Greetings from LeonSprings, Texas USofA,

It has been somewhat of a long time since I have been here, there have been some major changes in my system. I see my sig reflects what I have and have updated minor parts.

Spybot detects one item that it (SBS&D) displays in RED, usually there are four (4) entries and they are not removed.

Entry of scan log:

"--- Search result list ---
Spywareinfo.TrafficZ: Bookmark (Firefox: Native (default)) (Bookmark, nothing done)


Spywareinfo.TrafficZ: Bookmark (Firefox: Native (default)) (Bookmark, nothing done)


Spywareinfo.TrafficZ: Bookmark (Firefox: Native (default)) (Bookmark, nothing done)


Spywareinfo.TrafficZ: Bookmark (Firefox: Native (default)) (Bookmark, nothing done)"

NOT the full log the other entries are just tracking points. This list does not show what is from within Spybot. Spybot calls this 'TrafficZ' and tells me it is within my FF Bookmarks yet it cannot be found. Some additional info is it is supposed to be tied to "/~merijn/ (http://www.spywareinfo.com/~merijn/); downloads.html (http://www.spywareinfo.com/~merijn/downloads.html); Spywareinfo :· Spyware and hijackware Removal Specialists (http://www.spywareinfo.com/); forums.html (http://www.spywareinfo.com/~merijn/forums.html)" and I have not been to that website for a very long time. This just started showing in Spybot since the end of last year, early January, 2009.

This has shown every time Spybot is run and as you can see in the short part of my Scan Log it is in the bookmark with nothing done. Can anyone give me some advise on how to clear this?

Thank you for reading my message and TIA,

Do you have bookmarks in Firefox to the Merijn site?

If you are comfortable showing your Firefox bookmarks here,you could do this:
Open Firefox,click Organize Bookmarks,click Import and Backup,in the dropdown menu,click Export Html,choose somewhere conveinent to save the file,such a your desktop.
Go to bookmarks.html,rightclick it,select Open With,then notepad,if notepad isn't right there,then click choose Default Program,then select Notepad,or browse and find Notepad.Please make sure Always use the selected program to open this kind of file is not checked.
Open edit,select all,then rightclick,select Copy,then Paste it here.

Do you have bookmarks in Firefox to the Merijn site?

If you are comfortable showing your Firefox bookmarks here,you could do this:
Open Firefox,click Organize Bookmarks,click Import and Backup,in the dropdown menu,click Export Html,choose somewhere conveinent to save the file,such a your desktop.
Go to bookmarks.html,rightclick it,select Open With,then notepad,if notepad isn't right there,then click choose Default Program,then select Notepad,or browse and find Notepad.Please make sure Always use the selected program to open this kind of file is not checked.
Open edit,select all,then rightclick,select Copy,then Paste it here.

Zenobia,

Yes, I do have links to Merijn site, even those covered by SBS&D as listed within my first post. I did a search for those locations and did not find any, of course those searches were done using my txt editor (EditPad by JGSoft) as well as copies that I have as backups that are not within the FF folder, Double Noid, paranoid.

Within my FF v3.0.6 the Bookmarks are not as you had suggested, the menu bar shows "Organize, Views, and Import and Backup." Have not gotten to the creating the TXT file yet to post here, have had several other tasks to chase down and complete. Maybe tomorrow.

Thank you for reading my message and excuse me for not fulfilling your request, yet,

No problem. :)
If you do have links to the old Merijn site in your bookmarks,I'd suggest to let Spybot remove them,or manually delete them in bookmarks.
Please see this post for more info:
http://forums.spybot.info/showthread.php?t=44116
And this:
http://www.spywareinfoforum.com/index.php?showtopic=121410

No need to post the text file,unless Spybot cannot remove the bookmarks,and/or you cannot find the old Merijn site links in bookmarks.

NO Posting for you from my bookmarks, nor will SBS&D remove said problem. I went in to 'Tools,' 'ManageBookMarks' and searched and found the problem links AND Deleted them. At least so far, have not done any searches to see if they were removed. Plan on closing FF and reopening to see if they were really removed. Plus run another Update of SBS&D then another scan.

Plus I have just installed and learning how to use AlterEgo from the forums and I like it except it just is not acting as reported still need to inform their Thread.

Thank you for reading my roaster poster and giving EXCELLENT assistance,

Well guess what? Using my TXT editor to find entries in the bookmarks for FF is NOT very good, went in again today and found four (4) more entries in various locations. Took me a couple of hours to find where they were located, because; FF Search for entries in bookmarks has not a field to show the path to that bookmark location. Only gives as a location the website that it will take you to. Instead of guiding you into the bookmark they take you to the other end, NOT much help in that respect.

Well they are gone, and I thank you again for this assistance plus for reading and responding to my poster roasters,

You're welcome. :)

Same ole Problem . . except I have learned . . . did another scan and found another link within my bookmarks in FF. Thought I had them all removed, guess I need to quit 'thinking' and start 'doing' to get rid of these pests.

Another problem has reared it's UGLY head, my system keeps freezing for about 1 to 2 min. and have been told to uninstall "Tea Time," which I did and it still is doing that. Had DiamondCS' RegProt on here and up until about a day ago it would run through all or any new entry in the RegistryFile, about 10 to 13 entries, in just a few seconds, now it may take up to 20 to 30 min. My H/D light keeps flashing even when I disconnect my DSL line and not doing anything on the keyboard, just sit there and watch. Do you think they have finally perfected the ESP software? HA! HA! HA! JOKE do not get your shorts in a knot. Oh! one other point in that area, the modem "Activity" light is not flashing most of the time even with the DSL connected, I know it will not when disconnected.

I ran CCleaner, latest version and using the "Windows" tab in there listed out many files that it found and wanted to remove so I told it to remove them. After about 3 hours it was still working on that job, I killed it and ran another "Analyze" and saved the list that came up. Then did an "Analyze" for "Application" tab and saved a copy of that and it looks to be the same list, have not compared them yet.

Every now and then when doing either a AV scan or SBS&D or just using my system to surf the web it will just go "blank" (black screen) and start to reboot. I will not allow that to occur, I all ways to a COLD boot, except for when Microsoft is doing a(just at this point my system FROZE for about 1.5 min.)n update that may contain security software.

Any ideas as to What or Why this may happen would really be appreciated, thank you for reading my poster,

Spybot is finding the same as before,Spywareinfo.TrafficZ?

Three hours for ccleaner to run is a long time.
Try this,Click Start,type cleanmgr,doubleclick cleanmgr.exe,decide whether you want just clean your files(My Files),or files for everyone on your computer,let me know how that goes.

Also,could you follow this to export a startup list,then post it here?
http://www.safer-networking.org/en/howto/startup.html

And finally,could you click Start,paste in Performance Information and Tools,doubleclick that,then over to the left select Advanced Tools.Is there anything there listed under Performance Issues?

Spybot is finding the same as before,Spywareinfo.TrafficZ?

Three hours for ccleaner to run is a long time.
Try this,Click Start,type cleanmgr,doubleclick cleanmgr.exe,decide whether you want just clean your files(My Files),or files for everyone on your computer,let me know how that goes.

Also,could you follow this to export a startup list,then post it here?
http://www.safer-networking.org/en/howto/startup.html

And finally,could you click Start,paste in Performance Information and Tools,doubleclick that,then over to the left select Advanced Tools.Is there anything there listed under Performance Issues?

Excuse me for being rather late in this reply. Am having other problems as well like Firewall (COMODO), AntiVirus (AVIRA) will not start and install automagically nor any other item listed in the Registry. For some reason those are being bypassed, I am now working in SAFE MODE/w Networking and even Windows Security Center will not run in this mode. Neither will the Performance Information and Tools will not load here, that will be done OFF line later and post in another message.

Did the 'cleanmgr' thingy and cleared some areas, but; do not think that will HELP with my main problem. When booting in NORMAL I click on the START button to access the Programs list and start my AntiVir (Avira) and CIS (Comodo) my system freezes for about 3 to 4 minutes until each is loaded, one at a time. If starting any other program will do the same.

Thank you for being there and giving some suggestions,

Zenobia,

Thank you for that link to the Screen Display of what you were requesting, from within SBS&D for those StartUp files. Some have been Disabled because it takes too long for them to do their thingy, like RegProt - 3 - 4 minutes for each notice of activity within the registry file? Too long for me.

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-02-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-22 Includes\Adware.sbi
2009-01-22 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-01-06 Includes\Dialer.sbi
2009-01-22 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-02-10 Includes\Hijackers.sbi
2009-02-10 Includes\HijackersC.sbi
2008-12-09 Includes\Keyloggers.sbi
2009-02-03 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-11-18 Includes\Malware.sbi
2009-02-10 Includes\MalwareC.sbi
2008-12-16 Includes\PUPS.sbi
2009-02-10 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-02-10 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-01-28 Includes\Spyware.sbi
2009-01-28 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2009-02-03 Includes\Trojans.sbi
2009-02-10 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, !AAVNT
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73

Located: HK_LM:Run, COMODO Internet Security
command: "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
file: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
size: 1850600
MD5: 7AF5C50EC3BFC9EE41B46067A1A76C9A

Located: HK_LM:Run, DellSupportCenter
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 206064
MD5: 3917664C26B4344768C288BBA6FEFCB6

Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: 9ABF687071C649609BF7E177062A9008

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: FF3BF05021BFECC92DB81B8257EEB026

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 92704
MD5: C1E17F8DF7524B454E57A0C887307403

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4907008
MD5: B503285B5D1CAC5AE445D60C690DCFF9

Located: HK_LM:Run, SANSISC
command: C:\Users\Native\AppData\Roaming\ProgyFiles\ISCSANS\ISCAlert.exe
file: C:\Users\Native\AppData\Roaming\ProgyFiles\ISCSANS\ISCAlert.exe
size: 6656
MD5: 74F1EE31E1B4F3297E767DA5666C2489

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:Run, !Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73

Located: HK_LM:Run, !DLD (DISABLED)
command: "C:\Program Files\Digital Line Detect\DLG.exe"
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 50688
MD5: F03FFC962E18F36A922E61F96BE09925

Located: HK_LM:Run, !RegProt (DISABLED)
command: C:\Users\Native\AppData\Roaming\ProgyFiles\DCS\RegProt\RegProt.exe
file: C:\Users\Native\AppData\Roaming\ProgyFiles\DCS\RegProt\RegProt.exe
size: 19614
MD5: BED2D3E8C8C15D657601D3F95B564AF5

Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 13535776
MD5: 7522597DD61F651A95A471D798E08304

Located: HK_LM:Run, NvSvc (DISABLED)
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\nvsvc.dll
size: 526880
MD5: B88B306A3DD3B470A8747B15B7C00703

Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345

Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725

Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, ccleaner
where: S-1-5-21-625065069-3971630813-3076134940-1000...
command: "C:\Users\Native\AppData\Roaming\CrpClnr\CCleaner\CCleaner.exe" /AUTO
file: C:\Users\Native\AppData\Roaming\CrpClnr\CCleaner\CCleaner.exe
size: 1451248
MD5: A54FC834E6FC5FF1094CBD4FF78EF279

Located: HK_CU:Run, DellSupport
where: S-1-5-21-625065069-3971630813-3076134940-1000...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534

Located: HK_CU:Run, !SBS&DTeaTimer (DISABLED)
where: S-1-5-21-625065069-3971630813-3076134940-1000...
command: C:\Program Files\SaferNetWork\SBS&D\TeaTimer.exe
file: C:\Program Files\SaferNetWork\SBS&D\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-21-625065069-3971630813-3076134940-1000...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725

Located: Startup (user), OpenOffice.org 3.0.lnk (DISABLED)
where: C:\Users\Native\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
size: 384000
MD5: 9C8D9866C818AC54B71BE86B3193A1A3

Sorry for taking so long to get back to you. :)
You don't seem to have too many startup programs,that it would cause that much slowness.
Please be extremely careful running in safe mode with networking,this leaves you unprotected,as most firewalls,antivirus,do not run on startup in safe mode.If you have access to another computer,I'd suggest that you use it for the internet,until you are able to get your Vista up and running better.

Are you able to run your antivirus while in safe mode,and is it detecting anything?Also,Spybot isn't finding anything other than Spywareinfo.TrafficZ,is it?

