Jump to content

JOE-J

Members
  • Content Count

    30
  • Joined

  • Last visited

About JOE-J

  • Rank
    Member
  • Birthday 08/10/1936

Contact Methods

  • MSN
    joehammill
  • Website URL
    http://
  • ICQ
    0
  • Yahoo
    jhammill54868

Profile Information

  • Location
    Rice Lake, Wi 12 years

Previous Fields

  • System Specifications:
    AMD Athlon, 1400 MHz Memory 320MB RAM Disk Drives C, D, E +CDRW+DVD/ROM Video NVIDIA GeForce2 MX 100/200 Internet MSIE 6.0; SV1 Windows Windows XP SP2 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Intel Pentium III, 1000 MHz Memory 256MB RAM Disk Drives C, D & CDRW & CD/ROM Video Intel(R) 82810E Graphics Controller (Microsoft Corporation) Internet MSIE 6.0; SV1 Windows Windows XP SP2
  • TechExpress Link:
    http://www.pcpitstop.com/techexpress/default.asp
  • Teams:
    Nothing Selected
  1. Somewhere or some how, I am not communicating correctly. You are giving advise and asking questions, that are all on the post. I realize that you are dealing with more than one person and their problems and sometimes may get mixed up from one to the other because the symptems are the same. To answer your last reply, Yes, I got rid of the surfsidekick. I stated that in the first message to you. Not the first one on the topic, but to you. I have been running all the programs with the restore off so that I wouldn't pick up something, or to get rid of it, with some of the programs you had me run and that they wouldn't come back and give a wrong reading. I have an anti virus running as shows in the logs, I have the ad-ware, s&d, xoftspy,(latest edition), spyblaster, ewindo,spyware Doctor, and now just two registry cleaners, on. I run the spywares, at least once a day, either first thing in the morning, or last thing at night, to make sure that the computer is clean. I also run the Panda Free Anti-virus & spyware if I think I got into something I shouldn't have. and maybe picked up something. That is the one that shows the STARTPAGE.GX that we, or I was trying to get rid of. WE HAVE NOT GOTTEN RID OF IT. As I said before, I thank you for all of your time with trying to help. I am going to post one last HJT below so that you can have one more look. Logfile of HijackThis v1.99.1 Scan saved at 9:54:30 AM, on 6/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\System32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\windows\system32\wdfmgr.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN\MSNCoreFiles\msn6.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe E:\My Documents\jeffsoldman\Receive\HijackThis.exe F2 - REG:system.ini: UserInit=C:\windows\system32\Userinit.exe N3 - Netscape 7: user_pref("browser.startup.homepage", "http://excite.com"); (C:\Documents and Settings\JOE\Application Data\Mozilla\Profiles\default\ehr3m59m.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\JOE\Application Data\Mozilla\Profiles\default\ehr3m59m.slt\prefs.js) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.pandasoftware.com O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {B3A37929-7FF7-4CBE-9579-AC1EF83080DF} (SystemChecker.CheckerCtrl) - http://pa1.fnismls.com/Paragon/Codebase/SystemChecker.cab O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...504/mcfscan.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  2. I just ran a search in the registry again of all three of the alias. Nothing showed up. When I had the SurfSideKick on Which was a log, It took nearly two weeks before it didn't show on the log. Maybe we should wait and watch. If you find a good solution, let me know, other wise, I will just live with it and keep checking. There is one thing that you can do for me. I had a couple of inquires on the forum back in November of 2004. If you want you can delete them, as the problem was never resolved with any answers. When I reinstalled the o/s it got corrected. Just to save space. Thanks for your help and I will get back if and when I get it off. If I figure out how or why, I will let you know. THANKS AGAIN.
  3. here it is. We did run the one program you recomended and I deleted those files. That was the YUM. Common name: Startpage.GX Technical name: Adware/Startpage.GX Threat level: Low Alias: Trj/Startpage.GX, winsearchie32,Yun, up-search Type: Spyware Subtype: Adware Effects: It collects information on Internet usage and the applications installed in the computer and uses it to display pop-up advertisements. Affected platforms: Windows XP/2000/NT First detected on: July 9, 2004 Detection updated on: May 12, 2005 In circulation? No Brief Description Startpage.GX is adware. Adware is a license form for using programs, which offers the application at the only cost of viewing a series of advertisements. However, these programs sometimes collect data on Internet usage habits, pages viewed, inventory of the applications installed in the computer, etc. Then, this information can be sent to Internet advertising companies. Last updated: May 12, 2005 Effects Startpage.GX carries out the following actions: It collects user details, such as Internet usage, pages viewed, phone connection details, inventory of the applications installed in the computer, etc. It uses this information to display pop-up advertisements. Means of transmission Startpage.GX does not use any specific means to spread. It can reach computers through any of the means normally used by viruses: CD-ROMs, e-mail messages with infected attachments, Internet downloads, FTP, etc. Further Details Other interesting characteristics of Startpage.GX are: The file that carries out the infection is 6240 bytes. It is compressed with Upx. I can go back and look and rerun the "YUM" thing if you want me to.???
  4. Well here is the log from that one. I did not run a fix. I just made a backup. I could see where that was anything that was really wrong. The other registry programs changed them, or never caught them. RegistryFix Version = 3.0 Windows XP Professional Edition Service Pack 2 -------------------------------------------- Key : HKEY_CLASSES_ROOT\TypeLib\{56DDDEC5-8BCE-11D3-A9EA-00C04F72DAEB}\1.0\HELPDIR ValueName : (Default) Value : wksthemes class Key : HKEY_CLASSES_ROOT\.aa ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.ai ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.asmx ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.dcr ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.dir ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.diz ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.dxr ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.fif ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.java ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.local ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.man ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.manifest ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.nsc ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.nvr ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.php3 ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.plg ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.ps ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.rpm ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.sam ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.sed ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.shw ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.sol ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.sor ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.sql ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.text ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.tsv ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.wb2 ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.wk4 ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.wpd ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.wpg ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.x ValueName : PersistentHandler Value : Key : HKEY_CLASSES_ROOT\.zhdb ValueName : PersistentHandler Value : Key : HKEY_LOCAL_MACHINE\Software\Broderbund Software\The Print Shop Family\The Print Shop Premier Edition\5.0 ValueName : $Install_FromRoot$ Value : f:\ Key : HKEY_LOCAL_MACHINE\Software\Broderbund Software\The Print Shop Family\The Print Shop PressWriter\1.5 ValueName : $Install_FromRoot$ Value : f:\ Key : HKEY_LOCAL_MACHINE\Software\Microsoft\IMAPI\StashInfo ValueName : StashPath Value : c:\windows\temp\stashimapi.bin Key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C101ABE2876B8084EBEAF3C2CB64CA1B