Help!! Windows explorer troubles, Popups, internet keeps disconnecting by itself?

Discussion in 'Malware Help (A Specialist Will Reply)' started by fin1, Feb 6, 2005.

Page 2 of 2
  1. fin1

    fin1 Private E-2

    Ok Done. Here is the new log.

    fin1
     

    Attached Files:

    fin1, Feb 10, 2005
    #51
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Damn! Still there. Do they also still show in Registry Search Tool?

    Which spyware removal programs are installed?
    - Ad-Aware SE?
    - Spybot S&D?
    - SpywareBlaster?
    Any others?

    I see various Webroot products too.
     
    chaslang, Feb 10, 2005
    #52
  3. fin1

    fin1 Private E-2


    Search results were the same

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "2F5DBEBF-C9D9-6020-C070-CDE66F65F4CC" 2/10/2005 2:03:55 AM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F5DBEBF-C9D9-6020-C070-CDE66F65F4CC}]

    [HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F5DBEBF-C9D9-6020-C070-CDE66F65F4CC}\iexplore]


    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "702DB1CA-CC6C-2D8E-376D-4763760D0AF8" 2/10/2005 2:07:20 AM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{702DB1CA-CC6C-2D8E-376D-4763760D0AF8}]

    [HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{702DB1CA-CC6C-2D8E-376D-4763760D0AF8}\iexplore]


    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "8A4F2B07-16F9-F168-3125-28E4FF97CBD9" 2/10/2005 2:10:08 AM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4F2B07-16F9-F168-3125-28E4FF97CBD9}]

    [HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4F2B07-16F9-F168-3125-28E4FF97CBD9}\iexplore]

    [HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1004\Software\Resplendence Sp\Registrar Lite\Settings]
    "LastOpenedKey"="HKEY_USERS\\S-1-5-21-1993962763-329068152-725345543-1004\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{8A4F2B07-16F9-F168-3125-28E4FF97CBD9}"

    And only those spyware removal programs:
    Ad-Aware SE
    - Spybot S&D
    - SpywareBlaster

    The webroot product is Window Washer.

    fin1
     
    fin1, Feb 10, 2005
    #53
  4. fin1

    fin1 Private E-2

    Well I better get to bed. Is it ok to use this pc on the net?

    Thanks again for your help. Talk to you tomorrow.

    fin1
     
    fin1, Feb 10, 2005
    #54
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Were all IE sessions closed when you did the registry merge?

    Yes, it is more than like safe to use this PC.

    I wondering if the following will work (I doubt it. It seems like we really did this already. But they are saying delete the whole stats key.)

    http://windowsxp.mvps.org/ie/addonst.htm

    That's the statistics themselves. I don't undertand why the BHO lines still appear though since we did fixed them before. Maybe they are some how related to the stats being cleared.
     
    Last edited: Feb 10, 2005
    chaslang, Feb 10, 2005
    #55
  6. fin1

    fin1 Private E-2

    Yes the IE sessions were closed.

    I don't understand what to do next?

    ?

    fin1
     
    fin1, Feb 10, 2005
    #56
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry I got interrupt for awhile and must have clicked to post the message before completing. I added a few words in red at the end of my previous message.

    Also I was suggesting that you try the steps in the link I provided.
     
    chaslang, Feb 10, 2005
    #57
  8. fin1

    fin1 Private E-2

    ok I'm just not sure how to do that because i can't find the stat key?

    fin1
     
    fin1, Feb 11, 2005
    #58
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Look under the Tools menu for Manage Browser Add-ons
     
    chaslang, Feb 11, 2005
    #59
  10. fin1

    fin1 Private E-2

    Hello again, ok i deleted the stats key. Ran another scan and those 3 BHO's are still there. What could we try now? Should I create a new Stats Key? Here is the log file.

    fin1
     

    Attached Files:

    fin1, Feb 13, 2005
    #60
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First boot into safe mode!


    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them (if you get any error messages just okay you way out of it and continue on to the Ending the next one):
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Webroot\Accelerate\accelerate2002.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {2F5DBEBF-C9D9-6020-C070-CDE66F65F4CC} - (no file)
    O2 - BHO: (no name) - {702DB1CA-CC6C-2D8E-376D-4763760D0AF8} - (no file)
    O2 - BHO: (no name) - {8A4F2B07-16F9-F168-3125-28E4FF97CBD9} - (no file)

    After clicking Fix, exit HJT.

    Reboot in normal mode! And post a new HJT log.
     
    chaslang, Feb 13, 2005
    #61
  12. fin1

    fin1 Private E-2

    Hello Chaslang, I did as You requested but they still seem to be there. None of those processes were running in safe mode.Here is the log.

    fin1
     

    Attached Files:

    fin1, Feb 14, 2005
    #62
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download: http://www.atribune.org/downloads/HSFix.zip

    Extract the tool from the ZIP File to a folder you can easily find (preferably in its own folder - like c:\HSFix).


    Please boot to Safe Mode to run the HSfix tool. After booting to safe mode,</B> open the HSFix Tool folder and DoubleClick hsfix.bat and let it run. It will produce a log here - C:\hslog.txt


    Attach the hslog.txt file back here.
    .
     
    chaslang, Feb 15, 2005
    #63
  14. fin1

    fin1 Private E-2

    Hello again. Here is the log file you requested.

    fin1
     

    Attached Files:

    fin1, Feb 15, 2005
    #64
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    OK! That found one hidden problem. Not sure if it is related or not. Try fixing those three lines again and let's see if the stay fixed.
     
    chaslang, Feb 16, 2005
    #65
  16. fin1

    fin1 Private E-2

    Tried fixing them but still there :( Here is the log file.

    fin1
     

    Attached Files:

    fin1, Feb 16, 2005
    #66
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    A new version of HJT is out! Please download it and try fixing those items with it. Let me know the results. Get it here: HijackThis 1.99.1
     
    chaslang, Feb 16, 2005
    #67
  18. fin1

    fin1 Private E-2

    Hello again. Tried with new version to delete them but there still there. Here is the log file.

    fin1
     

    Attached Files:

    fin1, Feb 16, 2005
    #68
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As far as I remember, your PC is working fine. Is that correct? I'm really annoyed that we cannot remove this and would like to figure out why but they do not appear to be hurting anything either (at least not that we can tell).

    Let's try a couple more things: download and install this trial version of Spy Sweeper and do the one time free update and the scan your system. Save the log! I would like to see what it finds and whether it finds anything related to these BHO entries.
     
    chaslang, Feb 17, 2005
    #69
  20. fin1

    fin1 Private E-2

    Ok ran the trial spysweeper. WOW look at the junk? Here is the log file.

    fin1
     

    Attached Files:

    fin1, Feb 17, 2005
    #70
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! It cleaned up a load of left over garbage. But it does not look like it did anything for the 3 problem BHO entries. I did not see them mentioned in the log.
     
    chaslang, Feb 17, 2005
    #71
  22. fin1

    fin1 Private E-2

    Other than the 3 BHO's how does it look? clean? The BHO's don't seem to be doing any harm that i know of. Is there anything else I should do or is it good now. It sure is running alot faster. But every now and then when i'm on the net and going from one page to another it seems to freeze fo some time before going to the next page. Have you heard of ths before?

    fin1
     
    fin1, Feb 17, 2005
    #72
  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Those delays are sometimes caused by the pages you are downloading. Some the advertisement stuff on pages can cause delays when the servers are slow to answer. Even happens on MGs.

    As long as the BHO's are causing no problems, you are okay. I really would like to figure out why they will not go away.

    You should make sure you have done all the steps in the link below:
    How to Protect yourself from malware!
     
    chaslang, Feb 18, 2005
    #73
  24. fin1

    fin1 Private E-2

    I think I have all what is needed to protect my pc better now. If you find any new ideas to get those BHO's out of there i'll keep checking in. THANK YOU very much for all your generous help :) There should be more people like you in this world to make computing safer from the ones who want to create havoc on others.
    THANK YOU SO MUCH AGAIN.

    fin1
     
    fin1, Feb 18, 2005
    #74
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're quite welcome! And you can be sure I will be looking for more reasons why those items could not be fixed. What really baffles me is that the direct registry manipuations did not even work.
     
    chaslang, Feb 18, 2005
    #75
  26. fin1

    fin1 Private E-2

    Well i'll be sticking around MajorGeeks.com. I like it here. Hopefully help too how ever i can :)
     
    fin1, Feb 18, 2005
    #76
  27. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Everyone is welcome here!
     
    chaslang, Feb 18, 2005
    #77
Page 2 of 2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds