Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinTools and More


  • Please log in to reply

#1
boilerpete80

boilerpete80

    New Member

  • Member
  • Pip
  • 6 posts
My daughter's computer started out with a zillion and three spyware programs running. I've managed to eliminate most of them. I know Wintools, MsTask and WinMgmt are still on, plus a couple others.

I've run all the fixes endorsed on your site (Ad-Aware, SpyCatcher, Cleanup, SpyBot Search + Destroy) and probably a few others in between.

When I run MicroSoft AntiSpyware, it hangs on the registry key for WInTools. I've tried manually deleting the file by editting the registry, but it won't let me.

So, I'm looking for whatever help is out there.

Thanks!

Boilerpete80

Here's my HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 1:16:36 AM, on 1/28/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Navnt\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\Tmas\tmas.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\boilerpete80\Local Settings\Temporary Internet Files\Content.IE5\3ZEF1RKG\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - AppInit_DLLs: interceptor.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

And here's my ActiveScan log:


Incident Status Location

Adware:adware/keenvalue Not disinfected C:\WINNT\SYSTEM32\DRIVERS\ETC\hosts.bho
Adware:adware/delfinmedia Not disinfected C:\keys.ini
Adware:adware/sidesearch Not disinfected
C:\Documents and Settings\Eric Acker\Application Data\Lycos
Adware:adware/wintools Not disinfected
Windows Registry
Spyware:Cookie/Tribalfusion Not disinfected
C:\Documents and Settings\Eric Acker\Cookies\eric [email protected][2].txt
Adware:Adware/Startware Not disinfected
C:\Documents and Settings\Eric Acker\Desktop\backups\backup-20050909-200542-322.dll
Potentially unwanted tool:Application/Processor Not disinfected
C:\Program Files\Security Stronghold\True Sword\Infected\process.exe
Adware:Adware/SAHAgent Not disinfected C:\WINNT\inf\biS.inf
  • 0

Advertisements


#2
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINNT\SYSTEM32\DRIVERS\ETC\hosts.bho
C:\keys.ini
C:\Documents and Settings\Eric Acker\Application Data\Lycos
C:\WINNT\inf\biS.inf

Reboot back to normal mode
  • Double-click the TrendMicro icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click Start Scan
  • After it's done scanning, click Scan Results
  • Make sure all items found have a check next to them, then click Clean Threats Now.
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called Antispyware.log, please double-click that log and copy the entire contents and paste them here.
  • 0

#3
boilerpete80

boilerpete80

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I did everything you listed. Here is the log.

Thanks!

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Sun Jan 22 22:13:13 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

[SPYSUBTRACT] An error has occurred while scanning IE Plugins.

An Unexpected Problem was encountered

. Error#: 0x80004003
Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Sun Jan 22 23:39:20 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

[SPYSUBTRACT] An error has occurred while scanning IE Plugins.

An Unexpected Problem was encountered

. Error#: 0x80004003
Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Mon Jan 23 02:52:37 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

[SPYSUBTRACT] An error has occurred while scanning IE Plugins.

An Unexpected Problem was encountered

. Error#: 0x80004003
Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Mon Jan 23 05:38:32 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
IE Plugins: Found '{0A87E45F-537A-40B4-B812-E2544C21A09F}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
Program Startup Areas: Found 'SpyCatcher Reminder' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'C:\Program Files\SpyCatcher 2006\Protector.exe' in 'C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk'
Program Startup Areas: Found 'C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe' in 'C:\Documents and Settings\Eric Acker\Start Menu\Programs\Startup\Scheduler.lnk'
Web Browser Security Settings: Found 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Mon Jan 23 20:21:43 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

[SPYSUBTRACT] An error has occurred while scanning IE Plugins.

An Unexpected Problem was encountered

. Error#: 0x80004003
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Mon Jan 23 20:30:08 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

[SPYSUBTRACT] An error has occurred while scanning IE Plugins.

An Unexpected Problem was encountered

. Error#: 0x80004003
Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Mon Jan 23 20:47:46 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Cleaning
Internet Explorer/MSN/AOL Cache
Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in ''
Windows Temp Files
Delete History Items on Startup: Cleaned 'Windows Temp Files' in ''
Cookies
Delete History Items on Startup: Cleaned 'Cookies' in ''
Finished Cleaning
Started Scanning
CoolWebSearch Variants (CWShredder)
Finished Scanning
Started Cleaning
Internet Explorer/MSN/AOL Cache
Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in ''
Windows Temp Files
Delete History Items on Startup: Cleaned 'Windows Temp Files' in ''
Cookies
Delete History Items on Startup: Cleaned 'Cookies' in ''
Finished Cleaning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Mon Jan 23 21:00:39 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Mon Jan 23 22:42:50 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Tue Jan 24 19:47:07 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Tue Jan 24 21:46:21 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
IE Downloaded Program Files: Found 'BDSCANONLINE Control' in 'C:\WINNT\bdoscandellang.ini,C:\WINNT\bdoscandel.exe,C:\WINNT\Downloaded Program Files\live.ini,C:\WINNT\Downloaded Program Files\scanoptions.tsi,C:\WINNT\Downloaded Program Files\lang.ini,C:\WINNT\Downloaded Program Files\ipsupd.dll,C:\WINNT\Downloaded Program Files\bdupd.dll,C:\WINNT\Downloaded Program Files\libfn.dll,C:\WINNT\Downloaded Program Files\bdcore.dll,C:\WINNT\Downloaded Program Files\oscan8.ocx,C:\WINNT\Downloaded Program Files\oscan8.inf'
IE Downloaded Program Files: Found 'ActiveScan Installer Class' in 'C:\WINNT\Downloaded Program Files\asinst.inf'
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Wed Jan 25 03:42:24 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Thu Jan 26 02:38:48 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Fri Jan 27 03:41:27 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Sat Jan 28 00:51:50 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session ended ---------------------------------

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Sat Jan 28 01:01:12 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Scanning is stopping...
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Sat Jan 28 02:38:48 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Sun Jan 29 03:07:25 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Mon Jan 30 03:34:55 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Mon Jan 30 15:12:09 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Tue Jan 31 15:49:06 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Wed Feb 01 16:57:57 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Wed Feb 01 17:06:11 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Thu Feb 02 02:39:57 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session ended ---------------------------------

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Thu Feb 02 15:27:01 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Thu Feb 02 19:13:45 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Thu Feb 02 19:18:22 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Internet Cookies
Internet Cookies: Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'adrevolver.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'as-eu.falkag.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'ask.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'atwola.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'casalemedia.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'dist.belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'perf.overture.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'questionmarket.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'realmedia.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'tradedoubler.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'trafficmp.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'tribalfusion.com' in 'Internet Explorer Cache'
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Windows Registry: Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/bridge.dll'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Internet Cookies: Cleaned 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'adrevolver.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'media.adrevolver.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'as-eu.falkag.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'ask.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'atwola.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'media.adrevolver.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'casalemedia.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'dist.belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'perf.overture.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'questionmarket.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'realmedia.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'tradedoubler.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'trafficmp.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'tribalfusion.com' in 'Internet Explorer Cache'
Windows Registry: Cleaned '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/bridge.dll'
Finished Cleaning
Started Cleaning
Internet Explorer/MSN/AOL Cache
Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in ''
Windows Temp Files
Delete History Items on Startup: Cleaned 'Windows Temp Files' in ''
Cookies
Delete History Items on Startup: Cleaned 'Cookies' in ''
Finished Cleaning
Started Scanning
CoolWebSearch Variants (CWShredder)
Finished Scanning
Started Cleaning
Internet Explorer/MSN/AOL Cache
Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in ''
Windows Temp Files
Delete History Items on Startup: Cleaned 'Windows Temp Files' in ''
Cookies
Delete History Items on Startup: Cleaned 'Cookies' in ''
Finished Cleaning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Thu Feb 02 19:43:12 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HOME-2
Time=Thu Feb 02 19:55:48 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
  • 0

#4
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
ok, i dont know what went wrong there :| but anywho

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan
  • 0

#5
boilerpete80

boilerpete80

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I don't know if it's good news or bad news, but the Kaspersky scan came up clean.
However, MicroSoft Antiaspyware still detects WinTools, and it hangs when it gets to registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools

It won't let me delete that key through regedit.

The Kaspersky scan text file follows.

Thanks for the help!

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, February 03, 2006 23:46:40
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 4/02/2006
Kaspersky Anti-Virus database records: 164055
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 37076
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 3752 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.
  • 0

#6
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
can you specify an error (during the regsitry editing)?
  • 0

#7
boilerpete80

boilerpete80

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
When I open regedit and try to delete that particular key, (righ-click on the key), I get a dialogue box that says: "Error Deleting Key. Cannot Delete WinTools: Error While Deleting Key".

I ran Spybot tonight, and it found Huntbar and could not delete it. I tried their suggestion ("Can we run Spybot when you next boot up?") but that didn't solve it either. I tried running it in Safe Mode and still no luck.

Under Task Manager, I have MsTask and WinMgmt as processes I can't end by right-clicking and selecting "End Process" ("UNable to terminate process. Access is Denied.")

AdAware and Trend Micro Anti-Spyware showed up clean.

MicroSoft Anti-Spyware still hangs when it gets to the WinTools registry key in the HKEY_Local_Machine folder.

Thanks for your patience in working with me. I don't know what else to try.
  • 0

#8
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
if you are feeling up for it, a user here has had the same trouble and managed to solve it :tazz: i suggest you try those reccomendations. Let me know how it goes.
  • 0

#9
boilerpete80

boilerpete80

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I think we're getting closer. The solution listed on your link was at www.pche!!.com, but I had already tried that and it didn't work. However, the idea of taking ownership of the registry key seemed like a possibility. On my computer (Window XP Professional), I can open regedit, find a registry key, right click on it, and there is the menu pick for "Permissions". From there, I can find where the other person was able to change the ownership of that key and then delete it. However, on my daughter's computer (Windows 2000 Pro), the one with the problem registry key, right-clicking on it doesn't have a "Permissions" choice.

So, how do I do that in Window 2000 Pro?

Thanks,

boilerpete80
  • 0

#10
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
so sorry for the delay :tazz: i will need to consult a friend for this. Please bear with me.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP