1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Take a look at this please - with hijackthis log

Discussion in 'Virus & Other Malware Removal' started by Kitty_Susy, Jan 26, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Kitty_Susy

    Kitty_Susy Thread Starter

    Joined:
    Apr 22, 2005
    Messages:
    61
    Hey, recently a site "searchtheweb" installed automatically something that makes appear lots of pop-ups and modified my web browser

    Hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:28:54, on 26-01-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Intel\Wireless\Bin\EvtEng.exe
    C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    D:\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    D:\Norton Internet Security\ccPxySvc.exe
    D:\ewido\security suite\ewidoctrl.exe
    D:\Norton AntiVirus\navapsvc.exe
    C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Synaptics\SynTP\SynTPLpr.exe
    C:\Programas\Synaptics\SynTP\SynTPEnh.exe
    C:\Programas\Arcade\PCMService.exe
    C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Programas\Launch Manager\QtZgAcer.EXE
    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
    C:\Programas\Winamp\winampa.exe
    C:\Programas\Messenger Plus! 3\MsgPlus.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Programas\acer\eRecovery\Monitor.exe
    C:\Programas\Kanguru\MphoneTools.exe
    D:\Kazaa Lite K++\KazaaLite.kpp
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Susete\Os meus documentos\My Received Files\hijackthis\HijackThis.exe
    C:\Programas\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {702CCB6E-F055-72E6-5933-1D3A125249B7} - C:\DOCUME~1\Susete\APPLIC~1\WIPETH~1\pureheck.exe (file missing)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Programas\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Programas\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [ccApp] C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Programas\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [web soft way bleh] C:\Documents and Settings\All Users\Application Data\listbagswebsoft\Encgrim.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [deleteshow] C:\DOCUME~1\Susete\APPLIC~1\ACEBIT~1\SURF SOFTWARE SIZE.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE99F3CD-2945-4AD8-BB7B-320C993372BB}: NameServer = 62.169.67.164 62.169.67.165
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Norton Internet Security\ccPxySvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido security suite control - ewido networks - D:\ewido\security suite\ewidoctrl.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Norton Internet Security\NISUM.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe
     
  2. wdm2291

    wdm2291

    Joined:
    Nov 4, 2004
    Messages:
    403
    Hi Kitty,

    You have a LOP infection which often comes when you install Messenger Plus!. To get rid of this infection, you need to remove Messenger Plus!. If you really like it, you can download it again later [when we're done removing this mess] and this time click "NO" when asked if you want to install the sponsor program that comes with it. It's the sponsor program that came with it that added this mess to your computer.

    Please copy the following instructions to a Notepad file on your desktop for easy reference:

    First go to Add/Remove Programs (in Control Panel "Start > Control Panel > Add/Remove Programs") and find Messenger Plus! in there and click it and click "Remove."

    You will see the "Messenger Plus! - Setup screen (if you don't see it, look on your taskbar, it might be minimized). To prove that someone is actually reading it, you have to enter the code that is displayed (some letters and/or numbers). Once you enter the code, press "Uninstall."

    If you entered the code properly, it will ask you to confirm that you want to uninstall. You must answer "Yes" to this question or you won't have another chance of uninstalling.

    To complete the uninstallation, follow the instructions it gives (including closing all your Internet Explorer windows - very important). When everything is done, restart your computer and hopefully it will be uninstalled.

    Now run Hijack This and if you see any of the following entries, put a check next to each of them and then close ALL other windows and browsers (including this one) EXCEPT Hijack This and click "Fix Checked":

    O2 - BHO: (no name) - {702CCB6E-F055-72E6-5933-1D3A125249B7} - C:\DOCUME~1\Susete\APPLIC~1\WIPETH~1\pureheck.exe (file missing)

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"

    O4 - HKLM\..\Run: [web soft way bleh] C:\Documents and Settings\All Users\Application Data\listbagswebsoft\Encgrim.exe

    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe" /WinStart

    O4 - HKCU\..\Run: [deleteshow] C:\DOCUME~1\Susete\APPLIC~1\ACEBIT~1\SURF SOFTWARE SIZE.exe


    Click here to download the trial version of Ewido Security Suite:
    http://www.ewido.net/en/download/

    · Install Ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido.
    · It will prompt you to update click the OK button and it will go to the main screen.
    · On the left side of the main screen click update.
    · Click on Start and let it update.
    · DO NOT run a scan yet.

    Restart your computer into Safe Mode now.
    (Start tapping the F8 key at Startup, before the Windows logo screen).
    Perform the following steps in Safe Mode:

    To make your hidden files and folders visible, go to Start > Search and under "More advanced search options". Make sure there is a check next to "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Now click on My Computer. Go to Tools > Folder Options. Click on the "View" tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Now run Ewido:

    Click on scanner
    Click Complete System Scan and the scan will begin.
    During the scan it will prompt you to clean files, click OK.
    When the scan is finished, look at the bottom of the screen and click the Save report button.
    Save the report to your desktop.

    Now look for the following folders [in bold] and delete them:

    C:\Programas\Messenger Plus! 3

    C:\Documents and Settings\All Users\Application Data\listbagswebsoft

    and the following file:

    C:\DOCUME~1\Susete\APPLICATION SETTINGS\ACEBIT~1\SURF SOFTWARE SIZE.exe <-- this file

    here the folder "ACEBIT~1" will start with the letters ACEBIT (and end with some other letters), go into that folder and delete (if you find it) the file "Surf Software Size.exe"

    Reboot your computer, run a new HijackThis log and post it and the results of the Ewido scan here

    Wayne
     
  3. Kitty_Susy

    Kitty_Susy Thread Starter

    Joined:
    Apr 22, 2005
    Messages:
    61
    Logfile of HijackThis v1.99.1
    Scan saved at 0:12:14, on 27-01-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Intel\Wireless\Bin\EvtEng.exe
    C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    D:\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    D:\Norton Internet Security\ccPxySvc.exe
    D:\ewido anti-malware\ewidoctrl.exe
    D:\Norton AntiVirus\navapsvc.exe
    C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Synaptics\SynTP\SynTPLpr.exe
    C:\Programas\Synaptics\SynTP\SynTPEnh.exe
    C:\Programas\Arcade\PCMService.exe
    C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Programas\Launch Manager\QtZgAcer.EXE
    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
    C:\Programas\Winamp\winampa.exe
    C:\Programas\MSN Messenger\msnmsgr.exe
    C:\Programas\Kanguru\MphoneTools.exe
    C:\Programas\acer\eRecovery\Monitor.exe
    C:\Programas\Winamp\winamp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Documents and Settings\Susete\Os meus documentos\My Received Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Programas\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Programas\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [ccApp] C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Programas\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE99F3CD-2945-4AD8-BB7B-320C993372BB}: NameServer = 62.169.67.164 62.169.67.165
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Norton Internet Security\ccPxySvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido security suite control - ewido networks - D:\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Norton Internet Security\NISUM.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe


    ---------------------------------------------------------
    ewido anti-malware - Relatório de verificação
    ---------------------------------------------------------

    + Criado em: 0:05:47, 27-01-2006
    + Relatório-Checksum: 5C85AC0B

    + Resultado da verificação:

    C:\Documents and Settings\Susete\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Limpo com backup
    C:\System Volume Information\_restore{B80077B6-9EC2-4BDA-9C96-51015B5D41E0}\RP70\A0024903.exe -> Downloader.Swizzor.cg : Limpo com backup


    ::Fim do Relatório
     
  4. wdm2291

    wdm2291

    Joined:
    Nov 4, 2004
    Messages:
    403
    Hi Kitty,

    Sorry for the delay in responding to you.

    Unless you use a program that needs the following entry, I'd fix it in HijackThis:

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    Now boot to Safe Mode (reboot and tap the F8 key til you get the black screen menu and choose Safe Mode)

    In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - "Select All" then "Edit" - "Delete" to delete the entire contents of the Temp folder.

    Go to Start - Run and type %temp% in the Run box and hit "Enter". The Temp folder will open. Click "Edit" - "Select All" then "Edit" - "Delete" to delete the entire contents of the Temp folder.

    Now go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Programs" tab then click the "Reset Web Settings" button. Click Apply then OK.

    Empty the recycle bin.

    How is your computer running now?

    Wayne
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/437379

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice