Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I Need Help! [RESOLVED]


  • This topic is locked This topic is locked

#16
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I don't see anything going on with your computer with the logs I have.

You can delete these two files though....

C:\WINDOWS\DOWNLOADED PROGRAM FILES\dm.inf
C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf


Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.
  • 0

Advertisements


#17
piggyprobe

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
searched whole C drive, can't find dm.inf

cssweb.dll.tcf successfully removed.

TM Scan

Started Scanning
Internet Cookies
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'atwola.com' in 'Internet Explorer Cache'
Found 'www.burstbeacon.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Found 'go.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'SOFTWARE\Classes\AppID\NHelper.DLL'
Found '' in 'SOFTWARE\Classes\AppID\{BAC984C9-78C8-4105-9E97-1675A4052686}'
Found '' in 'SOFTWARE\Classes\AppID\DMServer.EXE'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning


If these problems I have aren't being caused by adware, malware or a virus, what else could be the culpret?

Edited by piggyprobe, 25 September 2005 - 11:11 AM.

  • 0

#18
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I dont see anything in those logs. There are some orphaned keys, but those shouldn't be causing adware.

lets try a MWav

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

Don't copy and paste the lines from infected files that are present in quarantine, recovery or backupfolders from antispywarescanner (eg adaware, spybot s&d) or your virusscanner. Those I don't need.
I don't need the infected files/lines that are present in your System Volume Information-folder.
I just want all the other infected ones apart from those above.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.
  • 0

#19
piggyprobe

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
Virus Information Log

Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\inotes.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\McUpdatePortal.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ZIntro.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4E9C3F2D-C654-453E-B1AD-9F231905A50D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{73819BA2-2E8B-430B-A6C9-0D89657DC865}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7BF7B688-4A95-4003-BA98-EA8A79DA0ABA}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9C2EDC9C-EF3B-443A-BB2C-3488DAC7247E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A27F2A64-3D23-4449-B395-75335CED458E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E0F7DAE4-DFA0-46C6-AE55-0C95E4A68898}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{002C9B00-F6E0-4E14-B96C-96E1A547F58B}" refers to invalid object "c:\program files\mcafee.com\shared\mcuicfg\6,0,0,4\mcuicfg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01118c00-3e00-11d2-8470-0060089874ed}" refers to invalid object "D:\install.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1fc26549-af52-4742-9e93-1c5e22990d1e}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D319D42-A15D-4524-A3DD-D284C585AF3F}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30D0EC5D-3C0D-4848-BD68-D568AC3F41E6}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{34ECB075-144C-48A7-9AD2-8760231379CE}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4928379D-88CC-45DD-BEDC-FB5B51A4C8C3}" refers to invalid object "c:\program files\mcafee.com\shared\mcuicfg\6,0,0,4\mcuicfg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4B12229A-1343-4A35-A958-E99B1B02F63B}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4EC99A0B-E57C-4fbe-B9C4-8428424FBF88}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{517431a3-30da-4ee1-b2b4-cf32b89eb911}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{535393C8-DCDA-4155-BEA2-D621C76FE903}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5432c581-2661-48a3-ac79-b72b08436562}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5EAC3C01-174B-4BB8-B367-7097CE61C541}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63BAECA2-9E3C-45DE-B2B1-BBC5FA99958E}" refers to invalid object "C:\Program Files\Common Files\Motive\MCCWrapper.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F0D9E95-38DE-42C9-99FD-0A6D05CA5AAB}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{780F8ADC-3150-4953-853A-975F80BCAF0A}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7DCAB9D6-19E5-4190-A3FE-0F252EC2FCEA}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7F3FE0AF-9DEA-42bf-9CF4-74873DBD8135}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{81755D8F-D9C1-42C7-887E-B7B3FBDBACEA}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{845ee5f2-4a22-4ad6-a838-6ff4b759608c}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84C14BAF-AF20-4900-915B-70E67B60E2DD}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}" refers to invalid object "c:\program files\mcafee.com\agent\submgr\6,0,0,13\mcsubmgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A68EB349-B09E-42cc-89CF-955614D5044B}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A6FF3C3C-F33A-4269-9300-2682DB3B3441}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD2F108D-D000-4284-B540-16140DB881FC}" refers to invalid object "c:\program files\mcafee.com\shared\mcuicfg\6,0,0,4\mcuicfg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD6B80C5-616D-4E4A-94A5-3FD0D8B5DBC1}" refers to invalid object "C:\Program Files\Common Files\Motive\snmpaxctrl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B917F57B-5E5B-4034-8F1E-191AA6E562CC}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BF0FF49A-8C0D-4ECE-B5C4-0BE00BED72DA}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{c14e6df2-a0ab-4a47-a506-bfba2b48a79a}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC20493B-D31E-428e-A4D0-E3852EE334B2}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D256B2D9-9C58-445A-8C38-C3AAA84EF137}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{da3142e4-c87c-4d62-a285-b30f1fbb5412}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3F3046E-7E42-47B3-A498-7B09004897E3}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{e8bb94cb-7c06-445d-8dbc-6e4ccac1f905}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ED8D28AF-E964-4d7b-A137-6E611546F948}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE4A6F66-F9A7-45b3-AC6D-A4A9905AE1E1}" refers to invalid object "C:\Program Files\Common Files\Motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EFD3EA56-234D-4240-90EA-CC9FA3AF5A01}" refers to invalid object "C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F869AC20-E930-11CE-AE10-444553540000}" refers to invalid object "C:\Program Files\SmartDraw 7\SmartDraw.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FFC1EBAA-5AEC-44AC-A937-B65D8D3ECBE2}" refers to invalid object "C:\Program Files\Common Files\Motive\snmpaxctrl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D65DE395-1306-4892-BF78-627C7E15B678}" refers to invalid object "c:\program files\mcafee.com\vso\mcvsrte.exe". Action Taken: No Action Taken.
Entry "HKCR\clpfile\shell\open\command" refers to invalid object "clipbrd.exe %1". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\Cssweb.Installer.1" refers to invalid object "{C81B5180-AFD1-41a3-97E1-99E8D254DB98}". Action Taken: No Action Taken.
Entry "HKCR\MPlayer\shell\open\command" refers to invalid object "mplay32.exe /play /close "%L"". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\plaxo\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SmartDraw.2\shell\open\command" refers to invalid object ""C:\Program Files\SmartDraw 7\SmartDraw.exe" %1". Action Taken: No Action Taken.
Entry "HKCR\SmartDraw.Library\shell\open\command" refers to invalid object ""C:\Program Files\SmartDraw 7\SmartDraw.exe" %1". Action Taken: No Action Taken.
Entry "HKCR\SmartDraw.Template\shell\open\command" refers to invalid object ""C:\Program Files\SmartDraw 7\SmartDraw.exe" %1". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf tagged as "not-a-virus:AdWare.CSSWeb.b". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf tagged as "not-a-virus:AdWare.CSSWeb.b". Action Taken: No Action Taken.


Total Objects Scanned: 105554
Total Virus(es) Found: 3
Total Disinfected Files: 0
Total Files Renamed: 0
Total Deleted Objects: 0
Total Errors: 184
Time Elapsed: 11:35:21
Virus Database Date: 2005/09/09
Virus Database Count: 148428
  • 0

#20
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Most of those are just empty reg keys, and will not casue a problem.

You can delete this file:

C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf


hmmmm


Tell me exactly whats going on with your system please.

:tazz:

Excal
  • 0

#21
piggyprobe

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
funny...i deleted that file as per your recomendations over the weekend.


Ok, here's the deal with my computer. I cannot access my ISP (Verizon) email using Outlook. I get a time-out error. However, if I try to access my email through my provider's web-mail site, the page does not load. In fact, I cannot access anything on my ISP's web site because nothing loads. I am able to use the web otherwise with no problems.

I have tested this on computers in my office and at other places, and found that it is not an issue of Verizon's site being down. I have searched on Microsoft's web site for solutions relating to the error # that I recieve (I'm at work now, otherwise I'd be able to provide it to you), and they have not solved the problem. I have also contacted Verizon's technical support, and after several different steps to try to resolve my problem, they have concluded that I must have a virus or malware buried very deep within my system.
  • 0

#22
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
hmm, this maybe blocked in IE's settings. Can you please download Firefox and let me know if you have the same problem.

Firefox

:tazz:

Excal
  • 0

#23
piggyprobe

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
I have installed firefox and get this alert when I try to visit netmail.verizon.net:

The operation timed out when attempting to contact netmail.verizon.net.

Even if it was an IE only problem (which it is not), that still doesn't explain the fax installer that runs at start up.

Cannot find C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf to remove it.

MWav found 3 viruses, couldn't that be the source of these problems?

Edited by piggyprobe, 27 September 2005 - 04:07 PM.

  • 0

#24
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
The virus that MWav found was that file that you couldn't find to delete.

File C:\WINDOWS\Downloaded Program Files\cssweb.dll.tcf tagged as "not-a-virus:AdWare.CSSWeb.b". Action Taken: No Action Taken.

very bizarre.

IN FF, go to tools, options.

then to web features

go to allowed sites, and put your email site in there, then reset the browser, and try agian.


Let me know.

:tazz:

Excal
  • 0

#25
piggyprobe

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
same alert - The operation timed out when attempting to contact netmail.verizon.net

This time out issue isn't just related to web mail. I can't visit any verizon web site related to internet service.

Edited by piggyprobe, 27 September 2005 - 05:36 PM.

  • 0

Advertisements


#26
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I was asking around and one of the suggestions i got was to reinstall your ISP software.


Excal
  • 0

#27
piggyprobe

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
I'll try that - just not sure how I still can access the 'net & other online services if that's the case.
  • 0

#28
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
To be honest I am not sure. I don't think its malware realted anymore. It maybe have been a result of the malware.

Let me know how that works.

Thanks,

:tazz:

Excal
  • 0

#29
piggyprobe

piggyprobe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
yeah, that didn't help. I'm not sure what to do. Would reinstalling XP be an option?
  • 0

#30
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Your topic was split and put in the XP forum to see if they have some advice for you.
here is the link

http://www.geekstogo...topic=67086&hl=


Excal
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP