Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

SpyWare Doctor/dll.Scan_Start

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

SpyWare Doctor/dll.Scan_Start

Unread postby Hazel » November 21st, 2007, 2:01 pm

Please can someone help me before I have a nervous breakdown?
When I use SpyWare Doctor to run a scan, 29% of the way through I get the message
dll.Scan_Start:Invalid data type for ImagePath
When I click on OK, the scan restarts at 40%
I suspect this is the reason my PC is so slow and keeps freezing
How can I get rid of this "thing"?
Hazel
Active Member
 
Posts: 11
Joined: November 21st, 2007, 1:50 pm
Advertisement
Register to Remove

Re: SpyWare Doctor/dll.Scan_Start

Unread postby John B. » November 26th, 2007, 12:00 pm

Hi! :hello2: and welcome to the Malware Removal forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Finally, please make a uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:
    • Start HijackThis
    • Click on the Config button
    • Click on the Misc Tools button
    • Click on the Open Uninstall Manager button.
    • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic.
Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: SpyWare Doctor/dll.Scan_Start

Unread postby Hazel » November 28th, 2007, 9:10 am

Thank you John, I am immensely grateful. Have done as you requested so far. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:33, on 28/11/2007
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\WINNT\loadqm.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Adaptec\PHOTOR~1\CreateCD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\internat.exe
C:\System\reminder.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ErrorKiller] "C:\Program Files\ErrorKiller\ErrorKiller.exe" -boot
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\PHOTOR~1\CreateCD.exe -r
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Reminder] C:\System\reminder.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4611367787
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8419 bytes

and this is the uninstall list:

Adaptec Easy CD Creator 4
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
broadband medic
CC_ccProxyExt
ccCommon
ccPxyCore
ErrorKiller 2.7.0
FlashPath
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
iTunes
LiveReg (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)
Microsoft Money 98
Microsoft Office 2000 Premium
MSN Messenger 6.2
MSN Toolbar
MSRedist
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton GoBack 4.02 (Symantec Corporation)
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
Norton WMI Update
OLYMPUS CAMEDIA Master 4.0
QuickTime
RealPlayer
S3 Gamma
S3 Savage4 Family Display Switch2 Utility
SPBBC
Symantec KB-DocID:2003093015493306
Symantec Script Blocking Installer
Symantec Technical Support Web Controls
SymNet
Uniblue RegistryBooster 2
VIA Bus Master Ultra ATA Driver (Remove)
Windows 2000 Service Pack 2

Looking forward to hearing from you.
Again, many thanks
Hazel
Hazel
Active Member
 
Posts: 11
Joined: November 21st, 2007, 1:50 pm

Re: SpyWare Doctor/dll.Scan_Start

Unread postby John B. » November 28th, 2007, 1:25 pm

Hi Hazel,

Have you tried reinstall Spyware Doctor? I can't see it installed on your system. The error says that there's an invalid file or invalid data in a file. Most of the times reinstalling the program would help.

Your HijackThis log looks clean, but there's one thing that bothers me. You're still running W2k with Service Pack 2 while the most recent Service Pack is number 4. Also your version of Internet Explorer is outdated. Is there any specific reason why you're so far behind on updates? Are you on dial up?

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: SpyWare Doctor/dll.Scan_Start

Unread postby Hazel » November 30th, 2007, 7:17 am

Hi John

I have tried uninstalling and reinstalling SpyWare Doctor many times - I must have just uninstalled it during yet another attempt to rectify this problem by that method when I sent you the log. It makes no difference at all, exactly the same problem remains.
Would you like me to reinstall it and then resend you the log?

One thing I have found odd is that when I download the most recent version of Spyware Doctor, it won't install, but gives me a message that I need Windows 2000 or higher. I have Windows 2000 Professional, so I don't understand this at all. I have therefore had to stick with Spyware Doctor version 4

I have no idea what "W2k with Service pack 2" means I'm afraid.

Ahh - Windows 2000?!! Ok, still don't understand the Service Pack 2 bit though!

The version of Internet Explorer is probably the same one that was installed onto my PC at the time it was given to me - as I've never been prompted to upgrade it, it wouldn't occur to me to to so. But I shall see about doing it now.

I have broadband.

I look forward to your reply

Hazel
Hazel
Active Member
 
Posts: 11
Joined: November 21st, 2007, 1:50 pm

Re: SpyWare Doctor/dll.Scan_Start

Unread postby Hazel » November 30th, 2007, 11:30 am

John, I have updated to Windows 2000 Service Pack 4 and Internet Explorer 6. This has allowed me to install Spyware Doctor 5.5 which I am currently running a full scan with. Keep you posted

Hazel
Hazel
Active Member
 
Posts: 11
Joined: November 21st, 2007, 1:50 pm

Re: SpyWare Doctor/dll.Scan_Start

Unread postby John B. » December 1st, 2007, 6:40 am

No more problems?
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: SpyWare Doctor/dll.Scan_Start

Unread postby Hazel » December 1st, 2007, 11:40 am

The full scan found a high risk level piece of spyware which I was then able to remove so fingers crossed that's the probelm sorted. Thank you very much for your help, John, it was much appreciated
Hazel
Hazel
Active Member
 
Posts: 11
Joined: November 21st, 2007, 1:50 pm

Re: SpyWare Doctor/dll.Scan_Start

Unread postby John B. » December 1st, 2007, 2:49 pm

Hi Hazel,

As the scan found some malware I'd like to be sure you're all clean.

Step 1: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Step 2: Run Kaspersky Online Scan
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Step 3: Reply to me
Please post the Kaspersky log together with a fresh HijackThis log and tell me what Spyware Docter exactly found (include the name of the infection and the path of the file(s)).

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: SpyWare Doctor/dll.Scan_Start

Unread postby John B. » December 4th, 2007, 10:51 am

You don't want anymore help?
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: SpyWare Doctor/dll.Scan_Start

Unread postby Hazel » December 5th, 2007, 1:09 pm

Hi John
Sorry for delay, haven't been well.
I downloaded & ran ATF cleaner but wasn't able to do as you said.
In Main, Prefetch was not highlighted so I couldn't select it. I selected the others you said and this freed up some memory.
Neither Firefox nor Opera were highlighted either so I couldn't click on either of these to run them.

I am currently scanning with Kapersky - it's taking some time so I will get back to you when it's completed.

Thanks
Hazel
Hazel
Active Member
 
Posts: 11
Joined: November 21st, 2007, 1:50 pm

Re: SpyWare Doctor/dll.Scan_Start

Unread postby Hazel » December 5th, 2007, 4:09 pm

Dear John,

Here's the Kapersky scan. I suspect many of these infections are of a result of my stepson using my PC without permission to look at porn sites...he no longer has access. Not impressed.
I've not done anything about removing the infections yet - will wait to hear what you advise

KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 05, 2007 7:34:35 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/12/2007
Kaspersky Anti-Virus database records: 473083


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 113724
Number of viruses found 1
Number of infected objects 24
Number of suspicious objects 0
Duration of the scan process 04:07:56

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-05_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Hazel\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Hazel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Hazel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Hazel\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Hazel\Local Settings\History\History.IE5\MSHist012007120520071206\index.dat Object is locked skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[10].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[11].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[12].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[13].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[14].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[15].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[16].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[17].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[18].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[19].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[1].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[20].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[21].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[22].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[23].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[24].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[2].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[3].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[4].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[5].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[6].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[7].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[8].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[9].wmv Infected: Trojan-Downloader.WMA.Wimad.h skipped

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Hazel\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Hazel\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\ntl\broadband medic\SmartBridge\AlertFilter.log Object is locked skipped

C:\Program Files\ntl\broadband medic\SmartBridge\log\httpclient.log Object is locked skipped

C:\Program Files\ntl\broadband medic\SmartBridge\SmartBridge.log Object is locked skipped

C:\WINNT\CSC\00000001 Object is locked skipped

C:\WINNT\Debug\ipsecpa.log Object is locked skipped

C:\WINNT\Debug\oakley.log Object is locked skipped

C:\WINNT\Debug\PASSWD.LOG Object is locked skipped

C:\WINNT\SchedLgU.Txt Object is locked skipped

C:\WINNT\security\logs\scepol.log Object is locked skipped

C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped

C:\WINNT\system32\config\default Object is locked skipped

C:\WINNT\system32\config\default.LOG Object is locked skipped

C:\WINNT\system32\config\SAM Object is locked skipped

C:\WINNT\system32\config\SAM.LOG Object is locked skipped

C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SECURITY Object is locked skipped

C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped

C:\WINNT\system32\config\software Object is locked skipped

C:\WINNT\system32\config\software.LOG Object is locked skipped

C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped

C:\WINNT\system32\config\system Object is locked skipped

C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped

D:\gobackio.bin Object is locked skipped

Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:36, on 05/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Adaptec\PHOTOR~1\CreateCD.exe
C:\WINNT\system32\internat.exe
C:\System\reminder.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ErrorKiller] "C:\Program Files\ErrorKiller\ErrorKiller.exe" -boot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\PHOTOR~1\CreateCD.exe -r
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Reminder] C:\System\reminder.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4611367787
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9261 bytes


Scan process completed.

As regards what SpyWare Doctor removed, I'm having difficulty finding the information I think you need. Under "Quarantine" it says 2 items quarantined, Threat name Spyware.Known_Bad-Sites

When I click on details, I get a message I can't copy/paste but gives details of Quarantine storage file, date & time quarantine, file size 69632 bytes, items 2
then
Spyware.Known_Bad-Sites - low
D:\old system 0804\Program Files\FreeRIP2\kbase.url
D:\old system 0804\Program Files\FreeRIP2\freerip.url

If I then click on "learn more about this threat", I get:

Spyware Research > Infections > Spyware.Known_Bad_Sites
Details of the selected infection are shown below. This infection can be detected and cleaned using Spyware Doctor.

Name: Spyware.Known_Bad_Sites
Threat Level: High

Description: Indicates that a known bad site may have hijacked. Adware, Spyware and Phishing sites may use the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site such as your Bank.
Type: Spyware
Removal: This infection can be removed using Spyware Doctor.


--------------------------------------------------------------------------------


At least one or more of the following fields may be indicated:

Name: the name of the specific infection, as presented in the database.
Also known as: other names by which this infection may be known.
Type: the category to which the infection belongs. Refer to the Glossary for further details on infection types.
Variant: the family of infections to which this infection belongs.
By: the vendor of this infection.
Threat: the threat level assigned to this infection.
Description: a more detailed description of the infection. If the information is available, technical aspects and symptoms of this infection are described here.

Does that help?

Hazel
Hazel
Active Member
 
Posts: 11
Joined: November 21st, 2007, 1:50 pm

Re: SpyWare Doctor/dll.Scan_Start

Unread postby John B. » December 6th, 2007, 3:37 pm

Hi Hazel,

Spyware Doctor succesfully removed the stuff it found so there are only some infected movies in the temporary internet files ;) Guess what the filenames are: Chicks_Bouncing_Around.

Step 1: Show your hidden files
To enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon (or click Start, then select My Computer)
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.
Step 2: Delete bad files
Use Explorer to navigate to and delete the following files (if present):

C:\Documents and Settings\Hazel\Local Settings\Temporary Internet Files\Content.IE5\8HMBWTG5\3_Chicks_Bouncing_Around_encrypted[*].wmv << NOTE: The * between those ] and [ signs stands for a number. There are a lot of different ones so just remove all the ones that begin with 3_Chicks_Bouncing_Around_encrypted

Now just exit Explorer.

This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    Turn off System Restore.
    On the Desktop, right-click My Computer
    Click Properties
    Click the System Restore tab
    Check Turn off System Restore
    Click Apply, and then click OK

    Reboot.

    Turn on System Restore.
    On the Desktop, right-click My Computer
    Click Properties
    Click the System Restore tab
    Uncheck Turn off System Restore
    Click Apply, and then click OK
    NOTE: only do this ONCE, NOT on a regular basis!
  • Re hide your system files To do so, please follow the steps below:
    • Double-click My Computer.
    • Click the Tools menu, and then click Folder Options.
    • Click the View tab.
    • Put a check by "Hide file extensions for known file types."
    • Under the "Hidden files" folder, select "Do not show hidden files and folders."
    • Check "Hide protected operating system files."
    • Click Apply, and then click OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound/outbound not sure). Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most used:
    Comodo
    Kerio
    ZoneAlarm
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

>> Here << you can see how you can help us.

May your God go with you..

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: SpyWare Doctor/dll.Scan_Start

Unread postby Hazel » December 7th, 2007, 7:32 am

Hi John,

I have removed all the "Chicks Bouncing Around"...
But what about the virus the Kapersky scan detected?

Regarding "Disable and Enable System Restore", I have Windows 2000 not ME or XP so I haven't followed your instructions there - is there something else I should do instead suitable for Windows 2000?

Do I need to keep all the new icons on my desktop - it's getting rather crowded! eg. uninstall list, kapersky, hijack this, ATF cleaning...

My antivirus updates automatically when my computer starts up so that should be OK. I will download a firewall and the anti spyware. With the anti Spyware you've suggested, is it worth me also renewing my subscription with Spyware doctor next year or not? I've also got RegistryBooster 2 and Errorkiller - is it worth me keeping these or shall I just uninstall them?

If you can get back to me about the virus Kapersky said it found, I'd be very grateful,

Hazel
Hazel
Active Member
 
Posts: 11
Joined: November 21st, 2007, 1:50 pm

Re: SpyWare Doctor/dll.Scan_Start

Unread postby Hazel » December 7th, 2007, 9:54 am

Also, when I upgraded to service pack 4, I got the option to be automatically informed of any Windows updates and prompted to install them so hopefully that's sufficient in that respect?

Having some difficulties installing the firewall. Will try again and get back to you

Hazel
Hazel
Active Member
 
Posts: 11
Joined: November 21st, 2007, 1:50 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware