Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old October 25th, 2006, 08:18 AM
rogvan's Avatar
rogvan rogvan is offline
Member
 
Join Date: Oct 2002
Location: Northern NJ, USA
Age: 88
Posts: 74
WinAntiSpyware 2006

Has anyone had any trouble with WinAntiSpyware 2006. I made a big mistake and tried it, then deleated, then big problems.

Could NOT log on to my Dialup ISP. Finally after spending a lot of time was able to get back online.

I recomend DO NOT use this program

Have Nice Day

RogVan
Reply With Quote
  #2  
Old October 26th, 2006, 02:19 PM
Acrobaze Acrobaze is offline
Malware Removal Team
 
Join Date: Nov 2003
O/S: Windows 10 Home
Location: France
Posts: 11,994
Hi,

Yes, it's a rogue program.

If you have any problem, post this log :

Download HijackThis 1.99.1 from:
HERE.

Create a new folder only for HijackThis (Example : C:\HJT).But don't let it on
your desktop or in a temp folder!
Unzip it to this folder.
Click "Scan", after click "Save Log".
Save the log, and copy/paste it into your response to this thread.
Dont check or fix anything yet.
Reply With Quote
  #3  
Old October 28th, 2006, 11:16 AM
rogvan's Avatar
rogvan rogvan is offline
Member
 
Join Date: Oct 2002
Location: Northern NJ, USA
Age: 88
Posts: 74
Puter seems to crash alot

Hi,

Thanks for the response My Computer is working. however, seems to crash alot. Here is my Hijack Log please check,

Thanks,

RogVan

__________________________________________________


Scan saved at 5:36:11 AM, on 10/28/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PCI AUDIO APPLICATIONS\MIXER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
D:\HP-CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
D:\CLIPCACHE\CLIPC.EXE
C:\PROGRAM FILES\TINYSPELL\TINYSPELL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\EPSON\EPSON SMART PANEL FOR SCANNER\ESPMAIN.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\SONY HANDHELD\HOTSYNC.EXE
C:\PROGRAM FILES\NIKON\PICTUREPROJECT\NKBMONITOR.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://homes-nnj.com/pokerpics"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] d:\HP-CD-Writer\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKCU\..\Run: [ClipCache] D:\CLIPCACHE\CLIPC.EXE /wait 3
O4 - HKCU\..\Run: [tinySpell] C:\PROGRAM FILES\TINYSPELL\TINYSPELL.EXE
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [AIM] C:\NETSCAPE-4-8\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents...r/imloader.cab

Last edited by rogvan; October 28th, 2006 at 11:26 AM.
Reply With Quote
  #4  
Old October 29th, 2006, 09:37 AM
Acrobaze Acrobaze is offline
Malware Removal Team
 
Join Date: Nov 2003
O/S: Windows 10 Home
Location: France
Posts: 11,994
This log doesn't show anything wrong.

Can you post this other one :

Download SilentRunners.vbs.
Run it. It generates a log, wait that the scan is complete (there is a popup at the end). Copy/paste it here, please.
(If your antivirus queries the script, allow it to run. It's not malicious.)

Also :
Run HijackThis -> config -> misc tools -> open uninstall manager
Save the list and copy/paste it here, please.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
WinAntiSpyware - please help. Dayvit78 Malware Removal 50 June 23rd, 2007 05:56 AM
winantispyware shs628 Malware Removal 5 June 22nd, 2007 08:40 PM
WinAntiSpyware! Mattski Malware Removal 1 October 8th, 2005 02:15 AM
Another WinAntiSpyware! Bfuddled Malware Removal 8 September 15th, 2005 05:44 PM
winantispyware 2005 walking2005 Malware Removal 9 September 14th, 2005 07:45 PM


All times are GMT +1. The time now is 03:38 PM.