WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I Can't Get Rid of This Thing

Started by Katliz , Dec 30 2005 05:04 AM

This topic is locked

50 replies to this topic

#31 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 04 January 2006 - 08:26 PM

You're still infected with SpyAxe. We need to try this again.

Reboot to safe mode

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Open the smitfraud folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. When the tool completes:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp804B.tmp (file missing)

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

Close ALL windows and browsers except HijackThis and click "Fix checked"

Open C:\Windows\Prefetch\ Delete ALL files in this folder.

Delete these files if listed.
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe

Open Ewido Security Suite

Then please run Ewido, click on the Scanner run a full scan and let
it clean everything it finds.
Once the scan has completed, there will be a button located on the bottom
of the screen named
Click Save report
Save the report to your desktop

In the Control Panel click Display > Desktop > Customize desktop > Website > Uncheck "Security Info" if present.

Empty recycle bin.

Reboot and "copy/paste" a new HijackThis log and the Ewido log.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Advertisements

Register to Remove

#32 Katliz

Authentic Member

Authentic Member
26 posts

Posted 04 January 2006 - 08:30 PM

I need to know if I have the program correct. When I do this the program sits forever and no prompts come up to advise me. Does this procedure take longer than 45 minutes to prompt you to do something else? Thanks. Kat

#33 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 04 January 2006 - 08:35 PM

It can take a long time to run. It shouldn't run 45 mins though and it should let you know when it's finished.
Make sure you run it in safe mode. Another thing to do is unplug your cable from the internet.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#34 Katliz

Authentic Member

Authentic Member
26 posts

Posted 04 January 2006 - 08:42 PM

Okay, I'll try this again. Check with you in the tomorrow. I'm a morning person. Good night and thanks for all your help. Katliz

#35 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 04 January 2006 - 08:46 PM

I'll be back on around 5 pm CDT. Nite

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#36 Katliz

Authentic Member

Authentic Member
26 posts

Posted 05 January 2006 - 05:13 AM

Good morning,

Well, I think we may have accomplished something! Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 5:09:24 AM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thank you,
Katliz

#37 Katliz

Authentic Member

Authentic Member
26 posts

Posted 05 January 2006 - 05:43 AM

I forgot the ewido log: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 10:07:27 PM, 1/4/2006 + Report-Checksum: 250C0B26 + Scan result: C:\Documents and Settings\Brianne\Cookies\brianne@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@amazonehobbies.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkiglcjelp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfl4uidpikp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wflioocpgfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wflykod5ogp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkoejdjafq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkoslajsdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkyeoczsco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjl4sjazghq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjloggcjiap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjnycjcpmlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjnyoic5kko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Kathy\Cookies\kathy@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Kathy\Cookies\kathy@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\0B1CA549-9055-44CD-BBCA-8BA4EF\FC5E2C30-BB23-4B4B-8572-484519 -> Adware.Spyaxe : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\1ED59C00-22A9-40E7-8105-762E56\D292A133-C05E-4359-9969-3DDD84 -> Adware.Spyaxe : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\202C089B-662E-4732-91C8-7FADFA\3FAB179F-7FFB-42F8-8A84-C3A28D -> Adware.Spyaxe : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\276872AE-A8A1-4A85-A9E2-189D40\349DF0F7-8EC1-4F95-8478-66CB23 -> Adware.Spyaxe : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\5499DF75-9560-4E4D-8F97-4E98AB\7809A4C5-8398-4D3B-A5EA-5A3852 -> Adware.Spyaxe : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\77159ABC-2BED-4BE7-9311-A2DF7D\50B938EA-006A-46A6-93EE-56F110 -> Adware.Spyaxe : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\8F9273B7-858E-4E4F-B53E-7CC97D\4771E1E6-E4EE-42BD-A6EF-04C0DD -> Adware.Spyaxe : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\A0826BB7-C7F5-4486-B69B-44A2D4\A2E664CD-5B45-497F-A0CE-7C0AAD -> Adware.Spyaxe : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2297.exe -> Downloader.Small.ayl : Cleaned with backup C:\WINDOWS\Downloaded Program Files\gdnUS2297.exe -> Downloader.Small.ayl : Cleaned with backup C:\WINDOWS\system32\ldr102.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr110.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr120.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr125.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr139.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr152.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr162.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr17.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr171.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr172.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr177.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr183.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr19.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr202.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr211.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr212.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr213.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr224.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr232.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr238.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr241.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr243.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr252.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr263.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr276.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr283.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr293.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr301.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr335.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr353.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr356.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr362.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr37.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr38.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr383.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr40.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr406.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr408.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr413.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr417.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr424.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr453.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr477.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr478.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr487.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr49.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr497.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr520.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr527.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr536.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr541.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr549.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr57.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr573.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr590.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr591.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr602.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr608.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr610.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr631.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr640.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr661.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr672.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr702.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr711.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr72.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr722.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr742.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr75.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr755.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr764.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr773.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr782.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr796.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr80.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr81.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr812.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr814.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr816.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr824.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr843.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr863.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr897.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr918.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr928.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr931.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr935.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr94.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr945.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr946.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr978.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr98.dll -> Downloader.Small.cat : Cleaned with backup C:\WINDOWS\system32\ldr998.dll -> Downloader.Small.cat : Cleaned with backup ::Report End And my computer is running much better. Still get the windows installer message about Norton not supporting the repair feature, please uninstall and reinstall. Thanks, Katliz

