Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


please help my poor computer.

  • This topic is locked This topic is locked
2 replies to this topic

#1 fluffypinkcloud


  • Members
  • 1 posts
  • Local time:11:43 AM

Posted 23 February 2005 - 11:25 PM

hello friends,

I have run SPYBOT numerous times. All it ever does is scan OVER coolwebsearch. It can find something called "DSO Exploit" but it always comes back if I remove it. [it also doesn't get rid of what looks like a remnant of GAIN. how annoying.]

Adaware will not even run AT ALL. It completely freezes.

CWShredder also skips right over it.

my computer runs horribly slowly. it stutters frequently (like it'll make loud grindingish noises and freeze the screen for a few seconds). I don't know if there are problems as much with popups 'cause I don't run IE although there are times in Opera where an "about:blank" screen comes up upon opening the browser. it doesn't really DO anything, though, so I don't know if it's related?

ANYWAY. here is the log that was generated by hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:20:12, on 02.23.05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Opera\opera.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Microszoft Update Mach1nezs] svchst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thank you very much.

BC AdBot (Login to Remove)



#2 ddeerrff



  • Malware Response Team
  • 2,718 posts
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:11:43 AM

Posted 25 February 2005 - 02:03 PM

I have run SPYBOT numerous times. [....] It can find something called "DSO Exploit" but it always comes back if

This is a bug in Spybot. You can ignore it or download and install the patch from http://www.majorgeeks.com/download4392.html.

Adaware will not even run AT ALL. It completely freezes.

Open Ad-Aware and click on the gear symbol, then the Tweak button. Expand Scanning Engine and UNcheck "Unload Recognized Processes and Modules during scan". Click on Proceed. See if it completes now.

CWShredder also skips right over it.
an "about:blank" screen comes up upon opening the browser.

I don't see CWS or anything related to A:B in your log. A blank page may be the default in Opera, have you tried setting a specific home page?

Prior to doing the fix below with HijackThis, Spywareguard needs to be turned off.
Please right click the running icon of Spywareguard, it will open the program, Menu, file, exit, and confirm the programs close.
Unless it is turned off it could interfer with the fix by hijackthis.

Start HJT and click on the SCAN button. Put a check mark in front of the following lines if they still show:

O4 - HKLM\..\RunServices: [Microszoft Update Mach1nezs] svchst.exe

With ALL OTHER WINDOWS CLOSED, click on Fix Checked.

Use Windows Search to locate the following file and delete it:

svchst.exe <-- Note the spelling carefully. Do not delete the similarly named required Windows file svchost.exe.

Reboot and post a new HJT log please.

#3 ddeerrff



  • Malware Response Team
  • 2,718 posts
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:11:43 AM

Posted 14 March 2005 - 02:50 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users