Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Wadinator

Pages: [1] 2
1
Tech Clinic / PC Performance Very Slow. Wondering about Spyware...
« on: September 08, 2006, 07:03:08 PM »
Here is the list you wanted. Sorry for the delay. Been really busy lately.

2004 ProSeries User's Guide
Adobe Acrobat 4.0
Adobe Flash Player 9 ActiveX
Google Toolbar for Internet Explorer
Greeting Card Maker
Greetings Workshop
HijackThis 1.99.1
hp instant support
HP Photo and Imaging 1.0 - PSC 2000 Series
Intel® PRO Network Adapters and Drivers
JumpStart First Grade v2.4
Email Removed
Kim Possible Album
KODAK Camera Connection Software
KODAK Camera Connection Software Help
KODAK Memory Albums
KODAK One Touch to Better Pictures
KODAK Picture Software
KODAK Picture Transfer Software
KODAK SD-MMC Reader
KODAK Software Updater
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Shockwave Player
Mavis Beacon Teaches Typing 11
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office 2000 SR-1 Premium
Microsoft Outlook Express 6
Microsoft Web Publishing Wizard 1.6
MSN Messenger 7.0
MSXML4 Parser
Nero - Burning ROM
NetMeeting 3.01
Network Play System (Patching)
Norton AntiVirus 2005 (Symantec Corporation)
ProSeries 2004
Quicken 2002 Deluxe
QuickTime
Readiris 7.5
SolSuite
Spybot - Search & Destroy 1.4
The Oregon Trail
TI Connect(tm) 1.2.1
TI NoteFolio Creator 1.0
TI StudyCards Creator 2.0
Uninstall ESS Driver
USB CompactFlash Reader
USB SmartMedia Reader
WinZip

2
Tech Clinic / PC Performance Very Slow. Wondering about Spyware...
« on: September 06, 2006, 07:27:30 AM »
Sure, I'll get that to you. I'm at work now. Will post it when I get home.

I realize the computer is old, however my mom and sister still use it and I'd like to keep it clean until I finally decide to trash it.

3
Tech Clinic / PC Performance Very Slow. Wondering about Spyware...
« on: September 04, 2006, 04:46:12 PM »
Hi,

I've used this forum before and found the advice to be very helpful, so I am returning with problems on a different PC. This is an old computer and has been infected several times over the years. Could someone please look at the info below and tell me if it is worth fixing and how I would go about fixing it? Thanks.

Computer Stats
-----------------
OS: Microsoft Windows 98 Second Edition

GenuineIntel
x86 Family 6 Model 8 Stepping 3
256.0MB RAM

Hijack this log file
--------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:40:47 PM, on 9/4/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\FPPLOCK.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A58D-8F6FA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSC037.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Warning: do not remove it!] fpplock.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ll2/install.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/d82c8d/games/files...aploader_v6.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

Lastly, if there is no malware, could someone give me recommendations as to increasing the performance? Thanks.

4
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 16, 2006, 11:19:11 AM »
questolo,

I'll delete all the restore points and try your advice with the folders. You have been a tremendous help. I sincerely thank you for your help and patience.

5
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 15, 2006, 09:51:56 PM »
Hi questolo,
I've double and triple checked. I'll just tell Windows not to worry about it.

Quote
I have some other recommendations later, for now goodnight
Ok, so what are they? Please...

Quote
I want to make sure you can live without the Oracle folder and jxea7b22.sys file
What did you find out?

Hey cool, I'm a Journeyman.

6
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 15, 2006, 10:31:58 AM »
Hi questolo,

Yeah, I'm sure Auto-Protect and Script Blocking are enabled. I don't know what's wrong. Even when I use all default settings ( everything enabled ), I still get the strange error. Should I just assume it is working and tell Windows not to warn me about NAV being disabled?

7
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 13, 2006, 08:33:46 PM »
Don't worry about the WindowBlinds issue. I got it fixed. The NAV thing is really weird though. If you have any ideas, please share.

Why am I only able to edit once or twice? That is the only reason I posted again.

8
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 13, 2006, 05:50:10 PM »
Hi questolo,

Things are running OK. I do have 2 minor concerns however.
1) Windows Security Center brings up a popup (speech bubble style) near my taskbar everytime I reboot. It says that my computer may be at risk because Norton AV is disabled. However, when I open NAV, I find everything is up to date and enabled. See picture below.
[attachment=935:attachment]
2) Secondly, before I got infected, I used a program called Windows Blinds ( perhaps you've heard of it ) to change the appearance of my pc. Now, the skins will still load, but they do not do so automatically like they did before. I've looked around for any settings that may have caused this but I can't find anything. Since everything in the startup tab in MSCONFIG is enabled, I assume the startup app that loaded the skins is now disabled and no longer on the list.

I have deleted the 3 things you specified above permanently. Have you found anything about the Oracle folder and jxea7b22.sys file?

You said you had a few more recomendations. I would love to hear them, considering how well your previous advice has worked.

Here is an updated HijackThis log you requested.


Logfile of HijackThis v1.99.1
Scan saved at 6:49:32 PM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 11\MiniMavis.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Mavis Beacon Teaches Typing 11.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 11\MiniMavis.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

9
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 13, 2006, 12:01:27 AM »
Hey questolo, you were right (as usual)

I found it. It turns out there IS in fact a setting in ObjectDock that reads "Show Windows Taskbar". I have no idea how that got unchecked.

You have been a tremendous help. I appreciate the time you put in to helping me. You and the other people on this forum really do a great job. Thank you for all your continued assistance. I could have never cleared this up without you.

Could you leave this thread open for a while? In case that was not the last problem. I'll test everything the next few days and if everything works, I'll add even more thanks to the above paragraph.

10
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 12, 2006, 11:47:12 PM »
Yipee!!!!!! Aw Great, you made me wake up everyone. Yes, the taskbar is back. (Hopefully for good)
Would you like a list of the services I disabled?
No, Stardock has no hide taskbar settings. Nevermind, I think it does. (Just checked their website)
I'll restart with ObjectDock service and startup features enabled to see if I can get it back. OK?

11
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 12, 2006, 11:35:12 PM »
Will do.

By the way, I do not see a file with the name ntmsdba.exe but I do have a .dll with the same name.

12
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 12, 2006, 11:00:20 PM »
It's no problem. Here is the resulting text file.

Volume in drive C has no label.
 Volume Serial Number is 145D-F32C

 Directory of C:\Program Files\Microsoft.NET

08/19/2005  08:49 PM    <DIR>          .
08/19/2005  08:49 PM    <DIR>          ..
08/19/2005  09:23 PM    <DIR>          Primary Interop Assemblies
               0 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft.NET\Primary Interop Assemblies

08/19/2005  09:23 PM    <DIR>          .
08/19/2005  09:23 PM    <DIR>          ..
03/19/2003  05:49 AM           110,592 adodb.dll
03/19/2003  05:53 AM         8,007,680 Microsoft.mshtml.dll
03/19/2003  05:50 AM            13,312 Microsoft.stdformat.dll
03/19/2003  05:50 AM             4,096 msdatasrc.dll
03/19/2003  05:50 AM            40,960 msddslmp.dll
03/19/2003  05:50 AM           143,360 msddsp.dll
03/19/2003  05:51 AM            16,384 stdole.dll
               7 File(s)      8,336,384 bytes

     Total Files Listed:
               7 File(s)      8,336,384 bytes
               5 Dir(s)  39,414,722,560 bytes free

13
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 12, 2006, 10:41:48 PM »
It's Done. Look up. ^^^^^^^

14
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 12, 2006, 10:33:43 PM »
Did you misinterpret me when I said Nothing Found? I meant that the online scan said both of those files were clear. I did not mean that the files could not be found.

I'll do what you said anyway, just checking.

OK, here are the results of find.bat

 Volume in drive C has no label.
 Volume Serial Number is 145D-F32C

 Directory of C:\Program Files\Microsoft.NET

15
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 12, 2006, 10:03:36 PM »
Hi questolo,

I found and removed the first three files/folders you told me to.
I also found the Microsoft.NET folder but its creation date was August 15, 2005. So I did not move it to the recycle bin.
The Oracle folder did have a creation date of 2006-07-06 so I deleted that one.

The online virus scan I did on the three files produced the following results:

1) jxea7b22.sys >> nothing found
2) internaldb41.dat >> This file brought up another page which said "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"
3) BattyRun.dll >> nothing found

Thanks for your help.

16
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 12, 2006, 09:30:55 PM »
I ran the OIUninstaller. It rebooted at the end saying that some files would be deleted on during reboot.

Once the computer rebooted, I still encountered the disappearing taskbar error. (It disappeared after about 5 seconds)

Then, I ran ComboFix again. Here is the log file it created.

Start Time= Wed 07/12/2006 22:19:29.39
Running from: C:\Documents and Settings\Owner\Desktop
 
QuickScan did not find any signs of infected files

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-12     22:14:08         2223          ( A.... )   "C:\Documents and Settings\Owner\Application Data\.googlewebacchosts"
2006-07-10     22:59:16                       ( .D... )   "C:\Program Files\Common Files\Java"
2006-07-10     12:46:02                       ( .D... )   "C:\Program Files\CleanUp!"
2006-07-10     11:54:58                       ( .D... )   "C:\Program Files\SymNetDrv"
2006-07-09     18:15:36        76800       ( A.... )   "C:\WINDOWS\system32\VundoFix.exe"
2006-07-06     23:58:22                       ( .D... )   "C:\Program Files\??crosoft.NET"
2006-07-06     23:58:22                       ( .D... )   "C:\Documents and Settings\Owner\Application Data\?racle"
2006-07-06     23:47:22         1063       ( A.... )   "C:\WINDOWS\system32\jxea7b22.sys"
2006-07-06     23:47:22         1063       ( A.... )   "C:\WINDOWS\system32\jxea7b22.sys"
2006-07-06     23:41:12                       ( .D... )   "C:\Program Files\ewido anti-spyware 4.0"
2006-07-06     21:07:00            0          ( A.... )   "C:\Documents and Settings\Owner\Application Data\internaldb41.dat"
2006-07-06     21:06:30                       ( .D... )   "C:\Program Files\PSHope"
2006-07-06     21:06:10         8464       ( A.... )   "C:\WINDOWS\system32\sporder.dll"
2006-07-01     22:17:04                       ( .D... )   "C:\Program Files\QuickTime"
2006-07-01     16:25:34                       ( .D... )   "C:\Program Files\MSBuild"
2006-06-29     10:07:36        61440       ( A.... )   "C:\WINDOWS\system32\BattyRun.dll"
2006-06-07     18:42:54                       ( .D... )   "C:\Program Files\Need2Find"
2006-06-07     11:15:24                       ( .D... )   "C:\Program Files\Common Files\xing shared"
2006-06-07     11:15:12       176167       ( A.... )   "C:\WINDOWS\system32\rmoc3260.dll"
2006-06-07     11:15:00         6656       ( A.... )   "C:\WINDOWS\system32\pndx5016.dll"
2006-06-07     11:15:00         5632       ( A.... )   "C:\WINDOWS\system32\pndx5032.dll"
2006-06-07     11:14:54       278528       ( A.... )   "C:\WINDOWS\system32\pncrt.dll"
2006-06-02     13:39:46       402736       ( ..... )   "C:\WINDOWS\system32\WgaLogon.dll"
2006-05-28     22:30:54                       ( .D... )   "C:\Program Files\WinRAR"
2006-05-20     22:12:18                       ( .D... )   "C:\Program Files\Derivator 2.4"
2006-05-03     02:56:58       127078       ( A.... )   "C:\WINDOWS\system32\javaws.exe"
2006-05-03     01:19:40        53346       ( A.... )   "C:\WINDOWS\system32\javaw.exe"
2006-05-03     01:19:30        49248       ( A.... )   "C:\WINDOWS\system32\java.exe"
2006-04-28     01:51:38        29968       ( A.... )   "C:\WINDOWS\system32\mdimon.dll"
2006-04-25     20:41:04      1190152       ( A.... )   "C:\WINDOWS\system32\FM20.DLL"
2006-04-25     20:41:04        32528       ( A.... )   "C:\WINDOWS\system32\FM20ENU.DLL"


((((((((((((((((((((((((((((((((((((((   Files Created - Last 30days   )))))))))))))))))))))))))))))))))))))))))))


2006-07-11   21:52   527,224,832      C:\hiberfil.sys
2006-07-10   23:01   53,346      C:\WINDOWS\system32\javaw.exe
2006-07-10   23:01   49,248      C:\WINDOWS\system32\java.exe
2006-07-10   23:01   127,078      C:\WINDOWS\system32\javaws.exe
2006-07-09   18:15   76,800      C:\WINDOWS\system32\VundoFix.exe
2006-07-06   21:06   8,464      C:\WINDOWS\system32\sporder.dll
2006-07-06   21:06   1,063      C:\WINDOWS\system32\jxea7b22.sys
2006-07-01   16:29   29,968      C:\WINDOWS\system32\mdimon.dll
2006-06-30   20:24   163,840      C:\WINDOWS\system32\igfxres.dll
2006-06-29   10:07   61,440      C:\WINDOWS\system32\BattyRun.dll
2006-06-02   13:39   402,736      C:\WINDOWS\system32\WgaLogon.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,30,01,00,00,00,00,00,00,4d,03,00,00,44,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,\
  00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
 
 

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Wed 07/12/2006 22:25:59.12
ComboFix ver 06.07.08 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-12.221929.txt

17
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 11, 2006, 09:38:45 PM »
I downloaded the two apps. Here are the log files created.

================
ComboFix
================

Start Time= Tue 07/11/2006 22:21:54.23
Running from: C:\Documents and Settings\Owner\Desktop
 
QuickScan did not find any signs of infected files

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-11     22:20:00         2182          ( A.... )   "C:\Documents and Settings\Owner\Application Data\.googlewebacchosts"
2006-07-10     22:59:16                       ( .D... )   "C:\Program Files\Common Files\Java"
2006-07-10     12:46:02                       ( .D... )   "C:\Program Files\CleanUp!"
2006-07-10     11:54:58                       ( .D... )   "C:\Program Files\SymNetDrv"
2006-07-09     18:15:36        76800       ( A.... )   "C:\WINDOWS\system32\VundoFix.exe"
2006-07-06     23:58:22                       ( .D... )   "C:\Program Files\Common Files\??stem"
2006-07-06     23:58:22                       ( .D... )   "C:\Program Files\??crosoft.NET"
2006-07-06     23:58:22                       ( .D... )   "C:\Documents and Settings\Owner\Application Data\?racle"
2006-07-06     23:47:22         1063       ( A.... )   "C:\WINDOWS\system32\jxea7b22.sys"
2006-07-06     23:47:22         1063       ( A.... )   "C:\WINDOWS\system32\jxea7b22.sys"
2006-07-06     23:41:12                       ( .D... )   "C:\Program Files\ewido anti-spyware 4.0"
2006-07-06     22:24:52            2       ( A.... )   "C:\WINDOWS\system32\wnsintit.exe"
2006-07-06     21:07:00            0          ( A.... )   "C:\Documents and Settings\Owner\Application Data\internaldb41.dat"
2006-07-06     21:06:30                       ( .D... )   "C:\Program Files\PSHope"
2006-07-06     21:06:10         8464       ( A.... )   "C:\WINDOWS\system32\sporder.dll"
2006-07-01     22:17:04                       ( .D... )   "C:\Program Files\QuickTime"
2006-07-01     16:25:34                       ( .D... )   "C:\Program Files\MSBuild"
2006-06-29     10:07:36        61440       ( A.... )   "C:\WINDOWS\system32\BattyRun.dll"
2006-06-07     18:42:54                       ( .D... )   "C:\Program Files\Need2Find"
2006-06-07     11:15:24                       ( .D... )   "C:\Program Files\Common Files\xing shared"
2006-06-07     11:15:12       176167       ( A.... )   "C:\WINDOWS\system32\rmoc3260.dll"
2006-06-07     11:15:00         6656       ( A.... )   "C:\WINDOWS\system32\pndx5016.dll"
2006-06-07     11:15:00         5632       ( A.... )   "C:\WINDOWS\system32\pndx5032.dll"
2006-06-07     11:14:54       278528       ( A.... )   "C:\WINDOWS\system32\pncrt.dll"
2006-06-02     13:39:46       402736       ( ..... )   "C:\WINDOWS\system32\WgaLogon.dll"
2006-05-28     22:30:54                       ( .D... )   "C:\Program Files\WinRAR"
2006-05-20     22:12:18                       ( .D... )   "C:\Program Files\Derivator 2.4"
2006-05-11     17:07:22                       ( .D... )   "C:\Program Files\gdShutdown"
2006-05-03     02:56:58       127078       ( A.... )   "C:\WINDOWS\system32\javaws.exe"
2006-05-03     01:19:40        53346       ( A.... )   "C:\WINDOWS\system32\javaw.exe"
2006-05-03     01:19:30        49248       ( A.... )   "C:\WINDOWS\system32\java.exe"
2006-04-28     01:51:38        29968       ( A.... )   "C:\WINDOWS\system32\mdimon.dll"
2006-04-25     20:41:04      1190152       ( A.... )   "C:\WINDOWS\system32\FM20.DLL"
2006-04-25     20:41:04        32528       ( A.... )   "C:\WINDOWS\system32\FM20ENU.DLL"


((((((((((((((((((((((((((((((((((((((   Files Created - Last 30days   )))))))))))))))))))))))))))))))))))))))))))


2006-07-11   21:52   527,224,832      C:\hiberfil.sys
2006-07-10   23:01   53,346      C:\WINDOWS\system32\javaw.exe
2006-07-10   23:01   49,248      C:\WINDOWS\system32\java.exe
2006-07-10   23:01   127,078      C:\WINDOWS\system32\javaws.exe
2006-07-09   18:15   76,800      C:\WINDOWS\system32\VundoFix.exe
2006-07-06   22:01   2      C:\WINDOWS\system32\wnsintit.exe
2006-07-06   21:06   8,464      C:\WINDOWS\system32\sporder.dll
2006-07-06   21:06   1,063      C:\WINDOWS\system32\jxea7b22.sys
2006-07-01   16:29   29,968      C:\WINDOWS\system32\mdimon.dll
2006-06-30   20:24   163,840      C:\WINDOWS\system32\igfxres.dll
2006-06-29   10:07   61,440      C:\WINDOWS\system32\BattyRun.dll
2006-06-02   13:39   402,736      C:\WINDOWS\system32\WgaLogon.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,30,01,00,00,00,00,00,00,4d,03,00,00,44,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,\
  00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
 
 

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Tue 07/11/2006 22:28:24.67
ComboFix ver 06.07.08 - This logfile is located at C:\ComboFix.txt

================
F-Secure Blacklight
================

07/11/06 22:32:06 [Info]: BlackLight Engine 1.0.42 initialized
07/11/06 22:32:06 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/11/06 22:32:06 [Note]: 7019 4
07/11/06 22:32:06 [Note]: 7005 0
07/11/06 22:32:12 [Note]: 7006 0
07/11/06 22:32:12 [Note]: 7011 1808
07/11/06 22:32:12 [Note]: 7026 0
07/11/06 22:32:12 [Note]: 7026 0
07/11/06 22:32:26 [Note]: FSRAW library version 1.7.1019
07/11/06 22:38:05 [Note]: 7007 0

18
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 11, 2006, 09:19:53 PM »
Please post a new link to the second file. Your link is outdated apparently.

Thanks

I'll run the first app and get back to you in a few minutes.

19
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 11, 2006, 09:05:10 PM »
After the reboot to safe mode, I DID NOT find either of the two files you specified.
When I ran SmitfraudFix, I did not get any messages about wininet.dll.
Around this time, Disk Cleanup started. I let it run.
SmitfraudFix did not prompt me to restart the system, but I did anyway since that was the next instruction.
There were no checkboxes checked on the web tab of Display Settings.

My system is running identical to last time I explained. No taskbar. Slow Startup. Other than that, it seems OK.

Here are the two log files you wanted.

===================================

SmitFraudFix v2.69

Scan done at 21:47:01.28, Tue 07/11/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

===================================
HJT log file
===================================

Logfile of HijackThis v1.99.1
Scan saved at 10:04:16 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 11\MiniMavis.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Mavis Beacon Teaches Typing 11.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 11\MiniMavis.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks for all your help.

Oh yeah, one more thing, the background of my desktop changed back to the original default blue color.

20
Tech Clinic / Command Service (and Other Spyware) Removal - Help Required
« on: July 11, 2006, 07:13:44 AM »
Hi,

I found none of the three files you specified. I think that's good. Below are the SmitfraudFix and Registry Search log files.


SmitFraudFix v2.69

Scan done at  8:08:21.62, Tue 07/11/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Common Files\\ryle.html"
"SubscribedURL"=""
"FriendlyName"=""
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\ComPlus Applications\\pojyxi.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


=================================================

Here are the results from the registry searching download.

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "145DF32C-0A6A-1033-0818-041025200001" 7/11/2006 8:03:16 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-3960438994-4057883899-726034567-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"b"="C:\\Program Files\\Common Files\\{145DF32C-0A6A-1033-0818-041025200001}\\Update.exe"

[HKEY_USERS\S-1-5-21-3960438994-4057883899-726034567-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Common Files\\{145DF32C-0A6A-1033-0818-041025200001}\\Update.exe"="Update"

[HKEY_USERS\S-1-5-21-3960438994-4057883899-726034567-1003\Software\Classes\CLSID\{145DF32C-0A6A-1033-0818-041025200001}]

[HKEY_USERS\S-1-5-21-3960438994-4057883899-726034567-1003_Classes\CLSID\{145DF32C-0A6A-1033-0818-041025200001}]

 =================================================

Pages: [1] 2