1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Add/Remove Programs access problem.

Discussion in 'Windows XP' started by jwjonco, Jul 11, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. jwjonco

    jwjonco Thread Starter

    Joined:
    Jul 11, 2006
    Messages:
    6
    Howdy! New member here. I've been searching for a resolution, of some sort, for the following:
    My add/remove programs (Control Panel) won't open. I left click, right click, double click, tripple click, quadruple click.....aaarghhh!
    All others open, O.K.! There are some programs I want to, need to uninstall, but I can't, because I can't open add/remove programs.
    Is there some way I can access add/remove (like at start up?) other than the through the Control Panel? Or is there some sort other resolution to this problem? I have a custom computer:
    MSI K7T266 PRO2
    AMD Athlon XP 1500+
    256 DDR/2.5V DDRAM
    Windows 2000 Pro
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,276
    Hi and welcome to TSG,

    Do you still need assistance with this?

    If so, please do this:

    Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. jwjonco

    jwjonco Thread Starter

    Joined:
    Jul 11, 2006
    Messages:
    6
    Logfile of HijackThis v1.99.1
    Scan saved at 2:35:58 PM, on 7/30/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Pirvod\Qhwebv.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    C:\Program Files\Trend Micro\Tmas\Tmas.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [w0af631b.dll] "RUNDLL32.EXE" w0af631b.dll,I2 0005982000af631b
    O4 - HKLM\..\Run: [Sgahsz] "C:\Program Files\Pirvod\Qhwebv.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.98/display/PopupSh.ocx
    O16 - DPF: {B2DDFE76-8D1B-4D43-A3C4-3810745DB8E6} (Loader Class) - http://www.binarybiz.com/tools/drivetest/RecoveryManager.dll
    O19 - User stylesheet: (file missing)
    O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,276
    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.



    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
     
  5. jwjonco

    jwjonco Thread Starter

    Joined:
    Jul 11, 2006
    Messages:
    6
    Logfile of HijackThis v1.99.1
    Scan saved at 5:36:21 PM, on 7/31/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    C:\Program Files\Trend Micro\Tmas\Tmas.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [w0af631b.dll] "RUNDLL32.EXE" w0af631b.dll,I2 0005982000af631b
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.98/display/PopupSh.ocx
    O16 - DPF: {B2DDFE76-8D1B-4D43-A3C4-3810745DB8E6} (Loader Class) - http://www.binarybiz.com/tools/drivetest/RecoveryManager.dll
    O19 - User stylesheet: (file missing)
    O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  6. jwjonco

    jwjonco Thread Starter

    Joined:
    Jul 11, 2006
    Messages:
    6
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:30:18 PM 7/30/2006

    + Scan result:



    HKLM\SOFTWARE\Classes\CLSID\{3ADD49EB-9314-0FC6-66E0-D6033BD60364} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{3EA1A3C3-66F8-C16A-C172-941EB55BA5E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{77AA288C-4EB6-ADD2-6289-1A1A78F8EC3A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    C:\WINNT\system32\OwgRD.exe -> Backdoor.VB.nb : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\031436.exe -> Dialer.BTV : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\031436.exe -> Dialer.BTV : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\dialer.exe -> Dialer.Generic : Cleaned with backup (quarantined).
    C:\WINNT\system32\Desire-uninstall.exe -> Dialer.Generic : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\dialer.exe -> Dialer.Generic : Cleaned with backup (quarantined).
    F:\WINNT\system32\Desire-uninstall.exe -> Dialer.Generic : Cleaned with backup (quarantined).
    C:\WINNT\system32\q8k0fsv0.exe -> Dropper.Small.cu : Cleaned with backup (quarantined).
    F:\WINNT\system32\q8k0fsv0.exe -> Dropper.Small.cu : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-129-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-148-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-171-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-31-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-341-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-57-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-679-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-688-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-712-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-99-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-129-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-148-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-171-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-31-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-341-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-57-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-679-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-688-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-712-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-99-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.3\plugin-712-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.4\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.4\plugin-171-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.4\plugin-712-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.5\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.5\plugin-171-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.7\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\CONFLICT.8\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\plugin-171-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\plugin-42-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\plugin-688-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\WINNT\Downloaded Program Files\plugin-712-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-129-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-148-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-171-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-31-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-341-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-57-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-679-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-688-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-712-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.1\plugin-99-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-129-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-148-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-171-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-31-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-341-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-57-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-679-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-688-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-712-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.2\plugin-99-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.3\plugin-712-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.4\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.4\plugin-171-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.4\plugin-712-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.5\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.5\plugin-171-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.7\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\CONFLICT.8\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\plugin-111-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\plugin-171-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\plugin-42-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\plugin-688-0.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    F:\WINNT\Downloaded Program Files\plugin-712-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Click2begin : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Cookies\[email protected][2].txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Cookies\[email protected][1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Yazzle1119OinAdmin.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
    C:\WINNT\odbs.log -> Trojan.Valg : Cleaned with backup (quarantined).
    F:\WINNT\odbs.log -> Trojan.Valg : Cleaned with backup (quarantined).


    ::Report end
     
  7. jwjonco

    jwjonco Thread Starter

    Joined:
    Jul 11, 2006
    Messages:
    6
    Incident Status Location

    Adware:adware/keenvalue Not disinfected c:\winnt\system32\drivers\etc\hosts.bho
    Adware:adware/twain-tech Not disinfected c:\winnt\inf\twaintec.inf
    Adware:adware/secure32 Not disinfected c:\winnt\Country.exe
    Adware:adware/downloadware Not disinfected c:\winnt\Digital Signature 20020502.htm
    Dialer:dialer generic Not disinfected c:\program files\GIB
    Adware:adware/dyfuca Not disinfected Windows Registry
    Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\MySearch
    Adware:adware/iedriver Not disinfected Windows Registry
    Adware:adware/ipinsight Not disinfected Windows Registry
    Adware:adware/memorywatcher Not disinfected Windows Registry
    Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][sx.htm]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][ieupdate.exe]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][td.exe]
    Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[dist1_1_00.exe]
    Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[SaveInstCsSm.exe]
    Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[ezStub.exe]
    Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[sys_ai_client_loader.exe]
    Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[incredifind.exe]
    Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][sx.htm]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][ieupdate.exe]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][td.exe]
    Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[dist1_1_00.exe]
    Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[SaveInstCsSm.exe]
    Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[ezStub.exe]
    Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[sys_ai_client_loader.exe]
    Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[incredifind.exe]
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\John1\Cookies\[email protected][4].txt
    Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\John1\Cookies\[email protected][1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\John1\Local Settings\Temp\Cookies\[email protected][1].txt
    Dialer:Dialer.BCA Not disinfected C:\Program Files\GIB\01setup.EXE
    Dialer:Dialer.Gen Not disinfected C:\Program Files\Hewlett-Packard\hp officejet v series\Help\5-1-8-1.exe
    Adware:Adware/FavoriteMan Not disinfected C:\WINNT\system32\g041t.dll
    Adware:Adware/WurldMedia Not disinfected C:\WINNT\system32\winbpupd.exe
    Virus:Trj/Downloader.OE Not disinfected F:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
    Adware:Adware/IEDriver Not disinfected F:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
    Adware:Adware/IEDriver Not disinfected F:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][sx.htm]
    Adware:Adware/IEDriver Not disinfected F:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][ieupdate.exe]
    Adware:Adware/IEDriver Not disinfected F:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][td.exe]
    Adware:Adware/BrowserAid Not disinfected F:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[dist1_1_00.exe]
    Adware:Adware/SaveNow Not disinfected F:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[SaveInstCsSm.exe]
    Adware:Adware/eZula Not disinfected F:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[ezStub.exe]
    Spyware:Spyware/Apropos Not disinfected F:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[sys_ai_client_loader.exe]
    Adware:Adware/KeenValue Not disinfected F:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[incredifind.exe]
    Virus:Trj/Downloader.OE Not disinfected F:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
    Adware:Adware/IEDriver Not disinfected F:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
    Adware:Adware/IEDriver Not disinfected F:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][sx.htm]
    Adware:Adware/IEDriver Not disinfected F:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][ieupdate.exe]
    Adware:Adware/IEDriver Not disinfected F:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][td.exe]
    Adware:Adware/BrowserAid Not disinfected F:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[dist1_1_00.exe]
    Adware:Adware/SaveNow Not disinfected F:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[SaveInstCsSm.exe]
    Adware:Adware/eZula Not disinfected F:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[ezStub.exe]
    Spyware:Spyware/Apropos Not disinfected F:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[sys_ai_client_loader.exe]
    Adware:Adware/KeenValue Not disinfected F:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[incredifind.exe]
    Dialer:Dialer.BCA Not disinfected F:\Program Files\GIB\01setup.EXE
    Dialer:Dialer.Gen Not disinfected F:\Program Files\Hewlett-Packard\hp officejet v series\Help\5-1-8-1.exe
    Potentially unwanted tool:Application/MyWay Not disinfected F:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL
    Potentially unwanted tool:Application/MyWay Not disinfected F:\Program Files\MySearch\bar\1.bin\S42NS.EXE
    Potentially unwanted tool:Application/MyWay Not disinfected F:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    Spyware:Spyware/StartPage Not disinfected F:\WINNT\system32\drivers\etc\hosts.bho
    Adware:Adware/WurldMedia Not disinfected F:\WINNT\system32\winbpupd.exe
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,276
    Please download SmitfraudFix (by S!Ri)

    Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop. This is imperative for the tool to function properly. If using a utility such as winzip you will have to direct it there as it will not unzip to the desktop by default. The desination location should look like this (C: being your primary drive): C:\Documents and Settings\User\Desktop\SmitfraudFix

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  9. jwjonco

    jwjonco Thread Starter

    Joined:
    Jul 11, 2006
    Messages:
    6
    SmitFraudFix v2.78

    Scan done at 18:38:52.06, Tue 08/01/2006
    Run from C:\Documents and Settings\John1\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

    C:\WINNT\country.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John1\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,276
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Remove Programs access
  1. Edvinas112edvis
    Replies:
    2
    Views:
    795
  2. Zygmo
    Replies:
    5
    Views:
    817
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/482456

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice