« previous next »
Pages: 1 [2] 3

Author Topic: CWS.hiddendll  (Read 10268 times)

Guest

  • Guest
CWS.hiddendll
« Reply #20 on: December 01, 2004, 02:59:43 AM »
1. Not aware I've got Winzip - where would it be if i had?
2. When trying to download the riched 32.dll file get the message -' YOur current security settings do not allow file to be downloaded'. I tried the right click option also and put t in address bar - when I clicked return (is this what you mean by go?)got same error.
3. SElected hard drive c after following your instructions with the hidden files - went onto Jotti here is first report on the  ipcfg.exe

Service load:  0%        100%  
 
File:  ipcfg.exe  
Status:  INFECTED/MALWARE  
Packers detected:  FSG
   
AntiVir  TR/Click.Small.br.2 (0.41 seconds taken)
Avast  No viruses found (1.74 seconds taken)
BitDefender  Trojan.Clicker.Small.BR (0.91 seconds taken)
ClamAV  Trojan.Clicker.Small-23 (1.36 seconds taken)
Dr.Web  Trojan.Promospy (0.56 seconds taken)
F-Prot Antivirus  No viruses found (0.09 seconds taken)
Kaspersky Anti-Virus  Trojan-Clicker.Win32.Small.br (1.01 seconds taken)
mks_vir  No viruses found (0.18 seconds taken)
NOD32  No viruses found (0.38 seconds taken)
Norman Virus Control  No viruses found (1.18 seconds taken)
   
Statistics  
Last piece of malware found was Win32:SpyBot-GEN in eee.exe, detected by:

Scanner  Malware name  Time taken  
AntiVir  X  0.14 seconds  
Avast  Win32:SpyBot-GEN  1.51 seconds  
BitDefender  BehavesLike:Win32.ExplorerHijack  0.33 seconds  
ClamAV  Trojan.Spybot.gen-2  0.33 seconds  
Dr.Web  Trojan.MulDrop.590  0.49 seconds  
F-Prot Antivirus  X  0.06 seconds  
Kaspersky Anti-Virus  TrojanDropper.Win32.Small.by  0.58 seconds  
mks_vir  X  0.26 seconds  
NOD32  Win32/TrojanDropper.Small.BY  0.37 seconds  
Norman Virus Control  Sandbox: W32/Malware  1.53 seconds  


 
Service statistics:

13135 files (9300 of those unique) have been uploaded & scanned since 05/11/2004, the day of the last database purge.
2707 of those 9300 files contained a virus or any other form of malware.
This page has been visited 30067 times in this time period.
This service managed to spot 162 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 1238 suspicious files without any help from scanner results.
However, 129 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 98.61% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.  
Most popular malware:

Rank  Malware name  Uploaded  Last known filename  
1  behaveslike:trojan.downloader  212 times  satmat.cab  
2  backdoor.sdbot.gen  194 times  sys.exe  
3  tr/drop.delf.fd.1  104 times  Keygen.exe  
4  backdoor.agobot.3.gen  94 times  servicelog.exe  
5  tr/spam.avafx  76 times  vbsys2.dll  
6  win32:trojan-gen. {other}  47 times  3_636.rar  
7  backdoor.win32.agobot.gen  45 times  fiz.exe  
8  tr/dldr.inservice.i  43 times  Norton_Internet_Security_2005_Trial_to_Full_by_CDS_Group.zip  
9  backdoor.rbot.gen  37 times  newboter.exe  
10  win32.p2p.spybot.gen  35 times  dl.exe.zip  
11  tr/dldr.small.uv.3  34 times  s1p1y.exe  
12  win32:trojan-gen.  34 times  Mp3s.exe  
13  behaveslike:win32.av-killer  30 times  winshost.exe  
14  backdoor.agent.ec  27 times  bmemjgbt.exe  
15  backdoor.wootbot.gen  25 times  Kopie van 1.exe.exe  

