Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

hello team i gotta live one

This is a discussion on hello team i gotta live one within the Resolved HJT Threads forums, part of the Tech Support Forum category. hello i was transfered over to this forum from xp microsoft computing i have some problems while trying to clean


 
 
Thread Tools Search this Thread
Old 01-10-2006, 08:47 PM   #1
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System

EEK!

hello i was transfered over to this forum from xp microsoft computing i have some problems while trying to clean up pc. heres my hjt log

Logfile of HijackThis v1.99.1
Scan saved at 10:36:45 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1128469640765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - https://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing)

ill try linking this thread to old one so you no whats going on........I DO NOT KNOW HOW OSHWYN5 WAS HELPING ME
grassi is offline  
Sponsored Links
Advertisement
 
Old 01-10-2006, 09:29 PM   #2
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System

i tried clicking on paperclip icon in my post and saved my xp forum info to my desktop then hit browse option clicked on folder and it seemed to have made a folder somewhere in my computer and now i cant find it because my edit time has expired. Never had a chance to no if it worked(uploading another thread to this one) wow that paper clip option is confusing i went back with this thread edit and that weird file wasnt there but replaced itself with a new one. in cookies folder there is afile called index dat what is it and do i need it? won't allow deletion due to it stating used by something other file ....it is just an encryted notepad file i believe. what are those folders that keep installing from paperclip
grassi is offline  
Old 01-10-2006, 10:48 PM   #3
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System

im back to normal idecided to stay away from your paperclip icon option when posting a reply\thread. for i dont know how to use this function. I also give up on looking for the option on linking my post in xp to this one. SO PLEASE ANY MODERATOR PLEASE REFER TO MY POST UNDER MICROSOFT COMPUTING IN XP " hello team looking to clean up computer by grassi. I am also going to restart my computer as it is running slow and its brand new but will have to close my hjt scan and do another for you.
grassi is offline  
Sponsored Links
Advertisement
 
Old 01-11-2006, 09:57 AM   #4
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System


https://www.techsupportforum.com/wind...-clean-up.html this is my link from the other tech support forum also i found a folder located from my start key to c program files to documents settings to hp owner and then cookies it says index dat folder and cannot delete it. when i try it says someone else is using it? im a mess please help. oh yeah when opened its notepad with a bunch of odd code\lettering.(it was created dec 20th, the last smittfraud variant date i had. is everything in hp owners cookies garbage i have all notepad stuff with weird codes no clue what they are??including that unerasable one also i have scanner if this can help? I dont know tried to copy paste that notepad dat file to here but it keeps freezing everything up and sends error reports to computer and says not responding must shut down??
grassi is offline  
Old 01-11-2006, 11:16 AM   #5
Registered User
 
oshwyn5's Avatar
 
Join Date: Sep 2005
Location: Dallas , Tx
Posts: 1,438
OS: DOS,Win95,98,ME,XP, Fedora


This thread

https://www.techsupportforum.com//mic...-clean-up.html

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/downloads/k...an_unicode.cab
Explains the ckavwebscan that I could not recognize and it is safe.
The other appears to be gone.

I do not see anything and unless one of the experts here recognizes something I have missed I would say you do not have to worry.
__________________
Hello and Welcome to TSF My name is Pete but call me Oshwyn
[bIf we have been of assistance please consider
Donating to TSF to keep the forum running.
oshwyn5 is offline  
Old 01-12-2006, 02:28 PM   #6
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,962
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
I don't see anything in the log. Are you having an issue...or just doing a general cleanup?

The index.dat file can not be simply deleted. You'll need a program to remove it...but windows will recreate it again once you reboot. So it's always there.

If you want to clean it out...try this...

Download and install CCleaner..https://www.ccleaner.com/ccdownload.asp

1. Open the program and the "Cleaner" button should be active.
2. Click on "Run Cleaner"
3. Once thats done it will clean out the TEMP folder.
4. Now click on "Issues" and then "Scan for Issues"
5. Once it's done checkmark ALL it finds and click "Fix Selected Issues"
6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back.

Close the program.


That will clear out the index.dat, TEMP folders, Prefetch folder...etc
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
Old 01-12-2006, 02:45 PM   #7
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System

i am at the download process for ccleaner when i click run it says this process will permanantly delete files from your system would i like to proceed?? there was no option to save back up?? also i see the clener icon how can i tell if its active??
grassi is offline  
Old 01-12-2006, 03:25 PM   #8
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System

sorry i missed edit time. my homepage is msn, if deleting all boxes that are checked, will affect my log in? Oshwyn made that comment to me i xp tech support forum.
grassi is offline  
Old 01-12-2006, 10:12 PM   #9
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System

just movin this thread up to complete cc cleaner scan bya newb quoted my microbell "The index.dat file can not be simply deleted. You'll need a program to remove it...but windows will recreate it again once you reboot. So it's always there." shouldnt this file be hidden?
grassi is offline  
Old 01-13-2006, 02:02 PM   #10
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,962
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
The CCLeaner should be downloaded and installed. The options on the left that are checked will be cleaned. It won't delete anything critical...just things like cookies, temp files, recent typed urls...etc. You may have to log back in to certain sites you visit is all.

It won't effect windows login and there is no option to "Save a Backup" on the files your deleting since they are "Garbage" files anyway...why save them?
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
Old 01-13-2006, 03:41 PM   #11
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System


thank you for that. all went well? when i selected fix checked there was something called weather bug i thought this was bad? I had many other issues from cc cleaner? but fixed all hope it didnt fix anything that shouldnt have been there? Thank you so much again as i learned a lot for a newbie also this cleaned c program/windows where i had a lot of odd, weird texts, dat files etc. just not your ordinary looking, folder. however there is still a few 15 or so that showed up after cleaning smittfraud out a month ago. Anyway we got at least half.
grassi is offline  
Old 01-14-2006, 01:41 AM   #12
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,962
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Let's see what else is "Lurk'en" around....

Reboot into safe mode...

Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
  • Once finished, click the [Save report] button
  • Save the report to your desktop
Close Ewido

Reboot back to normal mode....

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
  • Click on see report. Then click Save report
Please post that log in your next reply along with the Ewido log

*Note* WeatherBug is a desktop weather program that is adware supported...so yes it's bad since it generates ads.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
Old 01-14-2006, 06:23 PM   #13
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System

okay, microbell thank you again, I had ewido already so i updated it in normal mode and restarted computer (normal mode). When i clicked to turn off computer, a message from hp updates said, "this program not responding if i end now i could lose any unsaved data" so i tried clicking cancel? and it turned off anyway.
When restarted i tried updating again to make sure there were none available, and there wasnt. I then shut down to reboot in safe mode finally, and got "program not responding"??? dont understand these messages??
Since i already had ewido installed i clicked options to "note" how it was set up in case of any past adjustments that were made from past smittfraud variant post all boxes were checked EXCEPT scan every file, under "what to scan", instead chose files by extension WAS checked (just to be on sure side)?? anyway my hjt log comin up hopin it found weather bug but didnt.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:50:30 PM, 1/14/2006
+ Report-Checksum: 7A7354F1

+ Scan result:

No infected objects found.


::Report End



OKAY DURING PANDA SCAN THEY MADE IT PRETTY CLEAR THERE WERE 6 HACK TOOLS AND 1 SPYWARE. which could explain to me my 6 attempts on trying that copycat link in your news thread as stated in my other hjt post you have got to be kiddin!!!!! which started in xp for clean up but when i explained what had happened, they transfered my xp post to hjt log.because of the following information. when i tried using mimos link to test firewall, i clicked on 9th test copycat, and got a message from norton saying found virus and the only info i was able to get, was threat name; hack tool, unable to repair i did this 6 times as i beleive i quoted in other thread. Dont know how to link it? Anyway here it is, i hope this is that hack tool virus i mentioned, i did see this notice with my girlfriend thats why i clicked it so many times.To show her. no weather bug her either??



Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Owner\Desktop\emergency!!\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Owner\Desktop\emergency!!\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
grassi is offline  
Old 01-15-2006, 10:50 AM   #14
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System

sorry i have to do this. In case its important. My girlfriend just got on a store website to look for stools.then she closed windows, got back to desktop, When this odd message came up never seen before. It was a little pop up window from:

iexplorer.exe-application error

the instruction at "0x00e23e8d"
referenced memory at "0x00e23e8d"
the memory could not be read

Didnt know what this was or if its important info.??? Also refer to last post
(#13). no reply yet from microbell
grassi is offline  
Old 01-15-2006, 08:09 PM   #15
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,962
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf <--delete that file.

Other then that..the others are fine. The so called "Unwanted tools" are some of the exe tools we used to remove spyware and the Panda scan is just letting you know they are on the system. They are not installed or running. Lets try one more scanner...

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Standard
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
Old 01-15-2006, 09:37 PM   #16
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System


hello microbell C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf was not there. what about the 6 hacktools ewido said they found? also weather bug, search assistant? all these folders i have??
C:\WINDOWS\DOWNLOADED PROGRAM FILES\
active scan inst....
java run time enable....
java run time enable....
msn mesenger se...
shockwave activ...
mu web controlcl...
verify gmn class
windows genuin...
grassi is offline  
Old 01-15-2006, 11:30 PM   #17
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System

please also look at past post(#16) without finding that folder. Which i didnt like. I ran kapersky i disabled norton (icon in system tray) aslo sg in system tray hope that was all. I have lots of anti spyware, adware, virus, hack programs? also please explain to me about weather bug and search assistant, i think my girlfriend had someone clean these out already from her work, but when i ran ccleaner it seemed to bring it back?she will flip. also whats these two winpfind folders 1 compressed and 1 regular.
grassi is offline  
Old 01-16-2006, 02:08 AM   #18
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,962
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Post another Panda log so I can see if the file is found again.

As for the other folders there...they are fine and legit. As I stated these tools are fine. Some of the tools I've asked you to run leave folders and files (WinPFind is one). The tools are fine. The other entrys your asking about are left over registry entrys the scan is picking up. Try a few registry cleaners if your so worried about them but they are not very important.

Weatherbug is a desktop weather program that is AD supported. It's not listed as running in your log...or the scans so it's not installed. There may be an old registry entry that's being seen is all.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
Old 01-16-2006, 08:38 AM   #19
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,030
OS: xp pro, sp3

My System

okay i re scanned panda and here is result, and it looks like the file you wanted me to delete is in there twice now(f3Setup1.inf)


Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Owner\Desktop\emergency!!\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Owner\Desktop\emergency!!\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf




MICROBELL i tried locating that folder,. I clicked on start on bottom left of my screen and tried searching but no results then tried clicking run option just above search option and it found this ;(notepad) also c program\windows\downloaded programs is same as above(#16 post)witha 1 new entry; ckavwebscan o....

INF file for Fun Web Products Easy Installer
[version]
; version signature (same for both NT and Win95) do not remove
signature="$CHICAGO$"
AdvancedINF=2.0

[Setup Hooks]
FunWebProductsSetupHook=FunWebProductsSetupHook

[FunWebProductsSetupHook]
run=%EXTRACT_DIR%\f3Setup1.exe


; ====================== end of f3Setup1.inf =====================
grassi is offline  
Old 01-16-2006, 09:04 PM   #20
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,962
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Ok.... let's see if KILLBOX takes it out...

KillBox https://www.bleepingcomputer.com/file...re/KillBox.zip

Click START>>RUN type in regedit.

Navigate to the KEY below and delete the folder in BOLD.

HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}

Close Regedit.

Now Click START>>RUN. Type in the following command:
regsvr32 /u occache.dll *Make sure you include the spaces*

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click YES.

C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf

Reboot and do another scan with Panda. If that file is gone....we need to re-register that DLL.

Click START>>RUN>>Type in regsvr32 occache.dll

Let me know if that file is gone.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:07 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts