PDA

View Full Version : I'm new, I don't know what to do...



TREX77`
2005-12-17, 20:55
Maybe you can help me,

I am new to computing and have no idea what to do to get rid of this SPYAXE Spyware on my computer. I've read some of the other postings and don't understand a thing...
Also There is an icon in the small bar at the bottom right of the screen that looks just like a yield sign, but yellow with an "!" in it.

If someone has the time and patience to work with this beginner, please


Following is the HJT Log:

md usa spybot fan
2005-12-17, 21:05
TREX77`

Welcome aboard!

To get started please read and follow the instructions in the following thread:
Before you post a log (http://forums.spybot.info/showthread.php?t=288)

TREX77`
2005-12-17, 21:06
I have run 3 ANTI VIRUS SCANS and 3 SpyWare Scans, including the SPYBOT

Here is the HJT Logfile

Logfile of HijackThis v1.99.1
Scan saved at 2:02:40 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Andrew\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16013&affid=105-57
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp9450.tmp
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

LonnyRJones
2005-12-17, 21:45
Hi

Download smitRem.exe (http://noahdfear.geekstogo.com/click%20counter/click.php?id=1) and save the file to your desktop. (By noahdfear.)
Double click on the file to extract it to it's own folder on the desktop.
Please download the trial version of Ewido Security Suite here:
install then from within the program check for updates BUT dont scan yet
ewido security suite: http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), Now close the program.
Do NOT run a scan yet.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next, please reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items if there, then click FIX CHECKED:
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp9450.tmp
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Spybot check for and fix any problems found.


Run Ewido:

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop
Close Ewido

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Restart back to a normal windows session
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.


Post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist

TREX77`
2005-12-18, 00:27
Thank You for you help, I believe it worked...

Here are the two logs I could get:

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 5:24:36 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16013&affid=105-57
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe



Next log on next Post

TREX77`
2005-12-18, 00:29
Here is the log from Ewido:

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\mkukm0ml.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Andrew\Desktop\backups\backup-20060102-150424-792.dll -> Downloader.Zlob.co : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\r7slcjzd.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\r7slcjzd.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\r7slcjzd.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\r7slcjzd.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@sento.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup


::Report End

I couldn't save the log (or maybe didn't figure out how to) from the Sitrem

But so far I believe it worked

Thanks Again,

LonnyRJones
2005-12-18, 09:58
Hi

Post the the log smitrem will have made and placed in c:\
C:\smitfiles.txt

TREX77`
2005-12-20, 02:01
Thank You,

Here is the LOG from Sitrrem:

Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 01/02/2006
The current time is: 15:05:46.68

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

Security Toolbar


~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)

LonnyRJones
2005-12-20, 02:16
Thanks, is your desktop back to normal ? any other problems ?

TREX77`
2005-12-20, 18:55
I don't think so, all apears normal, and it is quite a bit faster,

I have run the Scan from spybot a couple times and am still finding adware, but nothing affecting the output of my computer (I think?)

Are a couple of files normal every time you log onto the Internet?

LonnyRJones
2005-12-20, 21:03
Hi

Were they just cookies or usage tracks ?
If you would like the next time you check for problems then fix, rightclick in that window and choose save results and post it back here for us.

tashi
2005-12-23, 19:19
As the problems appear to be resolved this thread will be archived.
If you need it re-opened please pm me or LonnyRJones.

Cheers. :)