ValueName : 32418F9EE1126B64A90E8365B85CFCF6 Value : c:\documents and settings\all users\start menu\programs\alcohol 120 Key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2BB15FC0C2A75F40B58FA271AF0297C ValueName : 32418F9EE1126B64A90E8365B85CFCF6 Value : c:\documents and settings\all users\start menu\programs\alcohol 120 Key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8EB0ED8D713CF045A3B8E7D9D6ED2B8 ValueName : 32418F9EE1126B64A90E8365B85CFCF6 Value : c:\documents and settings\all users\start menu\programs\alcohol 120 Key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU ValueName : CurrentCacheFile Value : c:\windows\softwaredistribution\eventcache\{d09f01f0-3f4e-439a-899e-5a01c81e9132}.bin Key : HKEY_CURRENT_USER\Software\2nd Story Software\TaxACT 2000\Data ValueName : LAST FILE OPENED Value : e:\download files\2nd story software\taxact 2000\untitled Key : HKEY_CURRENT_USER\Software\2nd Story Software\TaxACT 2002\Data ValueName : LAST FILE OPENED Value : e:\download files\2nd story software\taxact 2002\untitled Key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* ValueName : a Value : c:\documents and settings\joe\desktop\scan.txt Key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* ValueName : b Value : c:\documents and settings\joe\desktop\scan1.txt Key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt ValueName : a Value : c:\documents and settings\joe\desktop\scan.txt Key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt ValueName : b Value : c:\documents and settings\joe\desktop\scan1.txt Key : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MTK ValueName : ImagePath Value : C:\WINDOWS\system32\drivers\fide.sys Key : E:\Program Files\2nd Story Software\TaxACT 2003\Readme.txt ValueName : Value : E:\Program Files\2nd Story Software\TaxACT 2003\Readme.txt Key : E:\Program Files\2nd Story Software\TaxACT 2003\TaxAct03.exe ValueName : Value : E:\Program Files\2nd Story Software\TaxACT 2003\TaxAct03.exe Key : E:\Program Files\2nd Story Software\TaxACT 2003\Unta03.exe ValueName : Value : E:\Program Files\2nd Story Software\TaxACT 2003\Unta03.exe Key : C:\PROGRA~1\QUICKT~1\readme.wri ValueName : Value : C:\PROGRA~1\QUICKT~1\readme.wri Key : C:\The Print Shop Products\The Print Shop Premier Edition 5.0\Ereg\EREG32.EXE ValueName : Value : C:\The Print Shop Products\The Print Shop Premier Edition 5.0\Ereg\EREG32.EXE Key : C:\The Print Shop Products\The Print Shop PressWriter 1.5\Ereg\EREG32.EXE ValueName : Value : C:\The Print Shop Products\The Print Shop PressWriter 1.5\Ereg\EREG32.EXE Key : E:\Program Files\2nd Story Software\TaxACT 2003\TaxAct03.exe ValueName : Value : E:\Program Files\2nd Story Software\TaxACT 2003\TaxAct03.exe Key : C:\Documents and Settings\JOE\Desktop\scan.txt ValueName : Value : C:\Documents and Settings\JOE\Desktop\scan.txt Key : C:\Documents and Settings\JOE\Desktop\scan1.txt ValueName : Value : C:\Documents and Settings\JOE\Desktop\scan1.txt Key : E:\Program Files\2nd Story Software\TaxACT 2003\Readme.txt ValueName : Value : E:\Program Files\2nd Story Software\TaxACT 2003\Readme.txt Key : E:\Program Files\2nd Story Software\TaxACT 2003\TaxAct03.exe ValueName : Value : E:\Program Files\2nd Story Software\TaxACT 2003\TaxAct03.exe Key : E:\Program Files\2nd Story Software\TaxACT 2003\Wireadme.txt ValueName : Value : E:\Program Files\2nd Story Software\TaxACT 2003\Wireadme.txt Key : E:\Program Files\2nd Story Software\TaxACT 2003\Unta03.exe ValueName : Value : E:\Program Files\2nd Story Software\TaxACT 2003\Unta03.exe Key : E:\Program Files\2nd Story Software\TaxACT 2003\Unst03.exe ValueName : Value : E:\Program Files\2nd Story Software\TaxACT 2003\Unst03.exe Key : C:\Program Files\Hewlett-Packard\Memories Disc\mdhelp.hlp ValueName : Value : C:\Program Files\Hewlett-Packard\Memories Disc\mdhelp.hlp Key : C:\Program Files\Hewlett-Packard\Memories Disc\license.rtf ValueName : Value : C:\Program Files\Hewlett-Packard\Memories Disc\license.rtf Key : C:\Program Files\Hewlett-Packard\Memories Disc\hpod.exe ValueName : Value : C:\Program Files\Hewlett-Packard\Memories Disc\hpod.exe Key : C:\Program Files\Hewlett-Packard\Memories Disc\readme.wri ValueName : Value : C:\Program Files\Hewlett-Packard\Memories Disc\readme.wri
  5. Here is the HJT log. As far as the computer reacts is no different than before. Just knowing that it is cleaned up HELPS. The Startpage.GX still shows from the PANDA SCAN. That is what we started to clean up and haven't got it off, but the rest of the computer is cleaner. I do read what I take off, but I didn't know what had been left on, as I couldn't find anything with the programs I used, and not knowing what some symbols meant, I didn't remove them. Logfile of HijackThis v1.99.1 Scan saved at 5:45:09 PM, on 6/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\System32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\windows\system32\wdfmgr.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MSN\MSNCoreFiles\msn6.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trillian\trillian.exe E:\My Documents\jeffsoldman\Receive\HijackThis.exe F2 - REG:system.ini: UserInit=C:\windows\system32\Userinit.exe N3 - Netscape 7: user_pref("browser.startup.homepage", "http://excite.com"); (C:\Documents and Settings\JOE\Application Data\Mozilla\Profiles\default\ehr3m59m.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\JOE\Application Data\Mozilla\Profiles\default\ehr3m59m.slt\prefs.js) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.pandasoftware.com O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://66.191.103.218:6970/tsweb/msrdp.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {B3A37929-7FF7-4CBE-9579-AC1EF83080DF} (SystemChecker.CheckerCtrl) - http://pa1.fnismls.com/Paragon/Codebase/SystemChecker.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...504/mcfscan.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  6. I DID FORGET TO ADD A SUGGESTION TO YOU. THAT IS WHEN YOU ARE DOING YOU HJT STUFF, THAT BESIDES RUNNING THE SPYWARE SCANS, THAT YOU ADD THE REGISTRY SCAN TO IT. IT MAY MAKE EASIER READING. AS I SAID IT IS THE BEST ONE I HAVE USED. AND I HAVE OR HAD THREE DIFFERENT ONES ON THE COMPUTER TO RUN.
  7. FIRST OF ALL I THANK YOU FOR YOUR TIME. YOU HAVE GIVEN ME A LOT OF INFORMATION AND PROGRAMS THAT I DIDN'T KNOW WERE THERE. THE REGISTRY PROGRAM IS THE BEST I HAVE SEEN AND USED. I KNOW THAT IT HAS TAKEN ME SOME TIME TO DO ALL OF YOUR SUGGESTIONS, BUT WHILE I WENT THROUGH SOME, I WAS ABLE TO GET RID OF SOME OF THE PROGRAMS THAT I NO LONGER NEEDED & SOME OF THE FRAGMENTS OF SOME OF THE PROGRAMS THAT I HAD DELETED AND UNINSTALLED. THE PROGRAMS CAUGHT THEM. ON THE LOG, I DID GET RID OF THE TAXACT SOFTWARE, THAT WAS FORGOTTEN, BUT DIDN'T TAKE THE EXTRA HOURS TO RERUN THE PROGRAM. THE GOOD PICTURE IS A JOKE AND I HAVE HAD IT ON FOR SEVERAL YEARS, SO I KNOW (AND I SCANNED IT AGAIN) IT HAS NO VIRUSES OR ADDWARE/SPYWARE. I DID GET THE RESULTS DOWN AND THAT IS WHERE I SIT NOW. PANDA STILL SHOWS THE STARTPAGE.GX AS BEING ON. SYSTEM RESTORE IS CLEANED, AND THE COMPRESSED FILES ON THE DISK CLEANUP IS CLEAR. RESET TO 125 DAYS. I HAVE LEARNED ALOT, BUT STILL NEED THE HELP OR SUGGESTIONS TO RID THE PROGRAM FROM PANDA. IT MAY BE IN ONE OF THE FILES THAT SHOWS ON THE LOG, BUT DON'T KNOW HOW TO FIND IT. bject "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\installer_VENDARE4.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\system32\pcpbios.exe". Action Taken: No Action Taken. File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\All Users\Documents\My Received Files\Good Picture.exe tagged as not-a-virus:Joke.Win32.Oups. No Action Taken. File C:\Program Files\Real\RealPlayer\~Upg28\vtuner.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File D:\My Documents\My Received Files\Good Picture.exe tagged as not-a-virus:Joke.Win32.Oups. No Action Taken. File E:\Download Files\2nd Story Software\TaxACT 2000\Unst00.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\Download Files\2nd Story Software\TaxACT 2000\Unta00.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. SAME AS ABOVE, BUT WRAPPED. bject "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\installer_VENDARE4.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\system32\pcpbios.exe". Action Taken: No Action Taken. File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\All Users\Documents\My Received Files\Good Picture.exe tagged as not-a-virus:Joke.Win32.Oups. No Action Taken. File C:\Program Files\Real\RealPlayer\~Upg28\vtuner.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File D:\My Documents\My Received Files\Good Picture.exe tagged as not-a-virus:Joke.Win32.Oups. No Action Taken. File E:\Download Files\2nd Story Software\TaxACT 2000\Unst00.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\Download Files\2nd Story Software\TaxACT 2000\Unta00.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. THANK YOU VERY MUCH, I KNOW THAT EVEN IF I DON'T GET RID OF THE STARTPAGE.GX, I HAVE A MUCH CLEANER COMPUTER.
  8. O'K here is the complete log from the scan. I am not sure who is helping anymore, but it doesn't make any difference, as long as I get good help. I think it will take as long to read and understand it all, as it took to get the scan, but lets hope that it will give us some information. I did see some entries on there that I had taken off and some last Nov. when JAYCEE, helped to clean up. I never put it back on, so some of the stuff gets taken off, but leaves residue on other places that we can't even find or the name changes in some cases. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\installer_VENDARE4.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\system32\pcpbios.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\IncrediAnimation.AnimationPlayer" refers to invalid object "{B5534644-E461-11D3-BBB2-0050DA276194}". Action Taken: No Action Taken. Entry "HKCR\IncrediAnimation.AnimationPlayer.1" refers to invalid object "{B5534644-E461-11D3-BBB2-0050DA276194}". Action Taken: No Action Taken. Entry "HKCR\IncrediComUtils.AppSync" refers to invalid object "{A7256361-EC20-4E5B-B824-A692515700BD}". Action Taken: No Action Taken. Entry "HKCR\IncrediComUtils.AppSync.1" refers to invalid object "{A7256361-EC20-4E5B-B824-A692515700BD}". Action Taken: No Action Taken. Entry "HKCR\IncrediComUtils.ComFactory" refers to invalid object "{EEBF0065-B9C2-44ef-9E34-0E51BE01937F}". Action Taken: No Action Taken. Entry "HKCR\IncrediComUtils.ComFactory.1" refers to invalid object "{EEBF0065-B9C2-44ef-9E34-0E51BE01937F}". Action Taken: No Action Taken. Entry "HKCR\IncrediComUtils.Connection" refers to invalid object "{77969C47-EBE5-486F-8730-F48B84284D88}". Action Taken: No Action Taken. Entry "HKCR\IncrediComUtils.Connection.1" refers to invalid object "{77969C47-EBE5-486F-8730-F48B84284D88}". Action Taken: No Action Taken. Entry "HKCR\IncrediComUtils.XmlParser" refers to invalid object "{6D587C7F-27A0-4416-A90D-FB337F9B406C}". Action Taken: No Action Taken. Entry "HKCR\IncrediComUtils.XmlParser.1" refers to invalid object "{6D587C7F-27A0-4416-A90D-FB337F9B406C}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.CommonSettings" refers to invalid object "{CBF9925D-3C19-4F33-9DE4-446978645EBB}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.CommonSettings.1" refers to invalid object "{CBF9925D-3C19-4F33-9DE4-446978645EBB}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.IMMessage" refers to invalid object "{07D03588-7B5E-11D5-8784-0050DA2761C4}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.IMMessage.1" refers to invalid object "{07D03588-7B5E-11D5-8784-0050DA2761C4}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.LicenceManager" refers to invalid object "{5862A1C2-7676-45AA-8C7D-2F803754D007}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.LicenceManager.1" refers to invalid object "{5862A1C2-7676-45AA-8C7D-2F803754D007}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.MultiSignature" refers to invalid object "{328CC455-1F5E-4F1A-A6B7-A888AA9C0289}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.MultiSignature.1" refers to invalid object "{328CC455-1F5E-4F1A-A6B7-A888AA9C0289}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.ProfileManager" refers to invalid object "{96D04D6A-7B1E-48A9-BEA6-99F9FE8341C7}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.ProfileManager.1" refers to invalid object "{96D04D6A-7B1E-48A9-BEA6-99F9FE8341C7}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.Signature" refers to invalid object "{DA12A268-0ACB-11D4-859D-0050DA2761C4}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.Signature.1" refers to invalid object "{DA12A268-0ACB-11D4-859D-0050DA2761C4}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.Sound" refers to invalid object "{0710C793-2117-11D5-B75D-005004C0C6BA}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.Sound.1" refers to invalid object "{0710C793-2117-11D5-B75D-005004C0C6BA}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.Spelling" refers to invalid object "{84566316-EC70-11D5-881D-0050DA2761C4}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.Spelling.1" refers to invalid object "{84566316-EC70-11D5-881D-0050DA2761C4}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.StyleBox" refers to invalid object "{C7681ACB-27AD-4025-8F53-643549159658}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.StyleBox.1" refers to invalid object "{C7681ACB-27AD-4025-8F53-643549159658}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.TypeMessageTAF" refers to invalid object "{FEBD6230-F4F6-4E79-89CD-4BEBDC4A96AE}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.TypeMessageTAF.1" refers to invalid object "{FEBD6230-F4F6-4E79-89CD-4BEBDC4A96AE}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.TypeMessageVIP" refers to invalid object "{47B10849-77FA-463b-8973-10241FF9DB37}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.TypeMessageVIP.1" refers to invalid object "{47B10849-77FA-463b-8973-10241FF9DB37}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.WebViewer" refers to invalid object "{4EAA7268-FC1E-47C6-87EF-8915475CBC88}". Action Taken: No Action Taken. Entry "HKCR\IncrediFeatures.WebViewer.1" refers to invalid object "{4EAA7268-FC1E-47C6-87EF-8915475CBC88}". Action Taken: No Action Taken. Entry "HKCR\IncrediMail.Kernel" refers to invalid object "{E9BC70A8-D70C-11D3-BBAE-0050DA276194}". Action Taken: No Action Taken. Entry "HKCR\IncrediMail.Kernel.1" refers to invalid object "{E9BC70A8-D70C-11D3-BBAE-0050DA276194}". Action Taken: No Action Taken. Entry "HKCR\IncrediNotify.NotifierManager" refers to invalid object "{B385A628-C100-11D3-BB95-0050DA276194}". Action Taken: No Action Taken. Entry "HKCR\IncrediNotify.NotifierManager.1" refers to invalid object "{B385A628-C100-11D3-BB95-0050DA276194}". Action Taken: No Action Taken. Entry "HKCR\IncrediService.RegInfo" refers to invalid object "{F648D80F-2409-4EDA-847D-8E820B03451F}". Action Taken: No Action Taken. Entry "HKCR\IncrediService.RegInfo.1" refers to invalid object "{F648D80F-2409-4EDA-847D-8E820B03451F}". Action Taken: No Action Taken. Entry "HKCR\IncrediService.Registration" refers to invalid object "{C0CF353A-F029-11D3-857F-005004BE235E}". Action Taken: No Action Taken. Entry "HKCR\IncrediService.Registration.1" refers to invalid object "{C0CF353A-F029-11D3-857F-005004BE235E}". Action Taken: No Action Taken. Entry "HKCR\IncrediService.Service" refers to invalid object "{55B613D4-E613-11D3-857A-005004BE235E}". Action Taken: No Action Taken. Entry "HKCR\IncrediService.Service.1" refers to invalid object "{55B613D4-E613-11D3-857A-005004BE235E}". Action Taken: No Action Taken. Entry "HKCR\IncrediShellExt.IMMenuShellExt" refers to invalid object "{F8984111-38B6-11D5-8725-0050DA2761C4}". Action Taken: No Action Taken. Entry "HKCR\IncrediShellExt.IMMenuShellExt.1" refers to invalid object "{F8984111-38B6-11D5-8725-0050DA2761C4}". Action Taken: No Action Taken. Entry "HKCR\IncrediTools.Magic" refers to invalid object "{B84092B9-8658-11D5-8793-0050DA2761C4}". Action Taken: No Action Taken. Entry "HKCR\IncrediTools.Magic.1" refers to invalid object "{B84092B9-8658-11D5-8793-0050DA2761C4}". Action Taken: No Action Taken. Entry "HKCR\IncrediTools.SoundManager" refers to invalid object "{0B9A0840-1EC3-11D5-B75C-005004C0C6BA}". Action Taken: No Action Taken. Entry "HKCR\IncrediTools.SoundManager.1" refers to invalid object "{0B9A0840-1EC3-11D5-B75C-005004C0C6BA}". Action Taken: No Action Taken. Entry "HKCR\IncrediTools.ThumbnailCreator" refers to invalid object "{140BBD3E-C68E-4077-B7EC-D4DC46242EF5}". Action Taken: No Action Taken. Entry "HKCR\IncrediTools.ThumbnailCreator.1" refers to invalid object "{140BBD3E-C68E-4077-B7EC-D4DC46242EF5}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\MiniBugTransporter.MiniBugTransporterX" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken. Entry "HKCR\MiniBugTransporter.MiniBugTransporterX.1" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\PropertyAttribute" refers to invalid object "{FD2280A8-51A4-11D2-A601-3078302C2030}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCIMSP.RTCIMService" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken. Entry "HKCR\RTCIMSP.RTCIMService.1" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken. Entry "HKCR\rtvideo.AOLVideoCtl" refers to invalid object "{BE265956-6F5F-4790-9CAB-EDFAC64362EF}". Action Taken: No Action Taken. Entry "HKCR\rtvideo.AOLVideoCtl.1" refers to invalid object "{BE265956-6F5F-4790-9CAB-EDFAC64362EF}". Action Taken: No Action Taken. Entry "HKCR\Sb.SuperBuddy" refers to invalid object "{189504B8-50D1-4AA8-B4D6-95C8F58A6414}". Action Taken: No Action Taken. Entry "HKCR\Sb.SuperBuddy.1" refers to invalid object "{189504B8-50D1-4AA8-B4D6-95C8F58A6414}". Action Taken: No Action Taken. Entry "HKCR\Sb.SuperBuddyData" refers to invalid object "{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}". Action Taken: No Action Taken. Entry "HKCR\Sb.SuperBuddyData.1" refers to invalid object "{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}". Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. Entry "HKCR\VCDLayout.Document" refers to invalid object "{01668F03-0AC4-11CF-AB99-00C0F00683EB}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. Entry "HKCR\Yahoo.CpnPopupBlockerUI.1" refers to invalid object "{FA6B091D-0CE2-4EDD-806D-A34306045456}". Action Taken: No Action Taken. Entry "HKCR\Yahoo.MessengerCompanionControl.3" refers to invalid object "{977046B0-A87F-11d5-8FEA-FFFFFF000000}". Action Taken: No Action Taken. File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\All Users\Documents\My Received Files\Good Picture.exe tagged as not-a-virus:Joke.Win32.Oups. No Action Taken. File C:\Program Files\2nd Story Software\TaxACT 2000\Unst00.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\2nd Story Software\TaxACT 2000\Unta00.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Real\RealPlayer\~Upg28\vtuner.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File D:\My Documents\My Received Files\Good Picture.exe tagged as not-a-virus:Joke.Win32.Oups. No Action Taken. File D:\Download Files\ta00dxdw.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File D:\Download Files\ta00wi.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\Download Files\2nd Story Software\TaxACT 2000\Unst00.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\Download Files\2nd Story Software\TaxACT 2000\Unta00.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\Download Files\ta00dxdw.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\Download Files\ta00wi.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Please advise what you all think after you get your heads together. If there is to be just one spokesman for the topic, please get together how ever you do it and come up with the right answer. Thanks for all that you guys have done. I know that it is not a complete loss, as I did get some fragments of other programs off that I didn't know were on, as they would not show on the searching anywhere. :beer:
  9. Steve: Thank you much for your input. I am trying all the things, that are suggested. I did show on the Panda that I had the surfsidekick, and then it didn't show, but I was reading another post, and just ran the Spy doctor and found it there. removed again, also below is the log on that one. I did go back to Panda, and the startpage is still there. :beer: Spyware Doctor Activity Report Generated on 6/11/2005 2:41:47 PM Spyware Doctor Homepage PC Tools Homepage Technical Support Scans (basic information only): Scan Results: scan start: 6/11/2005 2:42:00 PM scan stop: 6/11/2005 2:54:57 PM scanned items: 64079 found items: 8 found and ignored: 0 tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner Infection Name Location Risk Common Components for GAIN joe@belnk[1].txt Medium Advertising joe@com[1].txt Low Common Components for GAIN joe@dist.belnk[2].txt Medium CrackSpider C:\Documents and Settings\JOE\Favorites\Freeman CrackLinks Medium CrackSpider C:\Documents and Settings\JOE\Favorites\Freeman CrackLinks\!!! CrackPortal.com - Cracks, serial numbers.....url Medium CrackSpider C:\Documents and Settings\JOE\Favorites\Freeman CrackLinks\NeedCrack.us - Cracks search engine.url Medium CrackSpider C:\Documents and Settings\JOE\Favorites\Freeman CrackLinks\TheCrack.us - Cracks arhive.url Medium SurfSideKick C:\Documents and Settings\JOE\Local Settings\Temporary Internet Files\Ssk.log Elevated Other Sections: Copyright ? 2003-2005. Distributed by PC Tools. Legal Notice sigs Click to go back
  10. I just ran all the others. Nothing showed up in two of them, but the "Yun" one had several and I deleted all of them. Where do we go from here? I ran a registry clean up and then went and ran the Panda, but it still showed. I will reboot and try it again.
  11. I have done that all week, but just so I wasn't following in the right order, I did it again, just now. no results. That was one of the first things I tried. Now what?
  12. I think I got it right this time. The previous log was from last evening. I did a new one this morning. Before I did it, I went thru all the spyware programs and ran them. A registry repair, Then ewido. rebooting between each scan. --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 12:20:25 PM, 6/11/2005 + Report-Checksum: FD56C0DA + Date of database: 6/11/2005 + Version of scan engine: v3.0 + Duration: 33 min + Scanned Files: 70758 + Speed: 34.69 Files/Second + Infected files: 0 + Removed files: 0 + Files put in quarantine: 0 + Files that could not be opened: 0 + Files that could not be cleaned: 0 + Binder: Yes + Crypter: Yes + Archives: Yes + Scanned items: C:\ D:\ E:\ + Scan result: No infected files found! ::Report End Then I did the PANDA ONE TO CHECK AND THIS IS WHAT I GOT AGAIN. THE EXPLAINATION OF WHAT IT IS IS ON PREVIOUS THREADS. Incident Status Location Adware:Adware/Startpage.GX No disinfected Windows Registry :help:
  13. Ok this is what I got. A worm. --------------------------------------------------------- ewido security suite - Process report --------------------------------------------------------- + Created on: 10:21:49 PM, 6/10/2005 + Report-Checksum: 53F022D0 0: System Process 4: System Process 208: \SystemRoot\System32\smss.exe 260: \??\C:\WINDOWS\system32\csrss.exe 284: \??\C:\WINDOWS\System32\winlogon.exe 328: C:\WINDOWS\system32\services.exe 340: C:\WINDOWS\system32\lsass.exe 492: C:\WINDOWS\system32\svchost.exe 552: C:\WINDOWS\system32\svchost.exe 628: C:\WINDOWS\system32\svchost.exe 808: C:\WINDOWS\Explorer.EXE 896: C:\Program Files\ewido\security suite\SecuritySuite.exe 1168: C:\WINDOWS\system32\mspaint.exe When I try to copy and paste off the desktop it comes up errors. and way the worm is: MINDA The image “file:///C:/Documents%20and%20Settings/JOE/Desktop/untitled.JPG” cannot be displayed, because it contains errors.
  14. Nothing will open as the file is being used by another operation. It had something to do with the MOS DOS. THE TEXT FILE READS AS BELOW. PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. some examples are MRT.EXE NTDLL.DLL. »»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
×
×
  • Create New...