I did what the pinned thread said to do, and I'm seeing a great improvement in the computer performance. Although I tried to follow the instructions to a "T", a few things didn't go as planned. First, the Disk Cleanup didn't take very long at all. I'm thinking that it might not have run at all, since it was over instantly, without a popup window or anything to say that it was even running. Second, I couldn't find the boxes for "Binder", "Crypter", and "Archives" to see if they were checked or not, since part of the Ewido window was missing for some reason. But I ran it anyway.
Also, when I went into Display>Desktop>Customize Desktop>Website>Uncheck "Security Info", there wasn't any "website", but there was a web. So I went to that, but there was no "Security Info" there, so I just closed it out.
Then, when I went to empty the recycle bin, there wasn't anything in it. I figured that there was supposed to be in it that related to the cleanup.
Lastly, as soon as I booted up the Ewido alarm went off, saying that there was a trojan present. I clicked "OK" to clean it out. But when I clicked on the "internet explorer" icon to go back on the web, the Ewido alarm went off again with the same warning. This time it caught 2 things, so I had to hit "OK" twice.
Then I went here, and now I'm writing this. So with that, here is the filelogs:
Hijack This
Logfile of HijackThis v1.99.1
Scan saved at 5:42:02 AM, on 1/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\dtjdkaaa.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\System32\mstsc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dtjdkaaa] C:\WINDOWS\System32\dtjdkaaa.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dtjdkaaa] C:\WINDOWS\System32\dtjdkaaa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mstsc - C:\WINDOWS\SYSTEM32\mstsc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Ewido filelog:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:32:00 AM, 1/29/2006
+ Report-Checksum: F3DA9B5B
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoActiveDesktopChanges -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@counter2.hitslink[1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-foxsports.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-knightridder.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stats.adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\megt1.exe -> Adware.DownloadWare : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup
C:\n.exe -> Downloader.Small.cdy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\334ABF0D-92B9-44CE-8183-D5E544\3E73C907-20FC-46B5-A147-D36167 -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\334ABF0D-92B9-44CE-8183-D5E544\703513F4-D532-4D42-AAA9-D6C49C -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\334ABF0D-92B9-44CE-8183-D5E544\92048500-1611-4B6C-A63E-4B6202 -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\system32\jgolqvav.exe -> Downloader.Tiny.ao : Cleaned with backup
C:\WINDOWS\system32\jwlxnuvs.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\system32\msshed32.exe -> Downloader.Delf.zw : Cleaned with backup
C:\WINDOWS\system32\mstsc.dll -> Trojan.Agent.cs : Cleaned with backup
C:\WINDOWS\system32\qlv.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\WINDOWS\system32\srshost.exe -> Proxy.Agent.ig : Cleaned with backup
C:\WINDOWS\system32\srshostu.exe -> Proxy.Agent.bz : Cleaned with backup
C:\WINDOWS\system32\winl0gon.exe -> Dropper.Small.na : Cleaned with backup
::Report End
smitrem logfile:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 01/29/2006
The current time is: 5:01:27.39
Running from
C:\Documents and Settings\Owner\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
quick launch SpywareStrike 2.5.lnk
SpywareStrike 2.5.lnk
SpywareStrike folder
Online Security Guide.url
Security Troubleshooting.url
~~~ Favorites ~~~
~~~ system32 folder ~~~
replmap.dll
1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 716 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
SpywareStrike folder
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
Well, take a look at it all and tell me what you think, guys! And by the way, the info I've found here has been much appreciated! Thank you!