Did you have any luck running the Performance Information and Tools in normal mode whilst offline?

Sorry for taking so long to get back to you. :)
You don't seem to have too many startup programs,that it would cause that much slowness.
Please be extremely careful running in safe mode with networking,this leaves you unprotected,as most firewalls,antivirus,do not run on startup in safe mode.If you have access to another computer,I'd suggest that you use it for the internet,until you are able to get your Vista up and running better.

Are you able to run your antivirus while in safe mode,and is it detecting anything?Also,Spybot isn't finding anything other than Spywareinfo.TrafficZ,is it?

Did you have any luck running the Performance Information and Tools in normal mode whilst offline?

Zenobia,

NOT a problem for me, as I have not been able to be on here as often I would like or need to be. Yes, you are correct most will not and firewalls are not usable either. Windows Firewall will and I did use it. I do not remember where, maybe Wilders Security Forums is where a I found some links to some spyware software and downloaded them, two (2) that were recommended by one of their frequent posters.

While within the Safe Mode downloaded "MalwareBytes' - Anti-Malware" and "Super Anti-Spyware." The first one would not load in 'Safe Mode ComdLine Admin,' the second one did and I ran it and it found three (3) places for 'Trojan.Dropper/Gen' and quarantined them and a box came up that told me I needed to reboot my system because of that install. I did and ran "SUPER ANTI-MALWARE" again and found four (4) more locations for the same trojan. Booted up in normal mode and had to activate my AntiVirus program and Comodo Internet Security program plus their AntiVirus software that is included which I ran and it found several other viruses, 'Heur.Packed.Unknown,' 'Heur.Pck.Crypto,' and 'TrojWare.Bat.ExitWindows.C@8232 and they have all been safely quarantined and removed. SpybotS&D is only finding the non-worrisome tracks, history, cookies, et ceteras. My system seems to be doing at least 99.98% better, leaving room for improvement.

Could not find "Performance Information and Tools" (without quotes) until this evening while preparing to create this long winded reply. That is in CPL and will see what that has to do with anything after posting this.

You have been a GREAT HELP in this venture. I have come out of this with a better understanding and maybe, this part is a little scary, a little SMARTER in how to keep my system in better shape.

Thank you for being there and giving some GOOD advise, C U L8R,

Zenobia,

Not sure what you are looking for, there were several thingys listed.

The following is a brief note:

/w yellow triangle "Adjust visual settings to improve performance"

/w yellow triangle "These startup programs are causing Windows to start slowly

Name: Spybot - Search & Destroy
Filename: SpybotSD.exe
Publisher: Safer networking Limited
Date reported: Wed Dec, 2008 12:10 PM
Time taken: 54.4 seconds

Name: Unknown
Filename: cmdagent.exe
Publisher: Unkown
Date reported: Sun Nov 2, 2008 3:26 PM
Time taken: 30.6 seconds


Name: Unknown
Filename: cmdagent.exe
Publisher: Unkown
Date reported: Sat Jan 31, 2009 4:24 PM
Time taken: 30.6 seconds"

I have been attempting to HELP with their determinations of problems, guess that will be removed, at least until the BETA testing is done.

Thank you for asking and alerting me to more information than I ever wanted and do need.

By-cycle,

Name: Unknown
Filename: cmdagent.exe
Publisher: Unkown
Date reported: Sun Nov 2, 2008 3:26 PM
Time taken: 30.6 seconds
http://www.bleepingcomputer.com/startups/cmdagent.exe-17088.html
Status is listed as required.

I can't find any info on this at all:TrojWare.Bat.ExitWindows.C@8232 or even TrojWare.Bat.ExitWindows.
Is that exactly how it's spelled?


Booted up in normal mode and had to activate my AntiVirus program and Comodo Internet Security program plus their AntiVirus software that is included which I ran

I see startup entries for both in your startup log,do you mean you had to start them manually,they would not run automatically for background scanning,or did you mean you activated them to do a scan?

On a side note,if both antivirus both normally run on start-up(antivir's guard component plus Comodo's),then one should be disabled,but I'll address that after you answer the above question. :)