#38 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 05 January 2006 - 04:35 PM

And my computer is running much better. Still get the windows installer message about Norton not supporting the repair feature, please uninstall and reinstall.

You might need to uninstall / reinstall Nortons to get that error to go away.

How's it running now.

We're not finished yet.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#39 Katliz

Authentic Member

Authentic Member
26 posts

Posted 05 January 2006 - 06:00 PM

It seems to be running okay. Still does come up as fast as it used to. Thanks, Katliz

#40 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 05 January 2006 - 06:04 PM

lets see if this will help speed it up.

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL

I recommend you download RegSeeker. Extract it to it's own folder, open and double click RegSeeker.exe to start the program. Maximize the window and click clean registry. Check all sections and click OK. When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again. Then right click within the search results and select delete. Run it again and again, deleting everything it finds until it finds nothing. Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything). In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back. A reboot may be required for the effects to be seen. Reboot When done.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Advertisements

Register to Remove

#41 Katliz

Authentic Member

Authentic Member
26 posts

Posted 05 January 2006 - 06:54 PM

Okay, that's done and everything's okay. Would you believe while I was doing that a Trojan.zlob was attacking? :angry:

Katliz

#42 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 05 January 2006 - 07:03 PM

Would you believe while I was doing that a Trojan.zlob was attacking?

How could you tell?

I suggest you run another ewido Scan in Safe Mode.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#43 Katliz

Authentic Member

Authentic Member
26 posts

Posted 05 January 2006 - 07:10 PM

Norton popped up stating that it blocked it. I will run it to be on the safe side. One thing that has been different since this whole thing started is my background on the desktop. It changes colors when you move the cursor around. I'll send the report. Thanks, Katliz

#44 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 05 January 2006 - 07:14 PM

One thing that has been different since this whole thing started is my background on the desktop

We can work on that too, after the Ewido scan :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#45 Katliz

Authentic Member

Authentic Member
26 posts

Posted 05 January 2006 - 07:42 PM

It did have something: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 7:36:16 PM, 1/5/2006 + Report-Checksum: 197E6C96 + Scan result: C:\WINDOWS\system32\upd113.exe -> Downloader.Small.cej : Cleaned with backup C:\WINDOWS\system32\upd488.exe -> Downloader.Small.cej : Cleaned with backup ::Report End Am I running the correct Ewido? I didn't see where you could check the boxes: binder, crypter & archives. Thanks, Katliz

Body Background

skin color theme