1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

forum problem

Discussion in 'Virus & Other Malware Removal' started by Chrisuk, Jan 25, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Chrisuk

    Chrisuk Thread Starter

    Joined:
    Dec 26, 2003
    Messages:
    72
    I have mentioned this once before but still having problems...

    I am amember of another forum and when i go to log in all i get is password/username not found.

    Forums fault? no because i can log on from any other computer because i have tried..

    So does anyone have some advice for this very annoying problem.

    also my date on the computer is always wrong does this have any thing to do with it?

    please help

    thanks

    chris
     
  2. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    34,633
    First Name:
    James
    maybe spyware-related

    Try clearing your cookies and temporary folders (c:\temp and the temporary internet folder). If that doesn't work, run Ad-Aware/Spybot/HJT combo and post the hjt log here.
     
  3. Chrisuk

    Chrisuk Thread Starter

    Joined:
    Dec 26, 2003
    Messages:
    72
    Ok cleared internet cookies and temp files

    Downloaded new versions of adaware spybot and HJT

    Adaware found some 130 items which i fixed

    spybot found 17 things some of which could not be fixe i saved a report of the scan here it is

    Error during check!: Z-Demon (Ungültiger Datentyp für '') ()


    Altnet: Program directory (Directory, fixed)
    c:\Program Files\Altnet\

    Altnet: Data (File, fixed)
    C:\WINDOWS\smdat32a.sys

    Altnet: Root class (Registry key, fixing failed)
    HKEY_CLASSES_ROOT\ADM4.ADM4.1

    Altnet: Root class (Registry key, fixing failed)
    HKEY_CLASSES_ROOT\ADM4.ADM4

    Altnet: Root class (Registry key, fixing failed)
    HKEY_CLASSES_ROOT\ADM25.ADM25.1

    Altnet: Root class (Registry key, fixing failed)
    HKEY_CLASSES_ROOT\ADM25.ADM25

    Altnet: Settings (Registry key, fixing failed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Altnet

    Comload: Settings (Registry value, fixing failed)
    HKEY_USERS\S-1-5-21-4207170183-331137668-422540118-1007\Software\Coulomb\Location

    CoolWWWSearch.SmartSearch: Executable (File, fixed)
    C:\WINDOWS\SYSTEM32\iexplorer.exe

    Dialler: Settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-21-4207170183-331137668-422540118-1007\Software\Coulomb

    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\S-1-5-21-4207170183-331137668-422540118-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DyFuCA.InternetOptimizer: Uninstall settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSEM Update

    DyFuCA: Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-4207170183-331137668-422540118-1007\Software\Microsoft\Internet Explorer\Main\BandRest

    DyFuCA: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}

    DyFuCA: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}

    ISearchTech.ISTactiveX: Shared DLL (1 apps) (Registry value, fixed)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\ISTactivex.dll

    ISearchTech.ISTactiveX: Module usage (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll

    ISearchTech.PowerScan: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\BandRest

    ISearchTech.PowerScan: Settings (Registry key, fixing failed)
    HKEY_LOCAL_MACHINE\SOFTWARE\PowerScan

    Matrix: Picture (File, fixed)
    C:\WINDOWS\SYSTEM32\3dstamp.ico

    Matrix: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{BA221B24-C60D-4A6C-A8BB-59808FDA4C80}

    Matrix: Interface (Registry key, fixing failed)
    HKEY_CLASSES_ROOT\Interface\{5BF0CE3E-61D2-4A7B-BAA3-0C4667A9563D}

    Matrix: Interface (Registry key, fixing failed)
    HKEY_CLASSES_ROOT\Interface\{4FC63700-2093-4AD2-8D37-3B3D86D9C940}

    Matrix: Root class (Registry key, fixed)
    HKEY_CLASSES_ROOT\AutoSearch.SrchHook.1

    Matrix: Root class (Registry key, fixed)
    HKEY_CLASSES_ROOT\AutoSearch.SrchHook

    Matrix: Root class (Registry key, fixing failed)
    HKEY_CLASSES_ROOT\PTPSA32.PTPSAWeb.1

    Matrix: Root class (Registry key, fixing failed)
    HKEY_CLASSES_ROOT\PTPSA32.PTPSAWeb

    Matrix: Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-4207170183-331137668-422540118-1007\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0\ppcimdnnnjbeahepfabjipfginloedkg enodaj

    Matrix: Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-4207170183-331137668-422540118-1007\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0\ppcimdnnnjbeahepfabjipfginloedkg cfcaak

    Matrix: Type library (Registry key, fixed)
    HKEY_CLASSES_ROOT\TypeLib\{295B4235-861F-4264-B1C1-91AB35981994}

    Matrix: Type library (Registry key, fixing failed)
    HKEY_CLASSES_ROOT\TypeLib\{095C0DB4-FEA6-440E-8DFC-00FC53AC827D}


    --- Spybot - Search && Destroy version: 1.3 ---
    2004-11-29 Includes\Cookies.sbi
    2005-01-04 Includes\Dialer.sbi
    2005-01-04 Includes\Hijackers.sbi
    2004-12-29 Includes\Keyloggers.sbi
    2004-05-12 Includes\LSP.sbi
    2005-01-04 Includes\Malware.sbi
    2004-11-29 Includes\Revision.sbi
    2004-11-29 Includes\Security.sbi
    2005-01-05 Includes\Spybots.sbi
    2004-11-29 Includes\Tracks.uti
    2005-01-04 Includes\Trojans.sbi


    and here is the logfile of HJT

    Logfile of HijackThis v1.99.0
    Scan saved at 17:46:27, on 25/01/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\PestPatrol\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\WINDOWS\System32\qttask.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dixons\Picture Suite\InsDetect.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
    C:\Program Files\AOL 8.0\aoltray.exe
    C:\Program Files\HistoryKill\hkPopupKiller.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Chris\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Dixons Insert Detect] C:\Program Files\Dixons\Picture Suite\InsDetect.exe
    O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
    O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
    O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/selftest/Prg/ESTPTest.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/vip_236/webolr/OCX/FlashAX.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/williamhill_lang/williamhill_lang/rnt/rnl/java/RntX.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Thank you so much for your help

    Chris (y)
     
  4. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    34,633
    First Name:
    James
    looks like you have / had a CWS variant. You should download CWShredder to make sure you are free of it. If they have an update section run that first. Also when you are ready to run the program, click fix and not scan. Scan will only scan the system.

    I will ask the thread to be moved to Security so they can help you with the rest of the logs
     
  5. Chrisuk

    Chrisuk Thread Starter

    Joined:
    Dec 26, 2003
    Messages:
    72
    Ok thank you, i will run this program later and post results.........
     
  6. Chrisuk

    Chrisuk Thread Starter

    Joined:
    Dec 26, 2003
    Messages:
    72
    ran CWShredder it came back with nothing.....

    im am lost for ideas of what it could be

    anything else?
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/323255

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice