Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Logs Am I Infected? Plz Plz


  • Please log in to reply
18 replies to this topic

#1 loveablekitty

loveablekitty

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:missouri
  • Local time:03:14 AM

Posted 01 October 2006 - 03:01 PM

Please can someone read this log from spyware doctor and give advice. my cp has been acting funny.pages saying done "but with error" and I cant install like the program windows live onecare.
and also by the done it flashes "blankpage" . C//temps always show up on scans,REgistry problem the same alway win/xp 2p2 vers 6.0, 128-bit IE, use spybot S&D, spyblaster,spywaredoctor reg ,registry mechanic reg AdAware,and sunbelt kero pfw I have run scans with all !!!!! I hope this helps never did a LOG report before . THank you ILL keep checking in "o{






Location Risk

Scan Results:
scan start: 10/1/2006 1:00:02 AM
scan stop: 10/1/2006 1:49:51 AM
scanned items: 95693
found items: 7
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
Known Bad Sites C:\Documents and Settings\KIT\Local Settings\Temporary Internet Files\Content.IE5\5843XHKL\crd_it_lre_PassStRtCredCowboyDanceMoon15s_CW510_1698new_0906_728x90[1].htm High
Known Bad Sites C:\Documents and Settings\KIT\Local Settings\Temporary Internet Files\Content.IE5\93VBHXCM\crd_it_lre_PassStRtCredCoupleDanceWhite15s_CW510_1698TP_0906_728x90[1].htm High
Known Bad Sites C:\Documents and Settings\KIT\Local Settings\Temporary Internet Files\Content.IE5\93VBHXCM\DartRichMedia_1_03[1].htm High
Known Bad Sites C:\Documents and Settings\KIT\Local Settings\Temporary Internet Files\Content.IE5\MLJWL03M\uhl_it_lre_PassStRtCredGoggleDogSeePymt15s_CW510_1698TP_0906_300x250[1].htm High
Known Bad Sites C:\Documents and Settings\KIT\Local Settings\Temporary Internet Files\Content.IE5\UHCNQPA1\CAMFWPM7.htm High
Known Bad Sites C:\Documents and Settings\KIT\Local Settings\Temporary Internet Files\Content.IE5\UHCNQPA1\flashwrite_1_2[1].htm High
Known Bad Sites C:\Documents and Settings\KIT\Local Settings\Temporary Internet Files\Content.IE5\WX85UB0P\CAMVW967.htm High

Scan Results:
scan start: 10/1/2006 1:29:15 PM
scan stop: 10/1/2006 2:05:38 PM
scanned items: 95804
found items: 2
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
Known Bad Sites C:\Documents and Settings\KIT\Local Settings\Temporary Internet Files\Content.IE5\93VBHXCM\lmb_lre_PassStRtCredScarfDanceWhiteNoBord15s_CW510_1698TP_0906_300x25[1].htm Low
Known Bad Sites C:\Documents and Settings\KIT\Local Settings\Temporary Internet Files\Content.IE5\MLJWL03M\DartRichMedia_1_03[1].htm

LOG from registry mechanic:
egistry Mechanic 5.2.0.310
----------------------------------------------------------------------------------------------------
Start of Scan
10/1/2006 1:03:38 PM
Your System Information :
CPU: Intel Pentium
IE: Internet Explorer 6.0.2900
MEMORY FREE: 46892
MEMORY TOTAL: 294452
VIRTUAL FREE: 2014464
VIRTUAL TOTAL: 2097024
WINDOWS VER: Windows XP 5.1 (Build 2600)

----------------------------------------------------------------------------------------------------
Running processes: Process ID
----------------------------------------------------------------------------------------------------
[System Process] 0
System 4
smss.exe 360
csrss.exe 568
winlogon.exe 592
services.exe 636
lsass.exe 648
svchost.exe 804
svchost.exe 908
svchost.exe 976
svchost.exe 1068
svchost.exe 1144
spoolsv.exe 1292
PDS.EXE 1456
kpf4ss.exe 1468
NscTop.exe 1584
sdhelp.exe 1784
kpf4gui.exe 1844
svchost.exe 1952
wdfmgr.exe 160
HNDLRSVC.EXE 204
MSGSYS.EXE 252
XFR.EXE 408
explorer.exe 264
alg.exe 680
wscntfy.exe 1768
WgaTray.exe 1968
kpf4gui.exe 2216
hpgs2wnd.exe 2744
jusched.exe 2784
ymetray.exe 2840
hpgs2wnf.exe 2848
msmsgs.exe 2952
YPager.exe 2976
TeaTimer.exe 3088
swdoctor.exe 3240
iexplore.exe 3452
RegMech.exe 2268
----------------------------------------------------------------------------------------------------
Sections Scanned:
----------------------------------------------------------------------------------------------------

TMP - 2
Location: C:\WINDOWS\system.tmp\
Value : Temp file = C:\WINDOWS\system.tmp
Parsed :

TMP - 3
Location: C:\WINDOWS\win.tmp\
Value : Temp file = C:\WINDOWS\win.tmp
Parsed :

TMP - 4
Location: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk\
Value : CHK file = C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
Parsed :

CC - 5
Location: HKEY_CLASSES_ROOT\CLSID\{4DEF8DD1-C4D1-11D1-82DA-00A0C9749EEF}\InProcServer32
Value : (Default) = C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\scandlgs.dll
Parsed : C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\scandlgs.dll

CC - 6
Location: HKEY_CLASSES_ROOT\CLSID\{91581CB1-0E7B-11D1-9D93-00A0C95C1762}\ToolboxBitmap32
Value : (Default) = C:\Program Files\Common Files\Symantec Shared\SSC\webshell.dll, 1
Parsed : C:\Program Files\Common Files\Symantec Shared\SSC\webshell.dll

CC - 7
Location: HKEY_CLASSES_ROOT\TypeLib\{6F952B50-BCEE-11D1-82D6-00A0C9749EEF}\1.0\0\win32
Value : (Default) = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
Parsed : C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

CC - 8
Location: HKEY_CLASSES_ROOT\TypeLib\{FAD5CC54-0E68-11D1-9D91-00A0C95C1762}\1.0\0\win32
Value : (Default) = C:\Program Files\Common Files\Symantec Shared\SSC\webshell.dll
Parsed : C:\Program Files\Common Files\Symantec Shared\SSC\webshell.dll

DEEP - 9
Location: HKEY_USERS\S-1-5-21-602162358-1708537768-839522115-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache
Value : C:\Program Files\NavNT\rtvscan.exe = C:\Program Files\NavNT\rtvscan.exe
Parsed : C:\Program Files\NavNT\rtvscan.exe

DEEP - 10
Location: HKEY_USERS\S-1-5-21-602162358-1708537768-839522115-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache
Value : C:\Program Files\NavNT\VPC32.EXE = C:\Program Files\NavNT\VPC32.EXE
Parsed : C:\Program Files\NavNT\VPC32.EXE

DEEP - 11
Location: HKEY_CURRENT_USER\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor
Value : LastFile1 = C:\Documents and Settings\KIT\My Documents\115939226317594.gif
Parsed : C:\Documents and Settings\KIT\My Documents\115939226317594.gif

DEEP - 12
Location: HKEY_CURRENT_USER\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor
Value : LastFile2 = C:\Documents and Settings\KIT\My Documents\115939179828745.gif
Parsed : C:\Documents and Settings\KIT\My Documents\115939179828745.gif

DEEP - 13
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Value : c = C:\Documents and Settings\KIT\My Documents\115939226317594
Parsed : C:\Documents and Settings\KIT\My Documents\115939226317594

DEEP - 14
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Value : e = C:\Documents and Settings\KIT\Desktop\115939226317594
Parsed : C:\Documents and Settings\KIT\Desktop\115939226317594

DEEP - 15
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
Value : C:\Program Files\NavNT\rtvscan.exe = C:\Program Files\NavNT\rtvscan.exe
Parsed : C:\Program Files\NavNT\rtvscan.exe

DEEP - 16
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
Value : C:\Program Files\NavNT\vpc32.exe = C:\Program Files\NavNT\vpc32.exe
Parsed : C:\Program Files\NavNT\vpc32.exe

DEEP - 17
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
Value : C:\Program Files\NavNT\vptray.exe = C:\Program Files\NavNT\vptray.exe
Parsed : C:\Program Files\NavNT\vptray.exe

----------------------------------------------------------------------------------------------------
Registry Mechanic 5.2.0.310
----------------------------------------------------------------------------------------------------
End of Scan
10/1/2006 1:10:35 PM
Your System Information :
CPU: Intel Pentium
IE: Internet Explorer 6.0.2900
MEMORY FREE: 46892
MEMORY TOTAL: 294452
VIRTUAL FREE: 2014464
VIRTUAL TOTAL: 2097024
WINDOWS VER: Windows XP 5.1 (Build 2600)

System Restore Point created
Partition name: \device\harddiskvolume1
Boot dir: C:\
------------------------------------------------------------------------------------------------------------------------
Compact Analysis:
Launch RMSCRN:
Analyzing: SECURITY...
Failed to save Hive: SECURITY
Analyzing: SOFTWARE...
Analyzing: DEFAULT...
Analyzing: SAM...
Analyzing: S-1-5-20...
Analyzing: S-1-5-20_CLASSES...
Analyzing: S-1-5-19...
Analyzing: S-1-5-19_CLASSES...
Analyzing: KIT...
Analyzing: LT...
------------------------------------------------------------------------------------------------------------------------
*********Compact Analysis Results*********
------------------------------------------------------------------------------------------------------------------------
Space Wasted: : 396 KB of 19.4 MB
Compacted: 1%
------------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------------
Registry Mechanic 5.2.0.310
Registry Mechanic Compaction:
7/10/2006 6:35:22 AM
------------------------------------------------------------------------------------------------------------------------
Your System Information :
CPU: Intel Pentium
IE: Internet Explorer 6.0.2900
MEMORY FREE: 86332
MEMORY TOTAL: 294452
VIRTUAL FREE: 1945244
VIRTUAL TOTAL: 2097024
WINDOWS VER: Windows XP 5.1 (Build 2600)

------------------------------------------------------------------------------------------------------------------------
*** SECURITY
------------------------------------------------------------------------------------------------------------------------
Original :262,144
Compacted :262,144
Percent(%): 100% [0 Bytes]
Source :C:\windows\system32\config\security
CRC :
CRC :NO
Dest :C:\windows\system32\config\SECURITY.rrr
Dest :-2147483646
------------------------------------------------------------------------------------------------------------------------
*** SOFTWARE
------------------------------------------------------------------------------------------------------------------------
Original :16,515,072
Compacted :16,457,728
Percent(%): 99% [56.0 KB]
Source :C:\windows\system32\config\software
CRC :7F97472C
CRC :YES
Dest :C:\windows\system32\config\SOFTWARE.rrr
Dest :-2147483646
------------------------------------------------------------------------------------------------------------------------
*** DEFAULT
------------------------------------------------------------------------------------------------------------------------
Original :266,240
Compacted :266,240
Percent(%): 100% [0 Bytes]
Source :C:\windows\system32\config\default
CRC :
CRC :NO
Dest :C:\windows\system32\config\DEFAULT.rrr
Dest :-2147483645
------------------------------------------------------------------------------------------------------------------------
*** SAM
------------------------------------------------------------------------------------------------------------------------
Original :024,576
Compacted :024,576
Percent(%): 100% [0 Bytes]
Source :C:\windows\system32\config\sam
CRC :
CRC :NO
Dest :C:\windows\system32\config\SAM.rrr
Dest :-2147483646
------------------------------------------------------------------------------------------------------------------------
*** S-1-5-20
------------------------------------------------------------------------------------------------------------------------
Original :237,568
Compacted :237,568
Percent(%): 100% [0 Bytes]
Source :C:\documents and settings\networkservice\ntuser.dat
CRC :
CRC :NO
Dest :C:\documents and settings\networkservice\S-1-5-20.rrr
Dest :-2147483645
------------------------------------------------------------------------------------------------------------------------
*** S-1-5-20_CLASSES
------------------------------------------------------------------------------------------------------------------------
Original :008,192
Compacted :008,192
Percent(%): 100% [0 Bytes]
Source :C:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat
CRC :
CRC :NO
Dest :C:\documents and settings\networkservice\local settings\application data\microsoft\windows\S-1-5-20_CLASSES.rrr
Dest :-2147483645
------------------------------------------------------------------------------------------------------------------------
*** S-1-5-19
------------------------------------------------------------------------------------------------------------------------
Original :237,568
Compacted :237,568
Percent(%): 100% [0 Bytes]
Source :C:\documents and settings\localservice.nt authority\ntuser.dat
CRC :
CRC :NO
Dest :C:\documents and settings\localservice.nt authority\S-1-5-19.rrr
Dest :-2147483645
------------------------------------------------------------------------------------------------------------------------
*** S-1-5-19_CLASSES
------------------------------------------------------------------------------------------------------------------------
Original :008,192
Compacted :008,192
Percent(%): 100% [0 Bytes]
Source :C:\documents and settings\localservice.nt authority\local settings\application data\microsoft\windows\usrclass.dat
CRC :
CRC :NO
Dest :C:\documents and settings\localservice.nt authority\local settings\application data\microsoft\windows\S-1-5-19_CLASSES.rrr
Dest :-2147483645
------------------------------------------------------------------------------------------------------------------------
*** S-1-5-21-602162358-1708537768-839522115-1003
------------------------------------------------------------------------------------------------------------------------
Original :1,835,008
Compacted :1,654,784
Percent(%): 90% [176 KB]
Source :C:\documents and settings\kit\ntuser.dat
CRC :9D9059CA
CRC :YES
Dest :C:\documents and settings\kit\S-1-5-21-602162358-1708537768-839522115-1003.rrr
Dest :-2147483645
------------------------------------------------------------------------------------------------------------------------
*** S-1-5-21-602162358-1708537768-839522115-1003_CLASSES
------------------------------------------------------------------------------------------------------------------------
Original :262,144
Compacted :098,304
Percent(%): 37% [160 KB]
Source :C:\documents and settings\kit\local settings\application data\microsoft\windows\usrclass.dat
CRC :9AAF0F35
CRC :YES
Dest :C:\documents and settings\kit\local settings\application data\microsoft\windows\S-1-5-21-602162358-1708537768-839522115-1003_CLASSES.rrr
Dest :-2147483645
------------------------------------------------------------------------------------------------------------------------
*** S-1-5-21-602162358-1708537768-839522115-1004
------------------------------------------------------------------------------------------------------------------------
Original :671,744
Compacted :667,648
Percent(%): 99% [4.00 KB]
Source :C:\documents and settings\lt\ntuser.dat
CRC :D7A2D947
CRC :YES
Dest :C:\documents and settings\lt\S-1-5-21-602162358-1708537768-839522115-1004.rrr
Dest :-2147483645
------------------------------------------------------------------------------------------------------------------------
Applying....
------------------------------------------------------------------------------------------------------------------------
C:\windows\system32\config\SOFTWARE.rrr Compacted
C:\windows\system32\config\SOFTWARE.rrr Exists
C:\windows\system32\config\SOFTWARE.rrr Old CRC = 7F97472C
C:\windows\system32\config\SOFTWARE.rrr New CRC = 7F97472C
C:\windows\system32\config\SOFTWARE.rrr CRC match
C:\windows\system32\config\SOFTWARE.rrr Applied
Location : SOFTWARE
Compacted at : C:\windows\system32\config\SOFTWARE.rrr
Original Backup : C:\windows\system32\config\software.rmbak
------------------------------------------------------------------------------------------------------------------------
Successfully Applied: 7F97472C - C:\windows\system32\config\SOFTWARE.rrr
------------------------------------------------------------------------------------------------------------------------
C:\documents and settings\kit\S-1-5-21-602162358-1708537768-839522115-1003.rrr Compacted
C:\documents and settings\kit\S-1-5-21-602162358-1708537768-839522115-1003.rrr Exists
C:\documents and settings\kit\S-1-5-21-602162358-1708537768-839522115-1003.rrr Old CRC = 9D9059CA
C:\documents and settings\kit\S-1-5-21-602162358-1708537768-839522115-1003.rrr New CRC = 9D9059CA
C:\documents and settings\kit\S-1-5-21-602162358-1708537768-839522115-1003.rrr CRC match
C:\documents and settings\kit\S-1-5-21-602162358-1708537768-839522115-1003.rrr Applied
Location : S-1-5-21-602162358-1708537768-839522115-1003
Compacted at : C:\documents and settings\kit\S-1-5-21-602162358-1708537768-839522115-1003.rrr
Original Backup : C:\documents and settings\kit\ntuser.dat.rmbak
------------------------------------------------------------------------------------------------------------------------
Failed to Apply : 9D9059CA - C:\documents and settings\kit\S-1-5-21-602162358-1708537768-839522115-1003.rrr
------------------------------------------------------------------------------------------------------------------------
C:\documents and settings\kit\local settings\application data\microsoft\windows\S-1-5-21-602162358-1708537768-839522115-1003_CLASSES.rrr Compacted
C:\documents and settings\kit\local settings\application data\microsoft\windows\S-1-5-21-602162358-1708537768-839522115-1003_CLASSES.rrr Exists
C:\documents and settings\kit\local settings\application data\microsoft\windows\S-1-5-21-602162358-1708537768-839522115-1003_CLASSES.rrr Old CRC = 9AAF0F35
C:\documents and settings\kit\local settings\application data\microsoft\windows\S-1-5-21-602162358-1708537768-839522115-1003_CLASSES.rrr New CRC = 9AAF0F35
C:\documents and settings\kit\local settings\application data\microsoft\windows\S-1-5-21-602162358-1708537768-839522115-1003_CLASSES.rrr CRC match
C:\documents and settings\kit\local settings\application data\microsoft\windows\S-1-5-21-602162358-1708537768-839522115-1003_CLASSES.rrr Applied
Location : S-1-5-21-602162358-1708537768-839522115-1003_CLASSES
Compacted at : C:\documents and settings\kit\local settings\application data\microsoft\windows\S-1-5-21-602162358-1708537768-839522115-1003_CLASSES.rrr
Original Backup : C:\documents and settings\kit\local settings\application data\microsoft\windows\usrclass.dat.rmbak
------------------------------------------------------------------------------------------------------------------------
Failed to Apply : 9AAF0F35 - C:\documents and settings\kit\local settings\application data\microsoft\windows\S-1-5-21-602162358-1708537768-839522115-1003_CLASSES.rrr
------------------------------------------------------------------------------------------------------------------------
C:\documents and settings\lt\S-1-5-21-602162358-1708537768-839522115-1004.rrr Compacted
C:\documents and settings\lt\S-1-5-21-602162358-1708537768-839522115-1004.rrr Exists
C:\documents and settings\lt\S-1-5-21-602162358-1708537768-839522115-1004.rrr Old CRC = D7A2D947
C:\documents and settings\lt\S-1-5-21-602162358-1708537768-839522115-1004.rrr New CRC = D7A2D947
C:\documents and settings\lt\S-1-5-21-602162358-1708537768-839522115-1004.rrr CRC match
C:\documents and settings\lt\S-1-5-21-602162358-1708537768-839522115-1004.rrr Applied
Location : S-1-5-21-602162358-1708537768-839522115-1004
Compacted at : C:\documents and settings\lt\S-1-5-21-602162358-1708537768-839522115-1004.rrr
Original Backup : C:\documents and settings\lt\ntuser.dat.rmbak
------------------------------------------------------------------------------------------------------------------------
Failed to Apply : D7A2D947 - C:\documents and settings\lt\S-1-5-21-602162358-1708537768-839522115-1004.rrr
------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------
7/10/2006 6:35:37 AM
Complete
Remember, if you haven't got a smile on your face and
laughter in your heart......Then you are just an old sour fart.

BC AdBot (Login to Remove)

 


m

#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:14 AM

Posted 02 October 2006 - 03:30 AM

Hi loveablekitty

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download, install and update Ewido Anti-Spyware v4.0.<--link DO NOT perform a scan yet..

Print out the Ewido Install and Scan Instructions<--link

Please download ATF Cleaner<--link by Atribune.DO NOT use yet..

Reboot your computer in SAFE MODE"<--link using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.]

now Scan with Ewido per the "Safe Mode" instructions you printed out.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.

reboot back to normal mode .

If you are still having problems.. Come back and we'll advise you further.

Stelios :thumbsup:

#3 loveablekitty

loveablekitty
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:missouri
  • Local time:03:14 AM

Posted 02 October 2006 - 03:54 PM

Good evening DASOS, Thank YOU for your help, I did everything and the scan came out clean ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:32:03 PM 10/2/2006

+ Scan result:



Nothing found.


::Report end
should I scan again in normal ? and now that I have this EWIDO should I use it as my antspyware? I see that one can set it to always run in background. I now use spywaredoctor (paid app) Registry mech, spybotS&D, spywareblaster, keroFW. I havent ran any scan today other then this and registry mech which comes on at win/startup ,that did show a few things ,it always does even tho I hit fix it, so Im not sure if all is right ? thx again "o} L-kit
Remember, if you haven't got a smile on your face and
laughter in your heart......Then you are just an old sour fart.

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:14 AM

Posted 03 October 2006 - 06:20 AM

Hello loveablekitty

No need to scan again, the report is clean!!

You can keep Ewido ( AVG Anti-Spyware 7.5 it's the new name) it’s a great program. After the 30 day trial, these extensions ('Resident Shield' and 'Automatic Update') will be deactivated and the program will turn into a feature-limited freeware version unless you choose to purchase the full version, you will have to manually update the definition files before each scan.

Please scan again with spyware doctor and post back the log.
Also let us know if you still have problems.


Stelios :thumbsup:

#5 loveablekitty

loveablekitty
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:missouri
  • Local time:03:14 AM

Posted 03 October 2006 - 09:24 AM

Good morning DASOS scan report:

Scan Results:
scan start: 10/3/2006 8:08:17 AM
scan stop: 10/3/2006 8:43:54 AM
scanned items: 89662
found items: 0
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
this was a full system scan
THIS IS A GOOD CP DAY so far lol
DAS, also usasma, & enthus is helping me over in WIN/XP H&P AND I have did what they have asked. (except the win/live care I cant--page always has error) might want to pop over there "o} also Buddy POST there too and I"m thinking that just might be most of my CP probs "o{ A BIG THX to you & E1 for your time and help and PATIENTS
L-Kit
Remember, if you haven't got a smile on your face and
laughter in your heart......Then you are just an old sour fart.

#6 loveablekitty

loveablekitty
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:missouri
  • Local time:03:14 AM

Posted 18 October 2006 - 07:30 PM

Hi DASOS, since you last helped me my CP has been running great . Ewido 4.0 has been work nicely. I never get a bad scan "o} but today after I did all my updates on all the spywares and did an scan with Adaware se it found a trojan ( win32.trogan Agent) I quarantine it and the went to scan with Ewido but it wont run, I tryed to open it nothing, even the tray icon wont work . I even tryed to remove it in add/remove but I cant , I cant even uninstall it. the 30day free isnt up yet either. Can you give me any advice to what I to do. THx once again L-KIt PS I can and did scans with my spywares came out clean and seems to be working ok. spybot S&d, and spyblaster
Remember, if you haven't got a smile on your face and
laughter in your heart......Then you are just an old sour fart.

#7 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:14 AM

Posted 19 October 2006 - 12:48 AM

Hi loveablekitty

Did you try to run AVG Anti-Spyware 7.5 in safe mode?



Stelios :thumbsup:

#8 loveablekitty

loveablekitty
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:missouri
  • Local time:03:14 AM

Posted 19 October 2006 - 08:43 AM

Hi Dasos. I have the old version ewido 4.o that you had me download, the prb is I CANT OPEN THE APP ---when I click the icon the hrglass comes up the fades away but EWIDO wont openso I cant scan. I also been trying to uninstall it thru control add/remove the wizard come up I follow the instuctions but soon as it starts uninstalling it stops 30sec into it nothing happens and the buttons fades out cant use them. then I have to go into window task to stop the running to get the box to close ( it does show its running in there but its not . I also tryed going to the files and using the uninstall there SAME THIG HAPPENS grr so I cant uninstall 4.0 so I CANT INSTALL AVG Anti-Spyware 7.5 and so CANT DO ANyTHING IN SAFE MODE ( yes did try to see if ewido 4,0 would work in safe, nope!!!! and yes in systems it shows its running some where lol should I try to get it in window task and then stop the running to see if thats why it wont uninstall ???? this is frustrating "o{
Remember, if you haven't got a smile on your face and
laughter in your heart......Then you are just an old sour fart.

#9 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:14 AM

Posted 19 October 2006 - 11:21 AM

Hello loveablekitty



Go to Start > Run and type: services.msc
Press "OK".
Click the "Extended tab" and scroll down the list to find Ewido guard.
When you find the guard service, double-click on it.
In the Properties Window > General Tab that opens, click the "Stop" button.
From the drop-down menu next to "Startup Type", click on "Manual".
Now click "Apply", then "OK" and close the Services window.

Now try to uninstall it.


Stelios :thumbsup:

#10 loveablekitty

loveablekitty
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:missouri
  • Local time:03:14 AM

Posted 19 October 2006 - 11:36 AM

HI, ok I did as you said but the buttons wont light up but it was already on manual . yeah I can now get into EWIDO so Ill try uninstalling it in control panel back soon fingers cross!!! "o}
Remember, if you haven't got a smile on your face and
laughter in your heart......Then you are just an old sour fart.

#11 loveablekitty

loveablekitty
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:missouri
  • Local time:03:14 AM

Posted 19 October 2006 - 11:43 AM

Das its asking do I want to remove files in QUar antine and the reports ?????
Remember, if you haven't got a smile on your face and
laughter in your heart......Then you are just an old sour fart.

#12 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:14 AM

Posted 19 October 2006 - 11:46 AM

Yes do it.

#13 loveablekitty

loveablekitty
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:missouri
  • Local time:03:14 AM

Posted 19 October 2006 - 11:47 AM

thx be back lol
Remember, if you haven't got a smile on your face and
laughter in your heart......Then you are just an old sour fart.

#14 loveablekitty

loveablekitty
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Location:missouri
  • Local time:03:14 AM

Posted 19 October 2006 - 11:50 AM

THank you das its gone now to dl and install AVG Anti-Spyware 7.5 and see IF I can get that trogan out thx soooooo much L _KIT
Remember, if you haven't got a smile on your face and
laughter in your heart......Then you are just an old sour fart.

#15 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:14 AM

Posted 19 October 2006 - 11:55 AM

Ok! install - reboot - update - scan in safe mode :thumbsup:



Stelios :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users