Author Topic: Please help me questolo!!! (Read 1205 times)

joy · « **on:** June 08, 2005, 11:01:51 AM »

Every time I try to change webpage, search in google...and other things, my computer takes a long time to do any assignment and sometimes it doesn't do it at all!!!

My Real Time Protector (F-Prot Antivirus)
says that there could be an unknown virus...in the folder of temporary internet files...but this folder has disappeared

Please help me...

This is my Hijack...

Logfile of HijackThis v1.99.1
Scan saved at 18.01.06, on 08/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmi\FSI\F-Prot\F-StopW.EXE
C:\Programmi\FSI\F-Prot\F-Sched.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {daa873d4-958c-453c-81ca-3fe6f3676a87} - C:\WINDOWS\System32:twaa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmi\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.Email Removed.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 151.99.125.1
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

THANK YOU

guestolo · « **Reply #1 on:** June 08, 2005, 01:58:44 PM »

Can you do the following please

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop, well need this later, don't run it yet

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{daa873d4-958c-453c-81ca-3fe6f3676a87}]

Next:
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup
Give the link time to load or try it twice, it may be busy
Alternate Download link
We'll need this later

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, before Windows loads, or use the link
I supplied for a more detailed explanation

In safe mode
Manually navigate too, delete this file if found
C:\WINDOWS\System32\twaa.dll <-file

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
DECLINE to Log off when scan is done.

Double click on fix.reg and allow to Add or Merge to the registry

Restart your computer back to Normal mode
Back in Windows

Download and Install the free version of Ad-Aware SE Personal 1.06
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Back in Windows
Run another scan with Hijackthis and post a fresh log

Could you also do the following please
Go to START>>RUN>>COPY AND PASTE the wholebold lines into the open field and then Click OK

regedit /e C:\find.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"

Now, navigate to this file below, open it and copy and paste the contents back here
C:\find.txt

joy · « **Reply #2 on:** June 09, 2005, 04:40:10 AM »

Thank you for your reply...but the file you told me to delete (C:\WINDOWS\system32\twaa.dll) doesn't exist, it doesn't appear in the folder!
What can I do?

THANKS

joy · « **Reply #3 on:** June 09, 2005, 04:58:30 AM »

...well...I did again logfile Hijack and I found the file you told me to delete! In the folder system32 it doesn't exists, but in the Hijack I've found it ?!?!
Can I delete it from there?

joy · « **Reply #4 on:** June 09, 2005, 05:25:22 AM »

i post my recent logfile Hijack

Logfile of HijackThis v1.99.1
Scan saved at 12.25.02, on 09/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmi\FSI\F-Prot\F-StopW.EXE
C:\Programmi\FSI\F-Prot\F-Sched.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmi\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.Email Removed.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 151.99.125.1
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

joy · « **Reply #5 on:** June 09, 2005, 05:34:05 AM »

Sorry...it's me, again...

I'm italian...so i have a little problem with technical assignments in english...
what does it means this, what i have to do :

Could you also do the following please
Go to START>>RUN>>COPY AND PASTE the wholebold lines into the open field and then Click OK

regedit /e C:\find.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"

Now, navigate to this file below, open it and copy and paste the contents back here
C:\find.txt

THANKS

guestolo · « **Reply #6 on:** June 09, 2005, 08:41:37 PM »

That's okay, I'll try and do this another way

Download and UNZIP to your desktop Export.zip
So you now have Export.bat on your desktop
[attachment=257:attachment]

Double click on Export.bat
A text file will be placed on your desktop called Export.txt
Open Export.txt and copy and paste the contents back here

Did Ad-Aware find any Critical objects?
Just wondering

joy · « **Reply #7 on:** June 10, 2005, 03:36:58 AM »

Ad-Aware didn't find any critical object...I decided to delete twaa.dll from my logfile Hijack, as you see from my latest logfile and everything is working now!

This is what you asked me to post :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

Ok?

THANKS A LOT!!!

guestolo · « **Reply #8 on:** June 11, 2005, 06:22:11 PM »

That looks fine

You can go back and hide hidden files and folders

You should set up protection against future attacks

SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"

You should consider updating to Windows Service pack 2
to help keep your system secure
and then stay up to date on all Latest Critical(High priority) updates afterwards
Please read this
http://www.microsoft.com/windowsxp/sp2/default.mspx

Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: Please help me questolo!!! (Read 1205 times)

joy

Please help me questolo!!!

guestolo

Please help me questolo!!!

joy

Please help me questolo!!!

joy

Please help me questolo!!!

joy

Please help me questolo!!!

joy

Please help me questolo!!!

guestolo

Please help me questolo!!!

joy

Please help me questolo!!!

guestolo

Please help me questolo!!!