Can't Remove Win32:ADAN & Win32:TROJAN & Others.

Started by heart, September 17, 2005, 10:33:43 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3
User actions

heart

#15
October 06, 2005, 01:57:08 AM
Normmork, I'm back!  Sorry it took so long to get back to you...family stuff.
Downloaded & cleaned all you advised w/ CCleaner.
Ran HJT & did a fix on all entries as you noted and have pasted an updated log.
Haven't gotten the 2 of the 4 programs you recommended yet.  Plan on installing Ewido right away.  Do I still need one other?
And what about Avast problems?  Are files still missing?  Should I uninstall & re-install Avast?
Here's my log.

                                                                :gwave:

Logfile of HijackThis v1.99.1
Scan saved at 8:24:27 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Spybot - Search & Destroy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400005&utm_content=leftnav&utm_source=wdz&utm_medium=bund&utm_campaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400005&utm_content=leftnav&utm_source=wdz&utm_medium=bund&utm_campaign=wdz0605
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - C:\WINDOWS\System32\WinStat13.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: eBlocs SecurityToolbar - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - C:\Documents and Settings\Katelyn\Local Settings\Application Data\ssstbar\sssTbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: eBlocs SecurityToolbar - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - C:\Documents and Settings\Katelyn\Local Settings\Application Data\ssstbar\sssTbar.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYUS_ZNxmk493ACUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFI.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

heart

#16
October 06, 2005, 02:18:11 AM
Oops in a BIG WAY!
Just reviewed my post and see I sent an old HJT log in my last post...bet you were wondering exactly what I am doing here.
Here's the updated one w/ your recommendations, pending Ewido.
       

                                                                               :shock:

Logfile of HijackThis v1.99.1
Scan saved at 9:08:38 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\Program Files\Spybot - Search & Destroy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: eBlocs SecurityToolbar - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - C:\Documents and Settings\Katelyn\Local Settings\Application Data\ssstbar\sssTbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: eBlocs SecurityToolbar - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - C:\Documents and Settings\Katelyn\Local Settings\Application Data\ssstbar\sssTbar.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE










Ripley

#17
October 06, 2005, 03:18:14 AM
Hey Normmork!  Ripley here after talking to heart about her progress.  She just told me that she was able to download & scan w/ Ewido tonight as well.  There were 65 infected files cleaned.  She wants to know if she should post an Ewido scan log?
She's cookin' now!
Think her system is going to get back to some kind of normal?

normmork

#18
October 08, 2005, 04:20:56 AM
Yes please post the ewido log and use at least another spyware scanner. THINGS ARE GETTING BETTER!!   :D

After that remvoe this using  IWndows Add/Remove Programs
eBlocs SecurityToolbar

If it is not there use HJT to remove this line, this is part of LOP
O2 - BHO: eBlocs SecurityToolbar - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - C:\Documents and Settings\Katelyn\Local Settings\Application Data\ssstbar\sssTbar.dll

REmove this folder in RED
C:\Documents and Settings\Katelyn\Local Settings\Application Data\ssstbar

REboot and repost a new HJT file

heart

#19
October 08, 2005, 06:52:38 PM
I removed eBlocs toolbar thru Add/Remove programs.  Could not find the "red" ssstbar folder in Katelyn's application data folder.  However, there was a Starware folder in Katelyn's application data folder...left it there.
I downloaded, updated, and scanned with Counterspy and 120 objects were found and  removed.             :chair:
Rebooted and ran another HJT scan.  The 02-BHO line with eBlocs Security Toolbar was not there, so nothing more has been done.
As
requested, here's my last Ewido log and an updated HJT log:


ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         10:23:19 PM, 10/5/2005
+ Report-Checksum:      8FF3BDC4

+ Scan result:

   HKLM\SOFTWARE\Classes\AQUAX.aquaXCtrl.1\CLSID\\ -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{356639AA-E878-40FF-B2F8-E22FA87DF389} -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{356639AA-E878-40FF-B2F8-E22FA87DF389}\TypeLib\\ -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4278B4EB-8CC5-45E8-8AF4-43DFD0E9D250} -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4278B4EB-8CC5-45E8-8AF4-43DFD0E9D250}\TypeLib\\ -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4C42E5EB-3A9C-48E2-B2D0-59681B3DBB8C} -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{2180C048-802A-416A-82B3-26E796633D91}\TypeLib\\ -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{665ABE65-2C16-4341-B4B8-01FF799E8F4C} -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{665ABE65-2C16-4341-B4B8-01FF799E8F4C}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{956948D9-A842-4DCE-9ACE-1269B2DC8D38}\TypeLib\\ -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\Classes\SSaver.SaverObj -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\SSaver.SaverObj\Clsid -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\SSaver.SaverObj\Clsid\\ -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{3894347C-6C5A-444B-B49E-35473CB4D010} -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{5CF68A06-673D-4619-A805-C8FC9AC611DD} -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools\HbTools -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools\HbTools\PI -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools\Hotbar -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools\Hotbar\Install -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow_AS2.dll\\.Owner -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow_AS2.dll\\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{946B3E9E-E21A-49c8-9F63-900533FAFE14} -> Spyware.HotBar : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E77EDA01-3C56-4a96-8D08-02B42891C169} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1563985344-1708537768-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
   HKU\S-1-5-21-329068152-1563985344-1708537768-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{946B3E9E-E21A-49c8-9F63-900533FAFE14} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1563985344-1708537768-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E77EDA01-3C56-4a96-8D08-02B42891C169} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1563985344-1708537768-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1563985344-1708537768-1007\Software\ShopperReports -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1563985344-1708537768-1007\Software\ShopperReports\ShopperReports -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1563985344-1708537768-1007\Software\ShopperReports\ShopperReports\PostInstaller -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{946B3E9E-E21A-49c8-9F63-900533FAFE14} -> Spyware.HotBar : Error during cleaning
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E77EDA01-3C56-4a96-8D08-02B42891C169} -> Spyware.HotBar : Error during cleaning
   C:\Documents and Settings\Katelyn\thin-172-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\Lynn\installer_MARKETING35.exe -> TrojanDownloader.Adload.a : Cleaned with backup
   C:\Documents and Settings\Lynn\Local Settings\Temp\temp.fr123D -> TrojanDownloader.PurityScan.af : Cleaned with backup
   C:\Documents and Settings\Lynn\Local Settings\Temp\temp.fr9EEB -> TrojanDownloader.PurityScan.af : Cleaned with backup
   C:\Documents and Settings\Lynn\Start Menu\Programs\WhenU -> Spyware.SaveNow : Cleaned with backup
   C:\Documents and Settings\Lynn\Start Menu\Programs\WhenU\Learn More About Save!.url -> Spyware.SaveNow : Cleaned with backup
   C:\Documents and Settings\Lynn\Start Menu\Programs\WhenU\Learn More About SaveNow.url -> Spyware.SaveNow : Cleaned with backup
   C:\Documents and Settings\Lynn\Start Menu\Programs\WhenU\WhenU.com Website.url -> Spyware.SaveNow : Cleaned with backup
   C:\Program Files\myCleanerPC\InstallT.exe -> Spyware.VirtualBouncer : Cleaned with backup
   C:\Program Files\oose\nwtd.exe -> TrojanDownloader.PurityScan.af : Cleaned with backup
   C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup
   C:\WINDOWS\system32\lѕass.exe -> Spyware.PurityScan : Cleaned with backup
   C:\WINDOWS\system32\tnmaeg06.dll -> TrojanDownloader.Lastad.r : Cleaned with backup
   C:\WINDOWS\system32\WinStat12.dll -> Spyware.Winsta : Cleaned with backupLogfile of HijackThis v1.99.1
Scan saved at 1:15:00 PM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CounterSpy\sunserver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CounterSpy\SunProtectionServer.exe
C:\Program Files\CounterSpy\sunThreatEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Spybot - Search & Destroy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\CounterSpy\sunserver.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

normmork

#20
October 09, 2005, 04:28:24 PM
Your HJT log looks clean  :gwave:

In anothr post it was pointed out this is a bug in HJT, so everything is OK  8)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

I would recommend an online  scan using Trendmicro A/V plus their anti-spyware software
http://www.trendmicro.com

Let me know if it find anything

heart

#21
October 09, 2005, 08:52:17 PM
Normmork,
So pumped that my HJY log is clean.
Attempted a Trendmicro online scan, but when I got to the area that asks what location to scan, there were no options.  Was unable to scan.  Can you advise on how I can get this done?
I did not install their anti-spyware software, but downloaded, installed, and updated SpywareBlaster...and it is active.
Bigger question, I am still unable to scan with Avast.  Should I uninstall and re-install?
       DeleteReplyForwardSpamMove...  :uhm:

normmork

#22
October 10, 2005, 03:43:51 AM
Try here
http://housecall60.trendmicro.com/en/start_corp.asp?id=scan
Lets wait until we get the results of the trendmicro scan

Ripley

#23
October 10, 2005, 05:51:53 PM
Hey Normmork,
Was on the phone w/ heart when she attempted to run online scan...she WAS at the second link you provided for TrendMicro in your last post.  Will have her try again, but are there some software features she should disable/pause first?
She has Spybot, AdAware, SpywareBlaster, Ewido SS, Counterspy, Avast Personal, & XP w/ Service Pack 2.
Actual problem: when she arrived at the screen which asked for location to scan there was a single x in the box only, according to what she described over the phone.  Had her hit the back key 3 different times to re-attempt the process and the single x returned each time w/ no other options.  I ran the scan on my computer at the same time she was doing it, and I received My Computer, and all my disk locations and could choose drive C to start the scan.

normmork

#24
October 10, 2005, 08:37:28 PM
HI ripley

AVAST 4 is running, in fact eh fiels that HJT say are missing so it is a bug. SO it can be stopped
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Counterspy and Ewido can be stopped as well
One other thought is if a firewall is running then she my be stopping the program from contacting the internet

heart

#25
October 11, 2005, 03:53:25 PM
Normmork,
Attempted Trendmicro online scan 4 more times w/ no success...same issue, i.e., when I get to the point where it asks me the location on the computer to scan there is just a single x.
These attempts came after:
Disabling: XP firewall & pop-up blocker & Browser pop-up blocker.
Stopping all providers in Avast.
Disabling Ewido & Counterspy.
And adding *Trendmicro.com to my Trusted site list.
Still can't scan...any more ideas?
Also went to Add/Remove programs and selected a Repair on Avast and planning on doing a thorough scan w/ Avast to see if it will work now. :gah:

normmork

#26
October 11, 2005, 08:04:13 PM
I want to make sure you ahve nio viruses on your machine

So we have some other sites
Run at least two of the online AV scans:
Update defintion files before scanning with any programs
Panda Active Scan
F-SecureAntivirus scan
BitDefender Free Online Virus Scan
Symantec Security Scan & Virus Detection
RAV AntiVirus Online Virus Scan!
Danish Antivirus scan
McAfee Antivirus scan

heart

#27
October 13, 2005, 04:33:57 PM
Normmork,
Here is the results of the Panda online scan.  Plan to do one other, but wanted to send this.


Incident                      Status                        Location                                                                                                                                                                                                                                                       

Adware:Adware/PurityScan      No disinfected                C:\Documents and Settings\Katelyn\Local Settings\Temp\!update.exe                                                                                                                                                                                               
Adware:Adware/Comet           No disinfected                C:\Documents and Settings\Mallory\Local Settings\Temp\unpack\CC_43.inf                                                                                                                                                                                         
Adware:Adware/Comet           No disinfected                C:\Documents and Settings\Mallory\Local Settings\Temp\unpack\inst43.exe                                                                                                                                                                                         
Adware:Adware/PurityScan      No disinfected                C:\Program Files\oose\nwtd.exe

heart

#28
October 13, 2005, 06:50:39 PM
Finished doing an online scan at McAfee and there were no infections noted...how 'bout that? A big fat zero for once.
I could only find 1 of the 4 of those files pointed out by the Panda scan...the oose\nwtd.exe in my program files...have done nothing w/ it yet.  How do I get rid of it?
The other 3 files are in Temp folders, but when I go into documents & settings\katelyn...there is no Temp folder.  Same thing in Mallory's documents & settings?  How do I find, to get rid of?  I can't access CCleaner from those 2 profiles either.  I'm sure it is my unfamiliarity w/ XP.  I have something called Parental Control on these 2 profiles... could that be blocking my ability to see the Temp folders?  Don't know how to turn it off.
As far as Avast, I did a repair thru Add/Remove programs and there are fewer error messages..here is an example:

9:14:22 AM 1128435262 SYSTEM 1656 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\Temp\mcuE.tmp\mcuninst.dll failed, 00000005. 
10/4/2005 9:14:22 AM 1128435262 SYSTEM 1656 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\Temp\mcuE.tmp\Uninst.dll failed, 00000005. 
10/4/2005 7:57:06 PM 1128473826 SYSTEM 1656 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\QTFONT.FOR failed, 00000005. 
10/5/2005 6:54:21 PM 1128556461 SYSTEM 1656 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\QTFONT.FOR failed, 00000005. 
10/5/2005 7:26:27 PM 1128558387 Mallory 1936 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\QTFONT.FOR failed, 00000005. 
10/8/2005 11:39:53 AM 1128789593 SYSTEM 1920 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\QTFONT.FOR failed, 00000005. 
10/8/2005 6:22:12 PM 1128813732 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\QTFONT.FOR failed, 00000005. 
10/8/2005 9:11:39 PM 1128823899 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\QTFONT.FOR failed, 00000005. 
10/9/2005 2:24:16 AM 1128842656 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\QTFont.for failed, 00000005. 
10/9/2005 2:24:17 AM 1128842657 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\slrundll.exe failed, 00000005. 
10/9/2005 2:24:18 AM 1128842658 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\unvise32qt.exe failed, 00000005. 
10/9/2005 2:24:20 AM 1128842660 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\~DFFA2F.tmp failed, 00000005. 
10/9/2005 2:58:23 PM 1128887903 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\QTFONT.FOR failed, 00000005. 
10/10/2005 5:18:23 PM 1128982703 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\QTFONT.FOR failed, 00000005. 
10/11/2005 2:15:13 AM 1129014913 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\loadhttp.dll failed, 00000005. 
10/11/2005 2:15:14 AM 1129014914 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\RMAgentOutput.dll failed, 00000005. 
10/11/2005 2:15:14 AM 1129014914 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\runtsckl.exe failed, 00000005. 
10/11/2005 2:15:15 AM 1129014915 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\slrundll.exe failed, 00000005. 
10/11/2005 2:15:15 AM 1129014915 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\TMUPDATE.DLL failed, 00000005. 
10/11/2005 2:15:17 AM 1129014917 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\unvise32qt.exe failed, 00000005. 
10/11/2005 2:15:17 AM 1129014917 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\UNZIP.DLL failed, 00000005. 
10/11/2005 2:15:18 AM 1129014918 SYSTEM 1652 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\~DFFA2F.tmp failed, 00000005.



10/9/2005   2:58:25 PM   1128887905   SYSTEM   1652   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\QTFONT.FOR (C:\WINDOWS\QTFONT.FOR) returning error, 00000005. 
10/10/2005   5:18:24 PM   1128982704   SYSTEM   1652   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\QTFONT.FOR (C:\WINDOWS\QTFONT.FOR) returning error, 00000005. 
10/11/2005   2:15:13 AM   1129014913   SYSTEM   1652   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\loadhttp.dll (C:\WINDOWS\loadhttp.dll) returning error, 00000005

normmork

#29
October 13, 2005, 07:11:24 PM
If files are open soemtimes the A/V programs can't scan them

I don't know about parental control. You need to have an account with full administer privileges, to check this go to WIndows Control Panel|User Accounts| choose the user account|click on the properties button.

Go to My Computer, find these entries and try to delete them
C:\Documents and Settings\Katelyn\Local Settings\Temp\!update.exe
C:\Documents and Settings\Mallory\Local Settings\Temp\unpack\CC_43.inf
C:\Documents and Settings\Mallory\Local Settings\Temp\unpack\inst43.exe
C:\Program Files\oose\nwtd.exe

If windows gives an error message saysing the file is in use. Then you need to try it in Windoas Safe Mode, see here for instructions
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Print
Go Up Pages 1 2 3
User actions