Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Need Help

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    25

    Default Need Help

    I run windows xp pro with avira personal virus protection.

    My desktop wallpaper has been replaced with a red screen that contains the following message:

    "Warning your computer is under attack. Your computer is infected by anonymous spyware program.

    Operating system has several fatal errors due to spyware activity. It is strongly recommended to install anti-spyware software to eliminate all security vulnerabilities. Click HERE to protect your PC".

    The word HERE in the above statement is a link to http://antispyspider.us/130 When I go to the Desktop tab in the Display Properties Box I find a new background, "index". The mini icon preceding it is an Internet Explorer icon.

    I am constantly barraged by a variety of pop ups that take me to the same link when I close them or jump automatically when I ignore them.

    Another symptom seems to be that the attacking software will not allow me to download a program called smitfraudfix.exe from any of the sights I found that provide it. I have had no problem in downloading other programs, but I get a message saying something along that Foxfire can not find the file. I have been able to download the program on an uncontaminated computer.

    When I press the cntl/alt/del keys I am told that the Task Manager has been disabled by the System Administrator. (Is there any way to reactivate the Task Manager?) I am also told that the system administrator has disabled Regedit. I have been able to enable both programs but they are disabled again almost immediately.

    When I start depressing the F8 key after the first beep during startup, I am presented with the option of choosing the boot device from a list of Floppy, IDE-0, IDE-1, CDRom, or Network. When I select the IDE-0, the system goes directly to normal start up without presenting a menu that includes safe mode. (Is there an alternate way of invoking safe mode?)

    After downloading, installing, and updating Spybot, I ran my first scan. The process seemed to be proceeding normally until the status line showed this message: "Running bot check [156787/156787: Firefox - default - bookmarks]. The program seemed to be locked at this point. After more that 15 minutes of no apparent activity, I stopped the scan. The list of critical problem conditions included a couple of dozen critical threats. I hit the Fix selected problems button. The program started to correct the problems but after a brief period locked up. I was told that it was no longer responding.

    I have just spent 15 hours doing the Kaspersky scan. It completed, but there was no "Save as text" button anywhere to be found. When I passed my cursor over the window that the scan ran it, the message "Error on page" appears in the status line. The summary was: Total scanned objects – 631782, Number of viruses found – 20, Number of infected objects – 144.

    I ran the Spybot scan again. I encountered the same problem when it was almost complete with it hanging on the Firefox default bookmarks message. This time when I stopped the scan, the report showed 24 critica problems with 161 entries. I again hit the Fix Selected Problems Button. This time the program was able to correct all the errors. I grabbed the program log and terminated the program.

    Problems identified by Spybot: AdRevolver, Advertising.com, BFast, BurstMedia, CasaleMedia, Commission Junction, CoreMetrics, DoubleClick, Excite, FastClick HitBox LinkSynergy, Matchcraft, MediaPlex, Microsoft.Windows.Security.InternetExplorer, Microsoft.Windows.Security.Center.Registry, Microsoft.Windows.Security.Center.TaskManager, right Media, Statcounter, TargetNet, ValueClick, WebTrends live, WildTangent, Win32.Bancos.zm, Zedo. The three Microsoft problems all refered to registry changes. I fixed all of the problems.

    I ran Spybot program again this morning and it found only six critical errors (one occurrence each): DoubleClick, Statcounter, Microsoft.Windows.Security.InternetExplorer, Microsoft.Windows.Security.Center.Registry, Microsoft.Windows.Security.Center.TaskManager, Win32.Bancos.zm. I fixed all of the problems again.


    I have also run the sfc command from the run menu and have produced a HijackThis report that I will append to the end of this message. I don’ t have a lot for three days effort.

    I have been discussing the problem up to this point with drragostea at this thread:

    http://forums.spybot.info/showthread.php?t=29129

    ****** HijackThis Log *******
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:38:43 PM, on 6/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerVCRII\Agent.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\WeatherMate\WeatherMate.exe
    C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\V-Stream Multimedia\TV883LP Utilities\C8XRCtl.exe
    C:\Program Files\Dropbox\dropbox.exe
    C:\Program Files\Verizon Online\bin\mpbtn.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Office 2003\OFFICE11\WINWORD.EXE
    C:\Program Files\MWSnap\MWSnap.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmr...1&bm=ho_search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.yahoo.com/"); (C:\Documents and Settings\BOSELA\Application Data\Mozilla\Profiles\default\8650wqji.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BOSELA\Application Data\Mozilla\Profiles\default\8650wqji.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
    O4 - HKLM\..\Run: [WeatherMate] "C:\Program Files\WeatherMate\WeatherMate.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3267] cmd /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB569] command /c del "C:\WINDOWS\wt\webdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2370] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
    O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: TV883LP Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV883LP Utilities\C8XRCtl.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
    O8 - Extra context menu item: Add this link to WebWhacker... - C:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwieextlink.html
    O8 - Extra context menu item: Add this page to WebWhacker... - C:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwieext.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
    O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - C:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwietb.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.advancedanalyzer.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {065FD296-2A8A-48C3-9634-7E167BF2C6C2} (RealTick OCX) - http://www.terranovaonline.com/inves...TNInvestor.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - http://invite.mshow.com/(mfyklj45kv3...ShowSetup5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {54BA1E8F-818D-407F-949D-BAE1692C5C18} (Attribute Class) - http://gemal.dk/browserspy/capicom.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/06f89839...p/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200531392005
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/F...ansferCtrl.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/f...all/isetup.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O16 - DPF: {CD69D6AB-0D0D-4082-B3CF-6E5381FA227B} (MigrationAdvisor Class) - http://www.detto.com/hpadvisor/DTMigAdv.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://terranova.webex.com/client/v...ex/ieatgpc.cab
    O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) - http://www.nwcet.org/coreport/v51/ie...tSsoClient.cab
    O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

    --
    End of file - 14151 bytes

  2. #2
    Junior Member
    Join Date
    Jun 2008
    Posts
    25

    Default

    Here is another HijackThis log taken a few minutes ago.

    ********** HijackThis Log **********
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:39:27 AM, on 6/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerVCRII\Agent.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\WeatherMate\WeatherMate.exe
    C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\V-Stream Multimedia\TV883LP Utilities\C8XRCtl.exe
    C:\Program Files\Dropbox\dropbox.exe
    C:\Program Files\Verizon Online\bin\mpbtn.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://cgi.verizon.net/bookmarks/bmr...1&bm=ho_search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

    provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.yahoo.com/"); (C:\Documents and

    Settings\BOSELA\Application Data\Mozilla\Profiles\default\8650wqji.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",

    "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents

    and Settings\BOSELA\Application Data\Mozilla\Profiles\default\8650wqji.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} -

    C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} -

    C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

    Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft

    Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program

    Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common

    Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
    O4 - HKLM\..\Run: [WeatherMate] "C:\Program Files\WeatherMate\WeatherMate.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"

    -scheduler
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3267] cmd /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB569] command /c del "C:\WINDOWS\wt\webdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2370] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
    O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

    7.0\Reader\reader_sl.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: TV883LP Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV883LP

    Utilities\C8XRCtl.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon

    Online\bin\matcli.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Add this link to WebWhacker... - C:\Program Files\Blue

    Squirrel\WebWhacker 5.0\Art\wwieextlink.html
    O8 - Extra context menu item: Add this page to WebWhacker... - C:\Program Files\Blue

    Squirrel\WebWhacker 5.0\Art\wwieext.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program

    Files\Net2Phone\Net2fone.exe
    O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program

    Files\Net2Phone\Net2fone.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - C:\Program Files\Blue

    Squirrel\WebWhacker 5.0\Art\wwietb.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.advancedanalyzer.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

    http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {065FD296-2A8A-48C3-9634-7E167BF2C6C2} (RealTick OCX) -

    http://www.terranovaonline.com/inves...TNInvestor.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

    http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) -

    http://invite.mshow.com/(mfyklj45kv3...ShowSetup5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {54BA1E8F-818D-407F-949D-BAE1692C5C18} (Attribute Class) -

    http://gemal.dk/browserspy/capicom.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

    http://software-dl.real.com/06f89839...p/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://www.update.microsoft.com/wind...?1200531392005
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) -

    http://transfers.one.microsoft.com/F...ansferCtrl.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -

    http://www.lizardtech.com/download/f...all/isetup.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

    http://zone.msn.com/binFramework/v10...o.cab34246.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) -

    http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O16 - DPF: {CD69D6AB-0D0D-4082-B3CF-6E5381FA227B} (MigrationAdvisor Class) -

    http://www.detto.com/hpadvisor/DTMigAdv.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

    http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -

    https://terranova.webex.com/client/v...ex/ieatgpc.cab
    O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) -

    http://www.nwcet.org/coreport/v51/ie...tSsoClient.cab
    O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common

    Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir

    PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program

    Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe

    (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

    Shared\Service\Macromedia Licensing.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

    --
    End of file - 14018 bytes

  3. #3
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Please uninstall Spybot for now to make sure TeaTimer won't interfere fixing. You may reinstall it after system is clean


    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file & a fresh hjt log in your next reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #4
    Junior Member
    Join Date
    Jun 2008
    Posts
    25

    Default

    I started to address my problem before you had replied to my initial postings. I will recap the actions that I have taken and their apparent impact on my situation. Several of the steps that I have taken appear in your prescription, but I did not perform your entire procedure exactly as you described it. I would like to see what your recommendations would be in light of the current situation.

    This is what I have done since my initial postings in this thread.

    I downloaded and ran ATF-Cleaner. I used the settings that you describe for the main section. I did not check any of the Firefox boxes.

    Then I downloaded MalwareByte's Anti-Malware and ran it. It found quite a bit of garbage, which I let it correct. Funny thing the system turned to molasses during the correction process. I had to wait quite a while to make sure that it had completed its corrections. The system took forever to do anything. I ended up restarting the system even though I could not determine the status of all processes. I should point out that I did not uninstall Spybot so that may have been a contributing factor in my system bog down. I will attach the log from this Anti-Malware run at the end of this message.

    Spybot was free of critical errors immediately after running the two above programs. Still froze at the at the same point as has been consistently the case. I ran it again after 8 hours or so and it had quite a few problem cookies. Most associated with Firefox. I am surprised because I assumed that Spybot would prevent new corruption of cookies in either browser.

    I have run Anti-Malware again and it came up completely clean, zero errors.

    These are the current problems/issues that I would like to resolve.

    Spybot has never completed its scan normally. I must stop the scan at the same point each time: "Running bot check [156787/156787: Firefox - default - bookmarks]”. I never see any of the “non-critical errors”.

    The system is running noticeably slower than before my problems began. That may be due to the Spybot related processes that are running and taking system resources.

    The quick launch icon that would appear any time I attached a USB device to the computer to safely remove the device has disappeared. It never appears and consequently I can’t assure safe removal without logging off.


    ================= Anti-Malware Repor=====================
    Malwarebytes' Anti-Malware 1.15
    Database version: 842

    2:12:49 PM 6/9/2008
    mbam-log-6-9-2008 (14-12-39).txt

    Scan type: Quick Scan
    Objects scanned: 47213
    Time elapsed: 10 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 12
    Registry Values Infected: 2
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 20

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\sockins32.dll (Trojan.BHO) -> No action taken.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebProxy (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\sockins32.dll (Trojan.BHO) -> No action taken.
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
    C:\WINDOWS\promo1.html (Malware.Trace) -> No action taken.
    C:\WINDOWS\promo2.html (Malware.Trace) -> No action taken.
    C:\WINDOWS\promo3.html (Malware.Trace) -> No action taken.
    C:\WINDOWS\promo4.html (Malware.Trace) -> No action taken.
    C:\WINDOWS\promo5.html (Malware.Trace) -> No action taken.
    C:\WINDOWS\promo6.html (Malware.Trace) -> No action taken.
    C:\WINDOWS\promogif1.gif (Malware.Trace) -> No action taken.
    C:\WINDOWS\promogif2.gif (Malware.Trace) -> No action taken.
    C:\WINDOWS\promogif3.gif (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\other.txt (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\finance.txt (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\adult.txt (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\sft.res (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\lt.res (Malware.Trace) -> No action taken.
    C:\WINDOWS\s32.txt (Malware.Trace) -> No action taken.
    C:\WINDOWS\ws386.ini (Malware.Trace) -> No action taken.
    C:\Documents and Settings\bosela\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken.


    ================ Most Recent HiJackThis Report ================
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:21:33 PM, on 6/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerVCRII\Agent.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\WeatherMate\WeatherMate.exe
    C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\V-Stream Multimedia\TV883LP Utilities\C8XRCtl.exe
    C:\Program Files\Dropbox\dropbox.exe
    C:\Program Files\Verizon Online\bin\mpbtn.exe
    C:\Program Files\Microsoft Office 2003\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://cgi.verizon.net/bookmarks/bmr...1&bm=ho_search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

    provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.yahoo.com/"); (C:\Documents and

    Settings\BOSELA\Application Data\Mozilla\Profiles\default\8650wqji.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",

    "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents

    and Settings\BOSELA\Application Data\Mozilla\Profiles\default\8650wqji.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} -

    C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} -

    C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

    Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft

    Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program

    Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common

    Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
    O4 - HKLM\..\Run: [WeatherMate] "C:\Program Files\WeatherMate\WeatherMate.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"

    -scheduler
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

    7.0\Reader\reader_sl.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: TV883LP Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV883LP

    Utilities\C8XRCtl.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon

    Online\bin\matcli.exe
    O8 - Extra context menu item: Add this link to WebWhacker... - C:\Program Files\Blue

    Squirrel\WebWhacker 5.0\Art\wwieextlink.html
    O8 - Extra context menu item: Add this page to WebWhacker... - C:\Program Files\Blue

    Squirrel\WebWhacker 5.0\Art\wwieext.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program

    Files\Net2Phone\Net2fone.exe
    O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program

    Files\Net2Phone\Net2fone.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - C:\Program Files\Blue

    Squirrel\WebWhacker 5.0\Art\wwietb.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.advancedanalyzer.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

    http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {065FD296-2A8A-48C3-9634-7E167BF2C6C2} (RealTick OCX) -

    http://www.terranovaonline.com/inves...TNInvestor.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

    http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) -

    http://invite.mshow.com/(mfyklj45kv3...ShowSetup5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {54BA1E8F-818D-407F-949D-BAE1692C5C18} (Attribute Class) -

    http://gemal.dk/browserspy/capicom.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

    http://software-dl.real.com/06f89839...p/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://www.update.microsoft.com/wind...?1200531392005
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) -

    http://transfers.one.microsoft.com/F...ansferCtrl.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -

    http://www.lizardtech.com/download/f...all/isetup.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

    http://zone.msn.com/binFramework/v10...o.cab34246.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) -

    http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O16 - DPF: {CD69D6AB-0D0D-4082-B3CF-6E5381FA227B} (MigrationAdvisor Class) -

    http://www.detto.com/hpadvisor/DTMigAdv.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -

    https://terranova.webex.com/client/v...ex/ieatgpc.cab
    O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) -

    http://www.nwcet.org/coreport/v51/ie...tSsoClient.cab
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common

    Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir

    PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program

    Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe

    (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

    Shared\Service\Macromedia Licensing.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

    --
    End of file - 13248 bytes

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Have you defragged hard drive(s) lately? Doing so has helped quite often with jamming at scanning situations.


    Uninstall Spybot now.

    Start hjt, do a system scan, check:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    O4 - Startup: PowerReg SchedulerV2.exe

    Close browsers and fix checked.

    Delete c:\windows\homepage.html file if found.

    Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply ensuring that Notepad doesn't have word wrap enabled.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Junior Member
    Join Date
    Jun 2008
    Posts
    25

    Default

    When I start to uninstall Spybot, I am asked about weather I want to undo changes that Spybot made to the system. I want to make sure that you want me to retain the changes and delete the program.

    Will I be reinstalling Sybot at some point down the road?

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    As I told a couple of posts earlier you may reinstall Spybot after system is clean
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Junior Member
    Join Date
    Jun 2008
    Posts
    25

    Default

    I have just used the Windows XP defragmentation program to analize my C: drive and it indicates that I do not have to defragment the disk at this point in time. I will attach the report below.

    Would you still recommend that I defragment the C: drive as soon as posible?

    ============= Defrag Report =============
    Volume (C
    Volume size = 149 GB
    Cluster size = 4 KB
    Used space = 116 GB
    Free space = 32.87 GB
    Percent free space = 22 %

    Volume fragmentation
    Total fragmentation = 5 %
    File fragmentation = 11 %
    Free space fragmentation = 0 %

    File fragmentation
    Total files = 304,070
    Average file size = 458 KB
    Total fragmented files = 11,187
    Total excess fragments = 74,636
    Average fragments per file = 1.24

    Pagefile fragmentation
    Pagefile size = 720 MB
    Total fragments = 1

    Folder fragmentation
    Total folders = 17,701
    Fragmented folders = 379
    Excess folder fragments = 1,367

    Master File Table (MFT) fragmentation
    Total MFT size = 459 MB
    MFT record count = 322,858
    Percent MFT in use = 68 %
    Total MFT fragments = 3

    --------------------------------------------------------------------------------
    Fragments File Size Most fragmented files
    402 32 MB \System Volume Information\_restore{3FEB5195-9DFC-4B83-B870-90C6A4941147}\RP798\snapshot\_REGISTRY_MACHINE_SOFTWARE
    384 32 MB \System Volume Information\_restore{3FEB5195-9DFC-4B83-B870-90C6A4941147}\RP773\snapshot\_REGISTRY_MACHINE_SOFTWARE
    276 8 MB \Documents and Settings\bosela\Local Settings\Application Data\Mozilla\Firefox\Profiles\u03147r5.default\Cache\_CACHE_002_
    263 6 MB \Documents and Settings\bosela\Local Settings\Application Data\Mozilla\Firefox\Profiles\u03147r5.default\Cache\_CACHE_001_
    234 14 MB \Documents and Settings\bosela\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\05\d5f69f61-c4b624d1-b4376c4d-35ca70c5.qtch
    228 17 MB \Documents and Settings\bosela\Local Settings\Application Data\Mozilla\Firefox\Profiles\u03147r5.default\Cache\_CACHE_003_
    224 14 MB \Documents and Settings\bosela\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\00\40e418af-4e121624-25ac0c32-fbc343c8.qtch
    178 12 MB \System Volume Information\_restore{3FEB5195-9DFC-4B83-B870-90C6A4941147}\RP824\A0103484.dll
    175 15 MB \Documents and Settings\bosela\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\08\c8719810-03625865-855fa6af-59c6249d.qtch
    156 10 MB \System Volume Information\_restore{3FEB5195-9DFC-4B83-B870-90C6A4941147}\RP824\A0103524.dll
    156 10 MB \data\audio\music\mp3\rock500\114_-_Pink_Floyd_-_Welcome_To_The_Machine.mp3
    155 9 MB \Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\6jiflrcc.default\bookmarks.html.sbsd.bak
    155 9 MB \Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\6jiflrcc.default\bookmarks.html
    148 32 MB \data\download\graphics\photoshop\radiantVista_tu_pastelBeach.mov
    139 11 MB \data\audio\music\mp3\rock500\212_-_Pink_Floyd_-_Us_and_Them.mp3
    129 8 MB \System Volume Information\_restore{3FEB5195-9DFC-4B83-B870-90C6A4941147}\RP832\A0106174.dll
    126 8 MB \System Volume Information\_restore{3FEB5195-9DFC-4B83-B870-90C6A4941147}\RP824\A0103545.dll
    126 503 KB \WINDOWS\msxml6-KB933579-enu-x86.LOG
    119 8 MB \data\audio\music\mp3\rock500\445_-_Led_Zeppelin_-_All_My_Love.mp3
    103 7 MB \data\audio\music\mp3\rock500\092_-_Queen_-_We_Will_Rock_You_and_We_Are_The_Champions.mp3
    101 440 KB \data\corel\pspxi\Presets
    100 8 MB \data\audio\music\mp3\rock500\251_-_Led_Zeppelin_-_Trampled_Under_Foot.mp3
    100 6 MB \data\audio\music\mp3\rock500\106_-_Van_Morrison_-_Moondance.mp3
    98 8 MB \data\audio\music\mp3\rock500\090_-_Grateful_Dead_-_Touch_of_Grey.mp3
    98 7 MB \data\audio\music\mp3\rock500\270_-_The_Who_-_Eminence_Front.mp3
    97 8 MB \System Volume Information\_restore{3FEB5195-9DFC-4B83-B870-90C6A4941147}\RP832\A0106520.dll
    96 7 MB \data\audio\music\mp3\rock500\317_-_Steely_Dan_-_FM.mp3
    95 7 MB \data\audio\music\mp3\rock500\284_-_Lynyrd_Skynyrd_-_Sweet_Home_Alabama.mp3
    95 6 MB \data\download\Opera_9.27_International_Setup.exe

  9. #9
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Would you still recommend that I defragment the C: drive as soon as posible?
    Doing so wouldn't do any harm, would it?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Junior Member
    Join Date
    Jun 2008
    Posts
    25

    Default

    Should my reply be "yes" to the message that I get when I hit uninstall in Add/Remove Programs?

    The message is as follows:

    "If you just want to undo changes that you have made with Spybot, do not uninstall it right now. Spybot has created backups to allow you to undo any changes it has made. Please start Spybot and use the Recovery section. Also you may try to undo any protections you have applied in the Immunize section.

    Are you really sure you want to completely remove Spybot and all of its components instead of tryingt the undo functions first?"

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •