Jump to content


  • Content Count

  • Joined

  • Last visited

About connie6121

  • Rank
  1. I have started the ticket -Thank You. While waiting for the next step, I'm continuing to look at the registry -not changing, just getting more acquainted with it, and finding available tools. Connie
  2. Update: Per the answer to another question, I have today downloaded the SAS new version, the manual updates, and the uninstaller, and run all of those. The results have not changed at all. The laptop is 2-3 yrs old, running Win XP Media Center, SP2. When it finally gets clean, I will update it to SP3. It got infected in the first place by her grandchildren borrowing it. Thanks Again! Connie
  3. Hello, I've been working on a friend's infected laptop for several weeks. It has been pronounced clean by another expert, and I see nothing in the HJT logs to dispute that opinion, but there is still one issue bothering me. History: To clean infections, I have run the Avira Rescue Disk, turned off System Restore, run Avira a-v, Malwarebytes, Spybot S&D, which all found much infection but now find nothing. Also ran the f-secure online scan, which found, I think, 4 items. Super also found many, and is still finding something (more on that below). Current: There are still entries in the msconfig Startup that I would like to remove but don't know how. They are unchecked, and not running in Task Manager. The only checked items in Startup are Avira and Spybot TeaTimer. Also remaining in Add-Remove Programs is Mirar, which I cannot remove from there. When I try, it wants to get online, which I mostly have not been allowing. I finally did let it online once. The website required me to affirm that Mirar was not spyware before any other buttons would work, but then still did not remove it. The laptop is totally offline -no phone cable attached, and wi-fi is disabled. Now back to Super. Every time I run it, it finds the same group of infections, generally labeled as SmartEnhancer-AD. In Quick Scan, it finds 7 registry entries, and in Full Scan it finds 35 registry entries plus 1 file. In Safe Mode, it only finds the 7. It wants to restart to finish cleaning, and I do that. Then I run Super again, and it finds them again. Over and over and over. They all appear in the Quarantine folders, each time I've run it. I can't find the file where it should be (C:\Program Files\VisualTool\VisualTool-1), or with Start >Search. System Restore is still off, the Recycle Bin is empty, and the last several days I have been deleting all quarantine files after every run. I've pretty much decided that Super is removing these items, but something is still running that puts them back on reboot, but I can't find it. My last try was starting msconfig Services and unchecking (1)AOL Connectivity Service and (2)Symantec Core LC and (3)Windows Media Player Network Sharing Service -not from Microsoft, listed as unknown mfg. I don't know much about working with the registry, but decided it was okay to 'look'. General info on the registry entries: There are 5 ID(?) numbers 68BF610F-C5CD-C624-6B44-224AEE8B95EB E2ED872C-4118-2D61-A187-6100030472B0 E4424E6E-B629-0171-CD10-959D401754AD 829537D5-A960-FEB0-C6DB-654DDA176EA5 F3A54897-9E68-B11E-A37A-4D1422CE9CAA I went farther with some called VisualTool.PornPro, assuming if I managed to delete them it would be no loss. However, I could not. The msg was "cannot delete -- Error while deleting key" I discovered that the 'owner' of these is not 'administrator', or the laptop owner, but something called 'S-1-5-21-1360426424-1458802794-909473479-1006'. I did manage to change the owner of one of them to the laptop owner, but still could not delete. I hope you can help -it's driving me nuts!! Thank You! Connie Note: These logs are not from today, as I have not transferred today's to this computer, but they are exactly the same as today's. It has not been online since these logs were run. Here is the 'Safe Mode' log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 02/26/2009 at 01:11 PM Application Version : 4.25.1012 Core Rules Database Version : 3775 Trace Rules Database Version: 1734 Scan type : Complete Scan Total Scan Time : 01:14:50 Memory items scanned : 195 Memory threats detected : 0 Registry items scanned : 5763 Registry threats detected : 7 File items scanned : 18730 File threats detected : 0 Trojan.Unclassified/SmartEnhancer-AD HKLM\Software\Classes\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA} HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA} HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\InprocServer32 HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\ProgID HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\Programmable HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\TypeLib HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\VersionIndependentProgID And here is the 'Windows' log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 02/26/2009 at 02:03 PM Application Version : 4.25.1012 Core Rules Database Version : 3775 Trace Rules Database Version: 1734 Scan type : Complete Scan Total Scan Time : 00:27:59 Memory items scanned : 397 Memory threats detected : 0 Registry items scanned : 5751 Registry threats detected : 35 File items scanned : 18734 File threats detected : 1 Trojan.Unclassified/SmartEnhancer-AD HKLM\Software\Classes\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA} HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA} HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA} HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\InprocServer32 HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\InprocServer32#ThreadingModel HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\ProgID HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\Programmable HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\TypeLib HKCR\CLSID\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}\VersionIndependentProgID HKCR\VisualTool.PornPro_BHO.1 HKCR\VisualTool.PornPro_BHO.1\CLSID HKCR\VisualTool.PornPro_BHO HKCR\VisualTool.PornPro_BHO\CLSID HKCR\VisualTool.PornPro_BHO\CurVer HKCR\TypeLib\{829537D5-A960-FEB0-C6DB-654DDA176EA5} HKCR\TypeLib\{829537D5-A960-FEB0-C6DB-654DDA176EA5}\1.0 HKCR\TypeLib\{829537D5-A960-FEB0-C6DB-654DDA176EA5}\1.0\0 HKCR\TypeLib\{829537D5-A960-FEB0-C6DB-654DDA176EA5}\1.0\0\win32 HKCR\TypeLib\{829537D5-A960-FEB0-C6DB-654DDA176EA5}\1.0\FLAGS HKCR\TypeLib\{829537D5-A960-FEB0-C6DB-654DDA176EA5}\1.0\HELPDIR C:\PROGRAM FILES\VISUALTOOL\VISUALTOOL-1.DLL HKCR\Interface\{68BF610F-C5CD-C624-6B44-224AEE8B95EB} HKCR\Interface\{68BF610F-C5CD-C624-6B44-224AEE8B95EB}\ProxyStubClsid HKCR\Interface\{68BF610F-C5CD-C624-6B44-224AEE8B95EB}\ProxyStubClsid32 HKCR\Interface\{68BF610F-C5CD-C624-6B44-224AEE8B95EB}\TypeLib HKCR\Interface\{68BF610F-C5CD-C624-6B44-224AEE8B95EB}\TypeLib#Version HKCR\Interface\{E2ED872C-4118-2D61-A187-6100030472B0} HKCR\Interface\{E2ED872C-4118-2D61-A187-6100030472B0}\ProxyStubClsid HKCR\Interface\{E2ED872C-4118-2D61-A187-6100030472B0}\ProxyStubClsid32 HKCR\Interface\{E2ED872C-4118-2D61-A187-6100030472B0}\TypeLib HKCR\Interface\{E2ED872C-4118-2D61-A187-6100030472B0}\TypeLib#Version HKCR\Interface\{E4424E6E-B629-0171-CD10-959D401754AD} HKCR\Interface\{E4424E6E-B629-0171-CD10-959D401754AD}\ProxyStubClsid HKCR\Interface\{E4424E6E-B629-0171-CD10-959D401754AD}\ProxyStubClsid32 HKCR\Interface\{E4424E6E-B629-0171-CD10-959D401754AD}\TypeLib HKCR\Interface\{E4424E6E-B629-0171-CD10-959D401754AD}\TypeLib#Version
  • Create New...