Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I Need Help! [RESOLVED]

Started by piggyprobe , Sep 18 2005 07:34 AM

  • This topic is locked This topic is locked

#16
Excal
Posted 24 September 2005 - 09:33 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I don't see anything going on with your computer with the logs I have.

You can delete these two files though....

C:\WINDOWS\DOWNLOADED PROGRAM FILES\dm.inf
C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.
  • 0

Advertisements

#17
piggyprobe
Posted 25 September 2005 - 10:52 AM

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
searched whole C drive, can't find dm.inf

cssweb.dll.tcf successfully removed.

TM Scan

Started Scanning
Internet Cookies
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'atwola.com' in 'Internet Explorer Cache'
Found 'www.burstbeacon.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Found 'go.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'SOFTWARE\Classes\AppID\NHelper.DLL'
Found '' in 'SOFTWARE\Classes\AppID\{BAC984C9-78C8-4105-9E97-1675A4052686}'
Found '' in 'SOFTWARE\Classes\AppID\DMServer.EXE'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning


If these problems I have aren't being caused by adware, malware or a virus, what else could be the culpret?

Edited by piggyprobe, 25 September 2005 - 11:11 AM.

  • 0

#18
Excal
Posted 25 September 2005 - 07:24 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I dont see anything in those logs. There are some orphaned keys, but those shouldn't be causing adware.

lets try a MWav

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

Don't copy and paste the lines from infected files that are present in quarantine, recovery or backupfolders from antispywarescanner (eg adaware, spybot s&d) or your virusscanner. Those I don't need.
I don't need the infected files/lines that are present in your System Volume Information-folder.
I just want all the other infected ones apart from those above.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.
  • 0

#19
piggyprobe
Posted 27 September 2005 - 04:29 AM

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
Virus Information Log

Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\inotes.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\McUpdatePortal.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ZIntro.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4E9C3F2D-C654-453E-B1AD-9F231905A50D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{73819BA2-2E8B-430B-A6C9-0D89657DC865}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7BF7B688-4A95-4003-BA98-EA8A79DA0ABA}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9C2EDC9C-EF3B-443A-BB2C-3488DAC7247E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A27F2A64-3D23-4449-B395-75335CED458E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E0F7DAE4-DFA0-46C6-AE55-0C95E4A68898}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{002C9B00-F6E0-4E14-B96C-96E1A547F58B}" refers to invalid object "c:\program files\mcafee.com\shared\mcuicfg\6,0,0,4\mcuicfg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01118c00-3e00-11d2-8470-0060089874ed}" refers to invalid object "D:\install.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1fc26549-af52-4742-9e93-1c5e22990d1e}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D319D42-A15D-4524-A3DD-D284C585AF3F}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30D0EC5D-3C0D-4848-BD68-D568AC3F41E6}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{34ECB075-144C-48A7-9AD2-8760231379CE}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4928379D-88CC-45DD-BEDC-FB5B51A4C8C3}" refers to invalid object "c:\program files\mcafee.com\shared\mcuicfg\6,0,0,4\mcuicfg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4B12229A-1343-4A35-A958-E99B1B02F63B}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4EC99A0B-E57C-4fbe-B9C4-8428424FBF88}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{517431a3-30da-4ee1-b2b4-cf32b89eb911}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{535393C8-DCDA-4155-BEA2-D621C76FE903}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5432c581-2661-48a3-ac79-b72b08436562}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5EAC3C01-174B-4BB8-B367-7097CE61C541}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63BAECA2-9E3C-45DE-B2B1-BBC5FA99958E}" refers to invalid object "C:\Program Files\Common Files\Motive\MCCWrapper.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F0D9E95-38DE-42C9-99FD-0A6D05CA5AAB}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{780F8ADC-3150-4953-853A-975F80BCAF0A}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7DCAB9D6-19E5-4190-A3FE-0F252EC2FCEA}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7F3FE0AF-9DEA-42bf-9CF4-74873DBD8135}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{81755D8F-D9C1-42C7-887E-B7B3FBDBACEA}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{845ee5f2-4a22-4ad6-a838-6ff4b759608c}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84C14BAF-AF20-4900-915B-70E67B60E2DD}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}" refers to invalid object "c:\program files\mcafee.com\agent\submgr\6,0,0,13\mcsubmgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A68EB349-B09E-42cc-89CF-955614D5044B}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A6FF3C3C-F33A-4269-9300-2682DB3B3441}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD2F108D-D000-4284-B540-16140DB881FC}" refers to invalid object "c:\program files\mcafee.com\shared\mcuicfg\6,0,0,4\mcuicfg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD6B80C5-616D-4E4A-94A5-3FD0D8B5DBC1}" refers to invalid object "C:\Program Files\Common Files\Motive\snmpaxctrl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B917F57B-5E5B-4034-8F1E-191AA6E562CC}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BF0FF49A-8C0D-4ECE-B5C4-0BE00BED72DA}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{c14e6df2-a0ab-4a47-a506-bfba2b48a79a}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC20493B-D31E-428e-A4D0-E3852EE334B2}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D256B2D9-9C58-445A-8C38-C3AAA84EF137}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{da3142e4-c87c-4d62-a285-b30f1fbb5412}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3F3046E-7E42-47B3-A498-7B09004897E3}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{e8bb94cb-7c06-445d-8dbc-6e4ccac1f905}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ED8D28AF-E964-4d7b-A137-6E611546F948}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE4A6F66-F9A7-45b3-AC6D-A4A9905AE1E1}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EFD3EA56-234D-4240-90EA-CC9FA3AF5A01}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F869AC20-E930-11CE-AE10-444553540000}" refers to invalid object "C:\Program Files\SmartDraw 7\SmartDraw.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FFC1EBAA-5AEC-44AC-A937-B65D8D3ECBE2}" refers to invalid object "C:\Program Files\Common Files\Motive\snmpaxctrl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D65DE395-1306-4892-BF78-627C7E15B678}" refers to invalid object "c:\program files\mcafee.com\vso\mcvsrte.exe". Action Taken: No Action Taken.
Entry "HKCR\clpfile\shell\open\command" refers to invalid object "clipbrd.exe %1". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\Cssweb.Installer.1" refers to invalid object "{C81B5180-AFD1-41a3-97E1-99E8D254DB98}". Action Taken: No Action Taken.
Entry "HKCR\MPlayer\shell\open\command" refers to invalid object "mplay32.exe /play /close "%L"". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\plaxo\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SmartDraw.2\shell\open\command" refers to invalid object ""C:\Program Files\SmartDraw 7\SmartDraw.exe" %1". Action Taken: No Action Taken.
Entry "HKCR\SmartDraw.Library\shell\open\command" refers to invalid object ""C:\Program Files\SmartDraw 7\SmartDraw.exe" %1". Action Taken: No Action Taken.
Entry "HKCR\SmartDraw.Template\shell\open\command" refers to invalid object ""C:\Program Files\SmartDraw 7\SmartDraw.exe" %1". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf tagged as "not-a-virus:AdWare.CSSWeb.b". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf tagged as "not-a-virus:AdWare.CSSWeb.b". Action Taken: No Action Taken.


Total Objects Scanned: 105554
Total Virus(es) Found: 3
Total Disinfected Files: 0
Total Files Renamed: 0
Total Deleted Objects: 0
Total Errors: 184
Time Elapsed: 11:35:21
Virus Database Date: 2005/09/09
Virus Database Count: 148428
  • 0

#20
Excal
Posted 27 September 2005 - 05:47 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Most of those are just empty reg keys, and will not casue a problem.

You can delete this file:

C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf


hmmmm


Tell me exactly whats going on with your system please.

:tazz:

Excal
  • 0

#21
piggyprobe
Posted 27 September 2005 - 08:40 AM

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
funny...i deleted that file as per your recomendations over the weekend.


Ok, here's the deal with my computer. I cannot access my ISP (Verizon) email using Outlook. I get a time-out error. However, if I try to access my email through my provider's web-mail site, the page does not load. In fact, I cannot access anything on my ISP's web site because nothing loads. I am able to use the web otherwise with no problems.

I have tested this on computers in my office and at other places, and found that it is not an issue of Verizon's site being down. I have searched on Microsoft's web site for solutions relating to the error # that I recieve (I'm at work now, otherwise I'd be able to provide it to you), and they have not solved the problem. I have also contacted Verizon's technical support, and after several different steps to try to resolve my problem, they have concluded that I must have a virus or malware buried very deep within my system.
  • 0

#22
Excal
Posted 27 September 2005 - 12:27 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
hmm, this maybe blocked in IE's settings. Can you please download Firefox and let me know if you have the same problem.

Firefox

:tazz:

Excal
  • 0

#23
piggyprobe
Posted 27 September 2005 - 04:04 PM

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
I have installed firefox and get this alert when I try to visit netmail.verizon.net:

The operation timed out when attempting to contact netmail.verizon.net.

Even if it was an IE only problem (which it is not), that still doesn't explain the fax installer that runs at start up.

Cannot find C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf to remove it.

MWav found 3 viruses, couldn't that be the source of these problems?

Edited by piggyprobe, 27 September 2005 - 04:07 PM.

  • 0

#24
Excal
Posted 27 September 2005 - 04:41 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
The virus that MWav found was that file that you couldn't find to delete.

File C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf tagged as "not-a-virus:AdWare.CSSWeb.b". Action Taken: No Action Taken.

very bizarre.

IN FF, go to tools, options.

then to web features

go to allowed sites, and put your email site in there, then reset the browser, and try agian.


Let me know.

:tazz:

Excal
  • 0

#25
piggyprobe
Posted 27 September 2005 - 05:30 PM

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
same alert - The operation timed out when attempting to contact netmail.verizon.net

This time out issue isn't just related to web mail. I can't visit any verizon web site related to internet service.

Edited by piggyprobe, 27 September 2005 - 05:36 PM.

  • 0

Advertisements

#26
Excal
Posted 28 September 2005 - 05:25 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I was asking around and one of the suggestions i got was to reinstall your ISP software.


Excal
  • 0

#27
piggyprobe
Posted 28 September 2005 - 10:55 AM

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
I'll try that - just not sure how I still can access the 'net & other online services if that's the case.
  • 0

#28
Excal
Posted 28 September 2005 - 11:03 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
To be honest I am not sure. I don't think its malware realted anymore. It maybe have been a result of the malware.

Let me know how that works.

Thanks,

:tazz:

Excal
  • 0

#29
piggyprobe
Posted 30 September 2005 - 06:31 AM

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
yeah, that didn't help. I'm not sure what to do. Would reinstalling XP be an option?
  • 0

#30
Excal
Posted 30 September 2005 - 06:37 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Your topic was split and put in the XP forum to see if they have some advice for you.
here is the link

http://www.geekstogo...topic=67086&hl=


Excal
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP