Tech Support Forum - View Single Post

redfish36117 · 06-14-2006, 11:05 PM

Hi, I ran all the programs, except of the Panda ActiveScan. I still am not connecting to the internet. But, the about.blank is gone. It has the microsoft home page in the url. But, it says that it cannot find the server. And I cannot ping any of my other cpu's. I have a small network with a linksys router. I did not run the hijacthis because I did not get to run the Panda Active Scan and also I cannot turn off Pc cillan.

smitRem © log file
version 3.0

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Wed 06/14/2006
The current time is: 22:03:56.76

Running from
C:\Documents and Settings\Andrea Tuggle\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

checking for drsmartload2 key

drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

qjrkvy.exe
thlwin32.dll
winflash.dll
adobepnl.dll
users32.exe
amcompat.tlb
nscompat.tlb

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

about_spyware_bottom.gif
as.gif
as_header.gif
box_1.gif
box_2.gif
box_3.gif
button_buynow.gif
button_freescan.gif
download_box.gif
features.gif
footer_back.gif
footer_back.jpg
header_1.gif
header_2.gif
header_3.gif
header_4.gif
main_back.gif
rf.gif
rf_header.gif
scan_btn.gif
security-center-bg.gif
security-center-logo.gif
security_center_caption.gif
sep_hor.gif
sep_vert.gif
spacer.gif
spacer.gif'
spyware-detected.gif
star_gray.gif
star_gray_small.gif
star_small.gif
ts.gif
ts_header.gif
v.gif
warning_icon.gif
win_logo.gif
x.gif

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 780 'explorer.exe'
Killing PID 780 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN! :)
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:26:53 PM, 6/14/2006
+ Report-Checksum: A1303245

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{24F52FD3-D9CD-C5B4-2108-1DBD812D6F79} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2566FCEB-BCBE-B30A-35B9-518DEE38C367} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{25713B9E-3A18-4906-71FE-9FE3C5B4B02A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4CF3F22B-5DA9-5DE0-5DEB-EE4100912572} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{61D24A14-3A46-AD55-E435-902793177389} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{655D9CE4-1199-9A9A-0FBD-E8A5D9B1F5E2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7CE28F1A-C75D-E86A-7653-65342618DF9B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{805B5372-5E8D-06EA-8F76-4E177E2F0426} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9D3DCB85-C38C-2CD8-1768-75E8BDB64A72} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BCE966-302E-BD8D-25BA-12F8C7148266} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8F805E7-A3F6-F710-0209-8F4982D1B08D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4A77CF6-02BF-DD85-3F0E-C3AEABCEDC8F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B6029097-47C6-0FE2-A8B2-F4630B4C91AF} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B79CC35D-10FE-026C-855E-6F9CB7D9C3B9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B81B06F6-5EC4-55AF-F6BE-70DA417086A8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B8321C12-3112-B9DC-AAF4-61729E4568F3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA99F0F7-81BA-A3D0-11AE-7FAE337FF72F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C5844CBD-D015-394D-8C9A-B52CFEA94E45} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC47DD3F-46F7-6813-D89E-37FD2658A254} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E1855C39-8820-BABA-C94F-7C3D2AD1C652} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF4E1F2F-B634-DB07-0058-0E715E738DD5} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1829178307-83672145-3294281137-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86CB9367-12D4-E652-89AB-956913BAE9E0} -> Adware.CoolWebSearch : Cleaned with backup
C:\WINDOWS\crlx32.exe:nzjkr -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\gdnos.dat:iipsm -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\KB817778.log:rthql -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\KB824141.log:wfija -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:ywjyv -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\OCGEN.LOG:sbeww -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:frjcg -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:qhvow -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q327979.log:atfaw -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\Q814033.log:venob -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\smscfg.ini:oubdg -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\Towelie.dll:ntjyx -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\Towelie.exe:xrjma -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\uninst.exe:puxtz -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\webshots.scr:wzhcu -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\WIASERVC.LOG:rzljs -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\Winamp.ini:fwanl -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\winampa.ini:zeyjy -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\WINNT256.BMP:yofdt -> Downloader.WinShow.ak : Cleaned with backup

::Report End

06-14-2006, 11:05 PM	#9 (permalink)
redfish36117 Registered User Join Date: Jun 2006 Location: Auburn, Alabama Posts: 39 OS: XP	Hi, I ran all the programs, except of the Panda ActiveScan. I still am not connecting to the internet. But, the about.blank is gone. It has the microsoft home page in the url. But, it says that it cannot find the server. And I cannot ping any of my other cpu's. I have a small network with a linksys router. I did not run the hijacthis because I did not get to run the Panda Active Scan and also I cannot turn off Pc cillan. smitRem © log file version 3.0 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="6.0000" The current date is: Wed 06/14/2006 The current time is: 22:03:56.76 Running from C:\Documents and Settings\Andrea Tuggle\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ qjrkvy.exe thlwin32.dll winflash.dll adobepnl.dll users32.exe amcompat.tlb nscompat.tlb ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ about_spyware_bottom.gif as.gif as_header.gif box_1.gif box_2.gif box_3.gif button_buynow.gif button_freescan.gif download_box.gif features.gif footer_back.gif footer_back.jpg header_1.gif header_2.gif header_3.gif header_4.gif main_back.gif rf.gif rf_header.gif scan_btn.gif security-center-bg.gif security-center-logo.gif security_center_caption.gif sep_hor.gif sep_vert.gif spacer.gif spacer.gif' spyware-detected.gif star_gray.gif star_gray_small.gif star_small.gif ts.gif ts_header.gif v.gif warning_icon.gif win_logo.gif x.gif ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 780 'explorer.exe' Killing PID 780 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:26:53 PM, 6/14/2006 + Report-Checksum: A1303245 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{24F52FD3-D9CD-C5B4-2108-1DBD812D6F79} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2566FCEB-BCBE-B30A-35B9-518DEE38C367} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{25713B9E-3A18-4906-71FE-9FE3C5B4B02A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4CF3F22B-5DA9-5DE0-5DEB-EE4100912572} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{61D24A14-3A46-AD55-E435-902793177389} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{655D9CE4-1199-9A9A-0FBD-E8A5D9B1F5E2} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7CE28F1A-C75D-E86A-7653-65342618DF9B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{805B5372-5E8D-06EA-8F76-4E177E2F0426} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9D3DCB85-C38C-2CD8-1768-75E8BDB64A72} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A6BCE966-302E-BD8D-25BA-12F8C7148266} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A8F805E7-A3F6-F710-0209-8F4982D1B08D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B4A77CF6-02BF-DD85-3F0E-C3AEABCEDC8F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B6029097-47C6-0FE2-A8B2-F4630B4C91AF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B79CC35D-10FE-026C-855E-6F9CB7D9C3B9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B81B06F6-5EC4-55AF-F6BE-70DA417086A8} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B8321C12-3112-B9DC-AAF4-61729E4568F3} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{BA99F0F7-81BA-A3D0-11AE-7FAE337FF72F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{C5844CBD-D015-394D-8C9A-B52CFEA94E45} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{CC47DD3F-46F7-6813-D89E-37FD2658A254} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{E1855C39-8820-BABA-C94F-7C3D2AD1C652} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{EF4E1F2F-B634-DB07-0058-0E715E738DD5} -> Adware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-1829178307-83672145-3294281137-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86CB9367-12D4-E652-89AB-956913BAE9E0} -> Adware.CoolWebSearch : Cleaned with backup C:\WINDOWS\crlx32.exe:nzjkr -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\gdnos.dat:iipsm -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\KB817778.log:rthql -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\KB824141.log:wfija -> Downloader.Agent.an : Cleaned with backup C:\WINDOWS\MSDFMAP.INI:ywjyv -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\OCGEN.LOG:sbeww -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\OEWABLog.txt:frjcg -> Downloader.Agent.bc : Cleaned with backup C:\WINDOWS\OEWABLog.txt:qhvow -> Downloader.Agent.bc : Cleaned with backup C:\WINDOWS\Q327979.log:atfaw -> Downloader.Agent.ap : Cleaned with backup C:\WINDOWS\Q814033.log:venob -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\smscfg.ini:oubdg -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\Towelie.dll:ntjyx -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\Towelie.exe:xrjma -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\uninst.exe:puxtz -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\webshots.scr:wzhcu -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\WIASERVC.LOG:rzljs -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\Winamp.ini:fwanl -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\winampa.ini:zeyjy -> Downloader.WinShow.ak : Cleaned with backup C:\WINDOWS\WINNT256.BMP:yofdt -> Downloader.WinShow.ak : Cleaned with backup ::Report End