Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to Remove Smitfraud-C/PSGuard/Nsag-B [RESOLVED]


  • This topic is locked This topic is locked

#16
nbeamer

nbeamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Well, I'm not sure we really fixed the hard disk shutoff, if that's what was really happening. The computer still freezes up when sitting for a while with the screen saver and monitor power saver in effect, sometimes responding to a Cntrl-Alt-Del, sometimes requiring a hard reboot. The "busy-ness" problem also recurs.

I downloaded and ran Crap Cleaner, and it cleaned out a lot of crap (like 35 MB!). Any reason I shouldn't set my browser to automatically delete temp files and cookies every time I disconnect?

I also downloaded and ran SilentRunners. It requested me to download Windows Management Instrumentation, which I did. Upon running WMI, I was told I had an earlier version already installed, but I opted to upgrade to the new version. After a reboot, I was able to get SilentRunners to run, which produced the following logfile:
(thanks again for your continuing help!)

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Taskbar Display Controls" = "RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY" [MS]
"Reminder" = "C:\Program Files\Microsoft Money\System\reminder.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "c:\windows\scanregw.exe /autorun" [MS]
"TaskMonitor" = "c:\windows\taskmon.exe" [MS]
"AtiCwd32" = "Aticwd32.exe" ["ATI Technologies Inc."]
"AtiKey" = "Atitask.exe" ["ATI Technologies, Inc."]
"SystemTray" = "SysTray.Exe" [MS]
"POINTER" = "C:\PROGRA~1\MSHARD~1\point32.exe" [MS]
"VoyetraTray" = "C:\PROGRAM FILES\VOYETRA\AUDIOSTATION 32\VTRAY.EXE /s" ["Voyetra Technologies Inc."]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"VsStatEXE" = "C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING" ["Network Associates Inc"]
"VsEcomrEXE" = "C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe" [null data]
"avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{9EF56D61-A50F-11ce-B105-0000C04B2D52}" = "VirusScan 98 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Network Associates\McAfee VirusScan\S95EXT.DLL" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\wzshlext.dll" [null data]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\wzshlext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NetwareUNCMenu\(Default) = "{B91C21C0-0050-101B-8A87-00AA000C4F5D}"
-> {CLSID}\InProcServer32\(Default) = "mpr.dll" [MS]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\wzshlext.dll" [null data]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


WIN.INI & SYSTEM.INI launch points:
-----------------------------------

SYSTEM.INI
[boot]
"SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\DANGER~2.SCR" (Dangerous Creatures.scr) [MS]


Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------

C:\WINDOWS\Start Menu\Programs\StartUp
"3Com Modem Manager" -> shortcut to: "C:\Program Files\3COM\MODEMMGR\Program\mdmMgr.exe" ["VitalSigns Software, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "c:\windows\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
c:\windows\SYSTEM\mswsosp.dll [MS], 1 - 4
c:\windows\SYSTEM\msafd.dll [MS], 5 - 7
c:\windows\SYSTEM\rsvpsp.dll [MS], 8 - 9


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 23 seconds, including 6 seconds for message boxes)
  • 0

Advertisements


#17
lovethepirk

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
nbeamer,

I believe your problems are not Malware related. I may ask for a couple people to take a look at your log here and double check to see if they see anything so keep tabs on this thread for a bit.

I think you should post your problems in the operating system help forum we have here...
http://www.geekstogo...5-98-ME-f3.html


Let them know you got help from us Malware removal Geeks :tazz: and explain your current problems.

Thanks for your patience and hard work :)

Lovethepirk

Edited by lovethepirk, 13 November 2005 - 06:07 PM.

  • 0

#18
nbeamer

nbeamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yes, I was beginning to think that the residual problems were not malware related. However, I believe, with your help, we DID remove some malware components that may have been causing additional problems.

Thanks so much for YOUR patience, hard work, and attention to my posts! I really appreciate your efforts to help me (and others like me) with such computer-related problems! :tazz: I'll keep an eye on this thread.

Nbeamer
  • 0

#19
lovethepirk

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
nbeamer,

I do not want you to leave without some suggestions for future protection against Malware/Viruses/Trojans.
Prevention is the most important thing we can help you with.

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:
1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupd...t.aspx?ln=en-us
http://www.microsoft.../ie/default.asp

2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com...ast_4_home.html

3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Adaware SE: http://www.download....ubj=dl&tag=top5
Spybot S&D: http://www.download....tml?tag=lst-0-1
MS Antispyware beta: http://www.microsoft...re/default.mspx

4. Consider using a free firewall if you are not already using one. Some good free ones are:
Sygate: http://smb.sygate.co...pf_standard.htm
Zone Alarm: http://www.zonelabs....n.jsp?lid=ho_za

5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: http://www.mozilla.o...oducts/firefox/

6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacools...ywareguard.html
SpywareBlaster will increase browser protection by blocking hundreds of known malware sites by adding them to IE's restricted sites zone. Download it here: http://www.javacools...areblaster.html

If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/

IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiu...ww/resource.htm

*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis.


Good luck!!!
  • 0

#20
nbeamer

nbeamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for the advice! I'm already using and updating Avast!, AdAware SE and Spybot S&D regularly. I will certainly look into firewalls and browser protectors.

Keep up your good work!

Nbeamer
  • 0

#21
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP