Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help, Computer is running very slow.

Started by Harriet567 , Apr 24 2006 10:45 AM

  • This topic is locked This topic is locked
14 replies to this topic

#1 Harriet567

Harriet567

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 24 April 2006 - 10:45 AM

Harriet567 Log,

This Pentium 3 Computer running Windows XP Professional has been running very slowly lately. I'm using a cable modem with ZoneAlarm Firewall and Nod32 antivirus.
I have updated and run Spybot SD and have found only "Windows Security Center.AntiVirus Disable Notify.
I did not remove this.
I have updated and run Ad-Aware SE 1.06 and removed the cookies it found.
I have updated and run Spy Blaster.
I've downloaded and run Spy Sweeper trial version and it found 14 other cookies plus nvdialer. It didn't remove these because you have to purchase the program for it to remove anything.
I've run Advanced Registry Optimizer and fixed 149 bad links and defragged it.
Thanks for any help.





Logfile of HijackThis v1.97.7
Scan saved at 9:12:10 AM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\USRSTA.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [USRSTA.EXE] USRSTA.EXE START
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ntent/opuc3.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129398134564
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupd...7666.9136921296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2167FF87-B679-40E6-9BB6-E92161B815C5}: NameServer = 68.6.16.30,68.6.16.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{91126EA4-322E-4C96-9381-73469498FFE2}: NameServer = 68.2.16.30,68.2.16.25

    Advertisements

Register to Remove

#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 24 April 2006 - 01:54 PM

You need an updated version of Hijackthis which you can get from HERE.

#3 Harriet567

Harriet567

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 24 April 2006 - 06:07 PM

Here is the new HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:49:05 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\USRSTA.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [USRSTA.EXE] USRSTA.EXE START
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129398134564
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2167FF87-B679-40E6-9BB6-E92161B815C5}: NameServer = 68.6.16.30,68.6.16.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{91126EA4-322E-4C96-9381-73469498FFE2}: NameServer = 68.2.16.30,68.2.16.25
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 24 April 2006 - 08:21 PM

Please download the trial version of Ewido Security Suite here:

http://www.ewido.net/en/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#5 Harriet567

Harriet567

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 25 April 2006 - 12:09 AM

Siggyx,

Thanks for your help!

Ewido found 48 problems! We DID NOT remove any of them since it was not in your instructions.
The problems found were a number of TrachingCookies.xxx where xxx is:
Casalemedia, Bursbeacon, Burstnet, Tacoda, Statcounter, Clickbank, Googleadservices,
com, Aavalue, Yadro, and Liveperson.
In addition it found a High Threat of popcaploader.dll

Here is the Ewido Report

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:37:18 PM, 4/24/2006
+ Report-Checksum: 3DC50058

+ Scan result:

:mozilla.21:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Trafic : Ignored
:mozilla.24:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.25:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.26:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.27:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.28:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.29:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.30:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.31:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.33:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Burstbeacon : Ignored
:mozilla.34:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Burstnet : Ignored
:mozilla.35:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.36:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Burstnet : Ignored
:mozilla.37:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.38:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.39:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.41:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Statcounter : Ignored
:mozilla.42:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Statcounter : Ignored
:mozilla.43:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Clickbank : Ignored
:mozilla.44:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored
:mozilla.50:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Com : Ignored
:mozilla.62:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored
:mozilla.76:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored
:mozilla.88:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored
:mozilla.103:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Liveperson : Ignored
:mozilla.104:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Liveperson : Ignored
:mozilla.105:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Liveperson : Ignored
:mozilla.107:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored
:mozilla.121:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Liveperson : Ignored
:mozilla.122:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Liveperson : Ignored
:mozilla.139:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Ignored
:mozilla.140:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Ignored
:mozilla.141:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Ignored
:mozilla.142:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Ignored
:mozilla.143:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Ignored
:mozilla.144:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Ignored
:mozilla.145:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Ignored
:mozilla.146:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Ignored
:mozilla.205:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yadro : Ignored
:mozilla.206:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yadro : Ignored
C:\Documents and Settings\Barb\Cookies\barb@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Barb\Cookies\barb@burstnet[2].txt -> TrackingCookie.Burstnet : Ignored
C:\Documents and Settings\Barb\Cookies\barb@com[1].txt -> TrackingCookie.Com : Ignored
C:\Documents and Settings\Barb\Cookies\barb@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored
C:\Documents and Settings\Barb\Cookies\barb@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Ignored
C:\Documents and Settings\Barb\Cookies\barb@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\MAINTENANCE\Cookies\maintenance@com[1].txt -> TrackingCookie.Com : Ignored
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored


::Report End
-------------------------------------------------------------
-------------------------------------------------------------

Here is the HJT Report

Logfile of HijackThis v1.99.1
Scan saved at 10:44:20 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\USRSTA.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [USRSTA.EXE] USRSTA.EXE START
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129398134564
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2167FF87-B679-40E6-9BB6-E92161B815C5}: NameServer = 68.6.16.30,68.6.16.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{91126EA4-322E-4C96-9381-73469498FFE2}: NameServer = 68.2.16.30,68.2.16.25
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

----------------------------------------------------------------------
----------------------------------------------------------------------

Thanks,
Harriet567

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 25 April 2006 - 12:21 AM

Go ahead and remove them. thn reboot and a new hijackthis log. How is it running after the reboot?

#7 Harriet567

Harriet567

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 25 April 2006 - 01:43 PM

Thanks again for your help.

In Safe Mode I ran Ewido. While it was running, when it asked, I removed 46 infections. At the end of the scan it showed the 46 Infected Objects, that there were 46 Cleaned and 0 ignored. The scan took 71 minutes. During the removal Ewido asked up to 5 times to remove the same cookie. It also removed a High Threat called popcaploader which is related to a game site I use.
QUESTION: Do I need to stay away from that site?

It seems that the computer is running slower than when we started at least while accessing internet sites.

OTHER QUESTIONS:
1. How did you decide to run Ewido?
2. The original reason for coming to HJT was that Spy Sweeper found nvdialer as a high threat on our computer. Ewido didn't find't it. How do I get rid or nvdialer?


Here is the Ewido Report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:44:20 AM, 4/25/2006
+ Report-Checksum: C23660A5

+ Scan result:

:mozilla.22:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\jp7amaih.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Barb\Cookies\barb@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Barb\Cookies\barb@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Barb\Cookies\barb@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Barb\Cookies\barb@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Barb\Cookies\barb@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Barb\Cookies\barb@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\MAINTENANCE\Cookies\maintenance@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup


::Report End

-------------------------------------------------------------------------
-------------------------------------------------------------------------
Here is the HJT Log:


Logfile of HijackThis v1.99.1
Scan saved at 11:55:12 AM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\USRSTA.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [USRSTA.EXE] USRSTA.EXE START
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129398134564
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2167FF87-B679-40E6-9BB6-E92161B815C5}: NameServer = 68.6.16.30,68.6.16.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{91126EA4-322E-4C96-9381-73469498FFE2}: NameServer = 68.2.16.30,68.2.16.25
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

----------------------------------------------------------------------
----------------------------------------------------------------------
Thanks,
Harriet567

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 25 April 2006 - 01:49 PM

Manual removal Please follow the instructions below if you would like to remove NVDialer manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If NVDialer remains on your system after stepping through the removal instructions, please double-check by stepping through them again. 1. Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.) 2. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Code Store Database \ Distribution Units \ {91413D86-9F27-402C-B5E3-DEBDD122C3B2}' 3. Exit the registry editor. 4. Restart your computer.

#9 Harriet567

Harriet567

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 25 April 2006 - 05:41 PM

Siggyx, I follwed your instructions to remove nvdialer and found that the key to delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Code Store Database \ Distribution Units \ {91413D86-9F27-402C-B5E3-DEBDD122C3B2}' was not in the registry. Where do we go from here? Did you find anything in the last HJT? I had some other questions in the last post. Thanks for your help, Harriet567

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 25 April 2006 - 08:28 PM

If it is not in the registry them it is more than likely a false/positive.

OTHER QUESTIONS:
1. How did you decide to run Ewido?
2. The original reason for coming to HJT was that Spy Sweeper found nvdialer as a high threat on our computer. Ewido didn't find't it. How do I get rid or nvdialer?


1) Ewido is a great free program that does a deep scan of your susyem and is good for trojans, virues and spyware. That is why I choose it.

2) It is more than likely a false positive.

Other than that your log looks good. Ewido is a resource hog, I warn you now, so you can remove it and that will speeds things up.

WE can do some additional system cleaning if you would like?

#11 Harriet567

Harriet567

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 26 April 2006 - 12:28 AM

Siggyx, Thanks for your False Positive explanation for nvdialer. I've uninstalled Ewido and also Spy Sweeper (the program that originally caused me to come to HijackThis). Then while trying to open Firefox, the computer speed was intermitently switching between running at a reasonable processing speed to running at an extremely slow processing speed. I performed a CTRL/ALT/DELETE and saw the Process svchost taking sometimes 85% process time while Firefox (which was trying to connect to the internet) taking only 15% process time. I had a HP Deskjet Taskbar Utility running at startup, so with WinPatrol I disabled this hoping it would eliminate the problem. IT DID NOT. Do you have a suggestion as to what to do about this problem? Or would some system cleaning help this? Thanks, Harriet567

#12 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 26 April 2006 - 12:31 AM

Lets do some cleaning.

Download ccleaner from the link below, save it to your desktop. Open ccleaner and click on run ccleaner at the bottom right.

http://www.majorgeek...wnload4191.html

Next download Regseeker from the link below. Save it to your destop. Open Regseeker and click on clean registry, next click ok. Once the scan is complete make sure the make backups is checked and then select all and delete it.

http://www.majorgeek...wnload2579.html

#13 Harriet567

Harriet567

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 26 April 2006 - 05:04 PM

Siggyx, I downloaded CCleaner, ran it and removed 46MB of stuff. I downloaded RegSeeker and removed 549 items including .ext's not used, paths not used, invalid ActiveX's (lots), invalid open withs, Zone Alarm Logs etc. Got a message that "WS_FTP does not appear to have been installed correctly for the current user", so I removed this application because we're not using it. Now, per WinPatrol, I'm only running USRSTA.ext (wireless), WinPatrol, Nod32kui, ZoneLabs, WinloginUserInit and WinloginShell at startup. The machine was still slow after restarting, so I Defragged the C: Partition. (I have a 30 GByte Drive with three 10GByte Partitions.) That coupled with CCleaner and RegSeeker has sped the machine up quite a bit, but it's still not as fast as it has been. If you've had enough of this problem I can live with this speed if I can maintain it. Should I run CCleaner and RegSeeker occasionally? You've been very helpful. Thank you for your time and patience.

#14 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 26 April 2006 - 07:10 PM

Run them once in awhile to help clean.

#15 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 26 April 2006 - 07:10 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·