 
4. here's second file - scands32.exe

Service load:  0%        100%  
 
File:  scands32.exe  
Status:  INFECTED/MALWARE  
Packers detected:  FSG
   
AntiVir  TR/Click.Small.br.1 (0.15 seconds taken)
Avast  No viruses found (1.51 seconds taken)
BitDefender  Trojan.Clicker.Small.BR (0.34 seconds taken)
ClamAV  No viruses found (0.33 seconds taken)
Dr.Web  Trojan.Click.160 (0.50 seconds taken)
F-Prot Antivirus  No viruses found (0.06 seconds taken)
Kaspersky Anti-Virus  Trojan-Clicker.Win32.Small.br (0.59 seconds taken)
mks_vir  No viruses found (0.20 seconds taken)
NOD32  No viruses found (0.39 seconds taken)
Norman Virus Control  No viruses found (0.54 seconds taken)
   
Statistics  
Last piece of malware found was Win32.IRC.Bot.based in E94C-EBD0.dll, detected by:

Scanner  Malware name  Time taken  
AntiVir  X  0.14 seconds  
Avast  Win32:SpyBot-GEN  1.51 seconds  
BitDefender  Win32.P2P.SpyBot.Gen  0.35 seconds  
ClamAV  X  0.33 seconds  
Dr.Web  Win32.IRC.Bot.based  0.53 seconds  
F-Prot Antivirus  X  0.06 seconds  
Kaspersky Anti-Virus  X  0.60 seconds  
mks_vir  X  0.42 seconds  
NOD32  X  0.37 seconds  
Norman Virus Control  X  0.12 seconds  


 
Service statistics:

13142 files (9306 of those unique) have been uploaded & scanned since 05/11/2004, the day of the last database purge.
2711 of those 9306 files contained a virus or any other form of malware.
This page has been visited 30073 times in this time period.
This service managed to spot 162 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 1238 suspicious files without any help from scanner results.
However, 129 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 98.61% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.  
Most popular malware:

Rank  Malware name  Uploaded  Last known filename  
1  behaveslike:trojan.downloader  212 times  satmat.cab  
2  backdoor.sdbot.gen  194 times  sys.exe  
3  tr/drop.delf.fd.1  104 times  Keygen.exe  
4  backdoor.agobot.3.gen  94 times  servicelog.exe  
5  tr/spam.avafx  76 times  vbsys2.dll  
6  win32:trojan-gen. {other}  47 times  3_636.rar  
7  backdoor.win32.agobot.gen  45 times  fiz.exe  
8  tr/dldr.inservice.i  43 times  Norton_Internet_Security_2005_Trial_to_Full_by_CDS_Group.zip  
9  backdoor.rbot.gen  37 times  newboter.exe  
10  win32.p2p.spybot.gen  35 times  dl.exe.zip  
11  tr/dldr.small.uv.3  34 times  s1p1y.exe  
12  win32:trojan-gen.  34 times  Mp3s.exe  
13  behaveslike:win32.av-killer  30 times  winshost.exe  
14  backdoor.agent.ec  27 times  bmemjgbt.exe  
15  backdoor.wootbot.gen  25 times  Kopie van 1.exe.exe  
 



5. And here'e 3rd - GrabCookie.exe

Service load:  0%        100%  
 
File:  GrabCookie.exe  
Status:  OK  
Packers detected:  None
   
AntiVir  No viruses found (0.16 seconds taken)
Avast  No viruses found (1.51 seconds taken)
BitDefender  No viruses found (0.37 seconds taken)
ClamAV  No viruses found (0.37 seconds taken)
Dr.Web  No viruses found (0.53 seconds taken)
F-Prot Antivirus  No viruses found (0.07 seconds taken)
Kaspersky Anti-Virus  No viruses found (0.59 seconds taken)
mks_vir  No viruses found (0.22 seconds taken)
NOD32  No viruses found (0.42 seconds taken)
Norman Virus Control  No viruses found (2.16 seconds taken)
   
Statistics  
Last piece of malware found was Trojan-Clicker.Win32.Small.br in scands32.exe, detected by:

Scanner  Malware name  Time taken  
AntiVir  TR/Click.Small.br.1  0.15 seconds  
Avast  X  1.51 seconds  
BitDefender  Trojan.Clicker.Small.BR  0.34 seconds  
ClamAV  X  0.33 seconds  
Dr.Web  Trojan.Click.160  0.50 seconds  
F-Prot Antivirus  X  0.06 seconds  
Kaspersky Anti-Virus  Trojan-Clicker.Win32.Small.br  0.59 seconds  
mks_vir  X  0.20 seconds  
NOD32  X  0.39 seconds  
Norman Virus Control  X  0.54 seconds  


 
Service statistics:

13147 files (9309 of those unique) have been uploaded & scanned since 05/11/2004, the day of the last database purge.
2712 of those 9309 files contained a virus or any other form of malware.
This page has been visited 30074 times in this time period.
This service managed to spot 162 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 1240 suspicious files without any help from scanner results.
However, 129 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 98.61% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.  
Most popular malware:

Rank  Malware name  Uploaded  Last known filename  
1  behaveslike:trojan.downloader  212 times  satmat.cab  
2  backdoor.sdbot.gen  194 times  sys.exe  
3  tr/drop.delf.fd.1  104 times  Keygen.exe  
4  backdoor.agobot.3.gen  94 times  servicelog.exe  
5  tr/spam.avafx  76 times  vbsys2.dll  
6  win32:trojan-gen. {other}  47 times  3_636.rar  
7  backdoor.win32.agobot.gen  45 times  fiz.exe  
8  tr/dldr.inservice.i  43 times  Norton_Internet_Security_2005_Trial_to_Full_by_CDS_Group.zip  
9  backdoor.rbot.gen  37 times  newboter.exe  
10  win32.p2p.spybot.gen  35 times  dl.exe.zip  
11  tr/dldr.small.uv.3  34 times  s1p1y.exe  
12  win32:trojan-gen.  34 times  Mp3s.exe  
13  behaveslike:win32.av-killer  30 times  winshost.exe  
14  backdoor.agent.ec  27 times  bmemjgbt.exe  
15  backdoor.wootbot.gen  25 times  Kopie van 1.exe.exe
Logged

Offline deduemjo

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
CWS.hiddendll
« Reply #21 on: December 01, 2004, 03:36:37 AM »
1. Followed the manual hijack this instructions - seemed to work and rebooted
2. Still can't run adaware - presumably cos of the riched files?
3. In Add/Remove Programs there is a 'Pop Up Stopper free edition' - is this what I need to get rid of?
4. Is it OK to leave the hidden files changes we made?
5 Here's latest hijack this log

Logfile of HijackThis v1.98.2
Scan saved at 08:43:08, on 01/12/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\IPCFG.EXE
C:\WINDOWS\SCANDS32.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\WINDOWS\TWAIN_32\1200 UB\WATCH.EXE
C:\PROGRAM FILES\CREATACARD\GOLD\FMREMIND.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBDASH.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/gearbox
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Internet Registration] c:\program files\internet explorer\connection wizard\netcheck.exe
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\IPCFG.EXE] C:\WINDOWS\IPCFG.EXE
O4 - HKLM\..\Run: [C:\WINDOWS\SCANDS32.EXE] C:\WINDOWS\SCANDS32.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200 UB\WATCH.exe
O4 - Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O15 - Trusted Zone: http://www.ravantivirus.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200110...meInstaller.exe
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Logged

Offline deduemjo

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
CWS.hiddendll
« Reply #22 on: December 01, 2004, 03:53:07 AM »
1. Spybot S&D 1.3 last detection update 2004-08-20 is what I have
2. SDHelper.dll is there
3. When you said fix everything in red - do you mean run Spybot?
4. In the Hijack THis configuration etc - when I try to Open hosts file manager it says ' cannot find the hosts file. Do you want to create a new default hosts file yes or no' - i chose no for now.
5. The control.exe file appears to be there
6. When I try to download the notepad link I get the same error regarding security settins I got earlier when trying to donload the riched 32 file.

Thanks for staying with this.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
CWS.hiddendll
« Reply #23 on: December 01, 2004, 10:03:08 AM »
Hi again, just on my way out
No problem me staying with this  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
In the meantime,

Restart into safe mode
Open Hijackthis>>Config>>Misc Tools<<Open Process Manager
Kill these processes if still running
C:\WINDOWS\IPCFG.EXE
C:\WINDOWS\SCANDS32.EXE

Stay in safe mode
Find and delete these files or folders
C:\WINDOWS\IPCFG.EXE <--file
C:\WINDOWS\SCANDS32.EXE <--file

C:\Program Files\SpyKiller
C:\PROGRAM FILES\SPYWARE ASSASSIN 4.0

In safe mode
Do another scan with Hijackthis and fix this entry

O4 - HKLM\..\Run: [C:\WINDOWS\IPCFG.EXE] C:\WINDOWS\IPCFG.EXE
O4 - HKLM\..\Run: [C:\WINDOWS\SCANDS32.EXE] C:\WINDOWS\SCANDS32.EXE

O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

Fix Checked with all other windows closed

Restart back into Normal mode

If you wouldn't mind can you try to download this different browser
Mozilla Firefox---It's a great little browser, consider it  a backup browser
and it's way more secure than IE
http://www.mozilla.org/    free download
After installation use it to download those 2 files
Riched32.dll and notepad.exe


I'll check back later to see how you made out
Do the above and post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
CWS.hiddendll
« Reply #24 on: December 01, 2004, 01:07:19 PM »
Feels like we're making progress now!

1. THe processes you referred to were not running in Process manager in Hijack THis
2. Found and deleted (to the recycle bin?) the .exe files you mention BUT there were also (next to the .exe) ipcfg.V10 and ipcfg.V11 and one called ipcfg files (properties of this one say virus infected file) - same for the scands32 files. Do I need to delete these also.?
3. Also deleted the Spykiller file but there wasn't one for Spyware Assassin?
4. The HIjack this and fix in safe mode seemed to work.
5. downloaded Mozilla and downloaded notepad and riched32.dll into the places you suggested.

Here is Hijack This log

Logfile of HijackThis v1.98.2
Scan saved at 18:07:19, on 01/12/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\WINDOWS\TWAIN_32\1200 UB\WATCH.EXE
C:\PROGRAM FILES\CREATACARD\GOLD\FMREMIND.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBDASH.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/gearbox
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Internet Registration] c:\program files\internet explorer\connection wizard\netcheck.exe
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200 UB\WATCH.exe
O4 - Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O15 - Trusted Zone: http://www.ravantivirus.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200110...meInstaller.exe
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Presumably Adaware may run now - but I'll await further instruction.

Regards
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
CWS.hiddendll
« Reply #25 on: December 01, 2004, 07:42:47 PM »
Your doing good, we should get some protection on your machine now, later we will clear all your system Restore points, ensure you don't restore any nasties and start with a fresh restore point
We'll do this later, let's get some protection first

One more tool for cleanup
This will clean your temp folders and cookies amongst other things
Yours for free and hold onto
It's a good idea to clean these out every couple of weeks
Windows CleanUp!

After you install it--Open the program---Click on the Cleanup button
It will scan for files
When it's done it will notify you that a few files have to be deleted on System Restart
Restart your computer

When back in Windows
Open Ad-Aware if you got it installed and running
Check for updates---Download the updates

I suggest that you do a full system scan the first time if you get it running
Here are some good setup options
===============================================
Set these additional options if not checked already
Open Ad-aware---Click the GEAR at the top
# Click on the General button on the left hand side.

   1. Make sure the following items under the Safety category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.

         1. Automatically save logfile
         2. Automatically quarantine objects prior to removal
         3. Safe Mode (always request confirmation)

# Next click on the Advanced button on the left hand side.

   1. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.

         1. Include additional object information
         2. Include negligible objects information
         3. Include environment information
         4. Include Alternate data stream details in log file

# Next click on the Tweak button on the left hand side.

   1. Then click on the + (plus) sign next to the Log Files section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.

         1. Include basic Ad-Aware settings in logfile
         2. Include additional Ad-Aware settings in logfile

   2. Then click on the + (plus) sign next to the Scanning Engine section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.

         1. Unload recognized processes & modules during scan
         2. Scan registry for all users instead of current user only

   3.
      Then click on the + (plus) sign next to the Cleaning Engine section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.

         1. Always try to unload modules before deletion
         2. During removal, unload Explorer and IE if necessary
         3. Let Windows remove files in use at next reboot

Once these settings have been completed, you should click on the Proceed button

Make sure you change the scan mode to Perform full system scan. Then uncheck the Search for negligible risk entries.

Step 5: Start the Actual Scan--you should close out all browser windows before you start scanning

Now click on the Next button to have Ad-Aware SE start scanning your system. Ad-Aware SE will start scanning your system for Spyware and Hijackers

When it's finished scanning
At this point you should either right click on the screen and choose the "Select All Objects" option or individually put a checkmark in each objects checkbox
click on the "Next" button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. If you would like to do so, press the "OK" button
RESTART your computer to finish the cleaning process

========================================

Once back in Windows

I don't see any Anti-Virus software running on your computer
If I'm not mistaken you said you had to run it manually
This is not a good idea, you should have one constantly monitoring your email
ensure you scan anything that you download also
If your subscription has run out it will not do you much good if you can't update it
I have a link to a free AV that does a very good job
But you should  uninstall Nortons  before you install this one
Not necessary if you don't have Norton's running, but you don't really need 2 AV's on your computer

Another program that is yours for free
Doesn't run in the background----Just run it once and check for updates every couple of weeks

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

If you found some files to be bad with the online virus scans, go ahead and delete them

You can allow the Hosts file to be created
Post back a fresh hijackthis log
Could you also try running about:buster one more time and post the log
If you can't find the log, just copy and paste the scan from About:busters main screen back here

I think we almost have you running clean again
Let me know if Norton's is right up to date
I suggest installing the free one I havea link if you need it and want to uninstall Norton's
Let me know
I'll go back over our replies after you post back a new log and see if we can finalize
this thing
 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Let me know how everything's running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
CWS.hiddendll
« Reply #26 on: December 02, 2004, 03:39:36 AM »
Hi,

1. AdAware seemed to work (found 16 objects)
2. Have downloaded spyblaster (most of the things I have downloaded - apart form the  riched and notepad files - are on the desktop - is this where they should be?)
3. I think I updated the Norton Antivirus software when I first encountered these problems. AS far as I know it has to be run manually and doesn't run in the background (I've never had a prompt from it if it does). I'd be happy to go with what you suggest for AV software.
4. When you say delete the bad files I found with the AV checks do you mean the extra ipcfg and scans32 files I referred to? Or others?

5. When I try to run AboutBuster from the shortcut I had on the desktop it sya it has changed or moved so shortcut doesn't work. Then says nearest match is c:\\windows\Tempor...\8VE3UYCK - do I want to point to this?

Here's Hijack This log

Logfile of HijackThis v1.98.2
Scan saved at 08:39:48, on 02/12/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\WINDOWS\TWAIN_32\1200 UB\WATCH.EXE
C:\PROGRAM FILES\CREATACARD\GOLD\FMREMIND.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBDASH.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/gearbox
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Internet Registration] c:\program files\internet explorer\connection wizard\netcheck.exe
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200 UB\WATCH.exe
O4 - Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O15 - Trusted Zone: http://www.ravantivirus.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200110...meInstaller.exe
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab


Regards
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
CWS.hiddendll
« Reply #27 on: December 02, 2004, 11:10:54 PM »
Let's do a Recap

Some of those desktop Icons are shorcuts or the programs themselves
Here's what I do
Right click an empty spot on the desktop
Select NEW>>>FOLDER
Name the new folder something like Spyware

Drag some of those shortcut Icons into that new folder

Here's what you should remember

About:buster---you can just delete it---How did you get it to run if you didn't UNZIP(Extract) it?

Hold onto the backups that Hijackthis made until your happy with the way everything is running

STARTDRECK---You can delete the program

DLLCOMPARE--You can delete

LOP uninstaller--You can delete

missingfilesetup.exe--You can delete if you still have it on your desktop

Windows Cleanup---Hold onto it and use it to clean your temp folders and such every couple of weeks

Ad-Aware---Hold onto and check for updates every couple of weeks and run a Smart System Scan

SpywareBlaster--Hold onto it and check for updates every couple of weeks and Enable All protection

TrojanHunter---The trial version is good for 30 days from the day you installed it
When the trial version is over simply shut down TrojanGuard by the system Clock and use Add/Remove programs and Uninstall it

Let me know if I forgot about anything

What concerns me is that you say you have Norton's but I don't see it running, it may not be installed properly or it's not set to run on system startup

Let's do this
To ensure that no Nasties are restored in the event you use System Restorewe should Disable System Restore---RESTART your computer---Enable System Restore
The link will explain how to do this
http://vil.nai.com/vil/SystemHelpDocs/Disa...eSysRestore.htm

After you restarted and enable system restore
When was the last time you Did a Disk Defragmentation

Here's what I suggest
Right click an empty spot on the desktop----Under the screen savers tab
Set the Screen Saver to NONE in the drop down menu
Under the Power Settings options---Put to Always ON under Power shemes

Restart your computer into Safe mode

Go to START>>>programs>>>accessories>>System Tools

Do a Scandisk for Errors--Set to Automatically fix
Next back in this location
START>>>programs>>>accessories>>System Tools
Select Disk Defragmenter
Let it Defrag your hard drive
If you haven't done this in awhile it may take a little time to complete

Restart back into Normal Mode

I would suggest that you install the Free version of this Anti-Virus, makes me nervous that I don't see one running on your machine
AVG free by Grisoft
After installation ensure it Checks for Updates and do A Full System Scan
This is free for personal use and free to update for the lifetime of the product
You should check for updates with it a couple times a week
Do a scan once a month

Post back one more fresh hijackthis log and let me know how everything is running
If you have any questions don't hesitate to ask
I would hold onto Mozilla Firefox, it's a great browser
If you need a Hand installing the flash and shockwave plugins for it let me know
It doesn't use the same installers as IE

I hope I haven't forgot anything
I don't care if we make this the longest thread ever  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

I'm still wondering if you have an UNZIPPING utility
If not we should get you a free one
Zipped files are compressed files, when downloaded you need an unzipping utility to extract it's contents
Go into your add/remove programs and see if you have an entry for Winzip
or some other zip program
If you do see it, that should mean you have an unzipping utility installed
If not, you should download and Install

IZArc

Talk to you later  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
CWS.hiddendll
« Reply #28 on: December 03, 2004, 11:59:51 AM »
The computer has nearly ground to a halt - every click is taking ages!!!!
Please help.
When on internet (worked fine yesterday) got a message ' Gbdash has caused an error in KERNEL32.DLL. Gbdash will now close'
Seems to slow down within a minute or so of booting up.
Don't think i can try the latest stuff you suggested with it going this slow.
PLease advise
Logged

Guest

  • Guest
CWS.hiddendll
« Reply #29 on: December 03, 2004, 12:10:52 PM »
Seems it's only when the internet is being used that a go slow happens. I get a couple of minutes at'normal speed' and then everything begins to slow up
Logged

Guest

  • Guest
CWS.hiddendll
« Reply #30 on: December 03, 2004, 01:08:28 PM »
Made me think was it an ISP problem again - so rang them and tyeh'd be doing work in this area today!!!!!! I think problem is fixed (internet a bit slow but nothing like the grind to a halt I descibed earlier) so panic over!! I will now attempt to do the things you suggest.
I have deleted the other ispcg (or whatever it was) and scands32 files that I mentioned . THere are now no files of thiese names at all in the windows folder
Logged

Guest

  • Guest
CWS.hiddendll
« Reply #31 on: December 03, 2004, 05:29:11 PM »
Did the things you suggested - seemed to work although bit concerned i might have misplaced/deleted something on the go slow.
Scan DIsk didn't find any errors
DEfragmenter took an hour or so.
Downloaded the AVG software - took an hour or so also.
How does this work - do I have to run it manually like the NAV every so often.? Should I now remove NAV?
THe AVG found 2 viruses both TRojan Horses - 1 in explorer.exe, the other in nionisgzogg.exe.tcf - it got rid of the second one bi not the first  TRojan Horse Dialler 11.AY cos it said it was an embedded object.??

here is HIjack LOg

Logfile of HijackThis v1.98.2
Scan saved at 22:38:24, on 03/12/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\WINDOWS\TWAIN_32\1200 UB\WATCH.EXE
C:\PROGRAM FILES\CREATACARD\GOLD\FMREMIND.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBDASH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/gearbox
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Internet Registration] c:\program files\internet explorer\connection wizard\netcheck.exe
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200 UB\WATCH.exe
O4 - Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O15 - Trusted Zone: http://www.ravantivirus.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200110...meInstaller.exe
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Regards.


P.S other than the above embedded file problem the computer seems to be running fine
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
CWS.hiddendll
« Reply #32 on: December 03, 2004, 10:21:35 PM »
Concerning the TRojan Horse Dialler 11.AY

Do you know what the file name was in the Explorer folder?

Can you also run this file thru that online malware scan
c:\program files\internet explorer\connection wizard\netcheck.exe <--file

Here's the link to the scan
http://virusscan.jotti.dhs.org/

Post back one more hijackthis log afterwards and the info on that file
We may try to remove it with hijackthis but save the backup
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
CWS.hiddendll
« Reply #33 on: December 04, 2004, 04:20:43 AM »
!. Put the file you suggested through the malware check (this was the file for Supanet which was the ISP which came with the computer which i don't use i think). HEre is result

 Service load:     
0%              100%
File:    netcheck.exe
Status:    
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected:    
None
 
AntiVir    
No viruses found (0.17 seconds taken)
Avast    
No viruses found (1.51 seconds taken)
BitDefender    
No viruses found (0.39 seconds taken)
ClamAV    
No viruses found (0.38 seconds taken)
Dr.Web    
No viruses found (0.54 seconds taken)
F-Prot Antivirus    
No viruses found (0.07 seconds taken)
Kaspersky Anti-Virus    
No viruses found (0.74 seconds taken)
mks_vir    
No viruses found (0.23 seconds taken)
NOD32    
No viruses found (0.43 seconds taken)
Norman Virus Control    
No viruses found (4.03 seconds taken)
 

2. How do I know what the file name was? It just said explorer.exe I think. THis file sits on the c:dri ve and the properties file says it's a cabinet file which opens with internet explorer?

Regards
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
CWS.hiddendll
« Reply #34 on: December 04, 2004, 01:42:41 PM »
Have Hijackthis fix this entry and then restart your computer
Let me know how everythings running after that

O4 - HKLM\..\Run: [Internet Registration] c:\program files\internet explorer\connection wizard\netcheck.exe
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
CWS.hiddendll
« Reply #35 on: December 05, 2004, 03:24:13 AM »
Hi,

1. Fixed the suggested entry with Hijack This

2. whilst browsing this morning using Mozilla - got an AVG report up (must have initiated itself in background?) - looked similar to last time - fixed 6 problems but not the embedded object. File Name appeared to be c:\explorer.cab:\explorer.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
CWS.hiddendll
« Reply #36 on: December 05, 2004, 03:56:15 AM »
Hello again, well we got a name this time

Double click on the AVG icon by the clock and Check for updates
This is just to make sure it's right up to date

Disable System Restore
Restart your computer into safe mode

Do another scan with AVG in Safe mode

Navigate to and delete this file

c:\explorer.cab explorer.exe

The legitimate copy of explorer.exe is in your Windows folder
Just delete the above file for now, send it to ther recycle bin

Restart back into Normal mode
Enable System Restore

Post back one more Hijackthis log
I think we got it all now

You said that AVG fixed 6 problems
Could you open AVG by clicking the icon next to the clock
Click on TEST CENTER
Open Virus Vault
Under the Program button in the menu bar could you export the file list and save it and post it back here
That is, if there are files in your virus vault

I'm just on my way to bed, I guess I'll see the results tomorrow
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
CWS.hiddendll
« Reply #37 on: December 05, 2004, 02:39:23 PM »
1. Did AVG scan in safe mode - found only the infected file referred to earlier explorer.cab - found it and deleted it.

2. When checking for the xplorer file in the windows folder found it - but also found next to it a file called ExeDialler.exe (unknown application - TCF file). THe picture for it looks like a virus with a danger sign over it!!!!!!! Should I delete this?

3. Here's hijackthis log

Logfile of HijackThis v1.98.2
Scan saved at 19:42:58, on 05/12/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\WINDOWS\TWAIN_32\1200 UB\WATCH.EXE
C:\PROGRAM FILES\CREATACARD\GOLD\FMREMIND.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBDASH.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/gearbox
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200 UB\WATCH.exe
O4 - Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O15 - Trusted Zone: http://www.ravantivirus.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200110...meInstaller.exe
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

4. There were no files in the virus vault

Regards
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
CWS.hiddendll
« Reply #38 on: December 05, 2004, 02:49:03 PM »
Remember, don't touch explorer.exe in the C:\Windows folder

It's legitimate
Not sure about this file
ExeDialler.exe

It looks fishy  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />

Why don't you run it through that Online File Virus scan

http://virusscan.jotti.dhs.org/
Post back the results if your not sure what to do with it, but if found bad remove it

I don't think I need to see another Hijackthis log, your log looks good
Let me know how everythings running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
CWS.hiddendll
« Reply #39 on: December 06, 2004, 11:26:19 AM »
1. Ran the file through Jotti - said it was infected/malware but non-destructive - I deleted it anyway.

Things seem to be runing fine.
Thanks for all your help
Logged
Pages: 1 [2] 3
« previous next »