1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Ad/remove Won't Open

Discussion in 'Windows XP' started by xico, Jan 2, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    I'm on my son's XP. He's been dealing with a hacker. Don't know if we got rid of him yet, but now the Ad/Remove program won't open. I've tried using the Control Pane; from the Start button and from the Computer button. Every other button in the Control Panel Works. And yes we've rebooted many times.

    Any suggestions would be greatly appreciated.:D
     
  2. Shortys748

    Shortys748

    Joined:
    Oct 23, 2005
    Messages:
    220
    post a HJT (Hijack this) log, and did you run any scans?
     
  3. awalker0878

    awalker0878 Removed by request

    Joined:
    Dec 16, 2005
    Messages:
    407
    bet he used a reg hack to prevent you from ADD/Remove programs from opening

    start\run: regedit
    navagate to:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall
    delete every entry under

    also check
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall
    delete every entry under
     
  4. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    Just checked in. Didn't get a notifying email. Thanks. I'll post a HJT log, and check out the eregedit. Thanks again! (y)
     
  5. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    Here's the HJT log--but I went into the registry and did as I was told, and we got the Ad/Remove panel back up like a charm. Thanks! Could you give me a brief explanation of what the hacker did, and if he coul put this on another program, would I be going to the same "policies" to uninstall there too?

    I'm thrilled! Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 7:10:41 PM, on 1/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\program files\valve\steam\steam.exe
    C:\PROGRA~1\SPYWAR~1\swdoctor.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\VisualZone\VisualZone.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\webshots.scr
    C:\Program Files\Anti-BO\Anti-bo.exe
    C:\Program Files\ewido anti-malware\SecuritySuite.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AvltMain.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\Apvxdwin.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Luke1\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: TimeSync.lnk = C:\Program Files\J River\Netbox3\NetBox.exe
    O4 - Global Startup: VisualZone.lnk = C:\Program Files\VisualZone\VisualZone.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe
    O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: My IP Suite - {FB5F1910-F110-11d2-BB9E-80C04F795683} - C:\Program Files\My IP Suite\MyIPSuite.exe
    O9 - Extra 'Tools' menuitem: My IP Suite - {FB5F1910-F110-11d2-BB9E-80C04F795683} - C:\Program Files\My IP Suite\MyIPSuite.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4650/mcfscan.cab
    O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
     
  6. awalker0878

    awalker0878 Removed by request

    Joined:
    Dec 16, 2005
    Messages:
    407
    Yes you could do the same steps if he did this on another pc. Though he probably did not edit the registry he might of used poledit an *old* utility designed to lockdown corporate pcs from tinkering users. I *do not* suggest using to remove restrictions as it can unexpected results on xp.

    use Panda AntiveScan to check for hacker tools or trojans he might of put on your system:

    http://www.pandasoftware.com/products/activescan.htm

    and post the log
     
  7. awalker0878

    awalker0878 Removed by request

    Joined:
    Dec 16, 2005
    Messages:
    407
    We could trim the start-up so that your computer runs faster.

    MFDnSC was nice enough look at your HJT log (thanks MFDnSC!)

    MFDnSC's Avatar
    MFDnSC MFDnSC is online now
    Distinguished Member

    Posts: 19,419
    Join Date: Sep 2004
    Location: Low Country SC
    Experience: Ret. Director IT
    Quote:
    Originally Posted by awalker0878
    http://forums.techguy.org/windows-nt...l-missing.html

    http://forums.techguy.org/windows-nt...wont-open.html
    Both are fine
    __________________
    "Nothing could be finer than to be in South Carolina......"

    Member ASAP

    If my posts have helped you please make a donation

    Give credit where credit is do thanks MFDnSC
     
  8. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    I'd appreciate it if you 'd trim the start menu. And thanks MFDnSC! (y) :D
     
  9. awalker0878

    awalker0878 Removed by request

    Joined:
    Dec 16, 2005
    Messages:
    407
    You could safely remove these entries:

    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: TimeSync.lnk = C:\Program Files\J River\Netbox3\NetBox.exe
    O4 - Global Startup: VisualZone.lnk = C:\Program Files\VisualZone\VisualZone.exe

    though some programs you would now have to open yourself but they would not always be in memory eating up ram
     
  10. xico

    xico Thread Starter

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    (y) Thank you AWalker! Much obliged! My son thanks you too. (y) :D
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved remove Won't
  1. SilverSurf
    Replies:
    3
    Views:
    301
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430339

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice