AntiVirus Server, "C:\Program Files\NavNT\rtvscan.exe" ["Symantec Corporation"]
ScsiAccess, ScsiAccess, "C:\WINDOWS\System32\ScsiAccess.EXE" [null data]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 21 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 16 seconds.
---------- (total run time: 66 seconds)
  • 0

#29
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts

I already have Adaware, Norton Antivirus, spy sweeper, spybot search and destroy and have run all of them.


The above was your first post. I thought you had been running adaware all this time. I have been beating my head against the wall trying to get you cleaned up.

From the new ad-aware scan, it found around 600 files,which i deleted.


1. Run adaware again and again until it is clean.

2. Please download CleanUp! - Download - HomePage
Install and run. Click on the button labeled CleanUp!.

When it finishes it will prompt you to restart Windows - there will be one or two files it cannot delete when Windows is running - however, they will be deleted next time Windows starts up.

3. Run the panda scan again after you've done the above and post a new copy of the log it produces.

4. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

5. Also give me a new hijack this log.
  • 0

#30
Chloelm

Chloelm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hey, i did run the adaware and checked for updates. It never told me there was a new version. So i thought i was running the latest.
I am glad that there is a new one.
i am working on the different scans.

panda:
Incident Status Location

Spyware:spyware/marketscore No disinfected C:\WINDOWS\SYSTEM32\osmim.dll
Spyware:spyware/tvmedia No disinfected C:\DOCUMENTS AND SETTINGS\LOIC\APPLICATION DATA\tvmknwrd.dll
Spyware:spyware/virtumonde No disinfected C:\WINDOWS\dpusys.ini
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/wintools No disinfected C:\PROGRAM FILES\COMMON FILES\BTLINK
Adware:adware/apropos No disinfected C:\DOCUMENTS AND SETTINGS\LOIC\APPLICATION DATA\POP!
Spyware:spyware/searchcentrix No disinfected HKEY_CURRENT_USER\SOFTWARE\DYNAMIC TOOLBAR
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Adware:adware/keenvalue No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\PERFECTNAV
Adware:adware/myway No disinfected HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Adware:Adware/HuntBar No disinfected C:\Program Files\Common Files\BTLINK\btlink.dll

Edited by Chloelm, 17 July 2005 - 02:51 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP