Cannot even launch Spybot/ad-aware/cwshredder, etc.
-
Cannot even launch Spybot/ad-aware/cwshredder, etc.
Hi, this evening I went to connect to Steam and play CS for a while but each time it tried to launch I got an error message. I tried to re-install it, still no success. I then ran Spybot and Ad-aware which both found a bunch of things and cleared them out.
I also downloaded and installed a security update from Microsoft.com.
After rebooting the machine, I still received the Steam error and tried to launch Spybot and Adaware again. Now I get an error saying "The Application failed to initialise properly" for them, and the same thing occurs when trying to run CWShredder, and if I try to activate the pc protector service of the Ewido anti-virus software (free trial version)
I ran Hijack this and this is what my logfile looks like:
Logfile of HijackThis v1.99.1
Scan saved at 23:31:25, on 21/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\UAService7.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Karol Costello\Desktop\Misc Installs\spyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Real Alternative\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Gainward] C:\WINNT\TBPanel.exe /A
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\\Steam.exe" -silent
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINNT\system32\SCardClnt.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\system32\UAService7.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Would anyone have any idea about what my problem is?
-
Just a quick addendum, the problem is a little worse than I thought, now I can't run Steam or World of Warcraft, Internet Explorer gives me an about:Blank page, in fact just about any program that requires the internet will not start.
-
Remove the following entry in Hijackthis as follows:
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINNT\system32\SCardClnt.exe (file missing)
Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.
Let us know if the above entry no longer appears once you reboot and how things are now behaving: any new or remaining apparent issues.
-
Followed the above steps, but that entry still appears in the list when I run HijackThis after rebooting.
All of the previous problems still occur. I've also noticed that whatever my problem is, it seems to have deleted my Steam game files. Half-Life 2, Day of Defeat: Source and Counter-Strike: Source all say that they need to be downloaded again when they are run from the desktop shortcuts.
If it's any help, log file looks like this now:
Logfile of HijackThis v1.99.1
Scan saved at 05
52, on 22/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\UAService7.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Karol Costello\Desktop\Misc Installs\spyware\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Real Alternative\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Gainward] C:\WINNT\TBPanel.exe /A
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\\Steam.exe" -silent
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINNT\system32\SCardClnt.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\system32\UAService7.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
-
http://www.siteadvisor.com/sites/security2k.net
Try removing the following lines in HijackThis (plus previous item again):
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
In the next steps we are going to try and stop a Service. It's possible that this entry will not show up anymore. In that case, proceed with the next instruction.
Click Start then Run
Type in services.msc
Click Ok
Scroll down, locate if possible, and double click on the service called Smart Card Client (SCardClnt)
Click Stop and then set the Startup Type to Disabled.
Please download ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only
It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
Click the Empty Selected button.
If you use Firefox browser - Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser - Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
-
I managed to remove that Scardclnt (missing file) from showing up in the Hijackthis scan by deleting all of the entries relating to it in Regedit, rebooted, made sure it wasn't turning up. All the problems I've been having are persisting.
I'll try the steps listed in the post above when I get home from work this evening, but at the moment it's looking like Format C: -> reinstall everything...
-
Tried the steps above, but unfortunately there's still no joy 
I ran a full Ewido Anti-Malware search which cleared out 28 items while running windows in safe mode.
On rebooting, my desktop picture had reverted to the usual Windows blue, but all of my applications still give the error "Application failed to initialize (0xc00000005)
Latest Hijackthis file looks like:
Logfile of HijackThis v1.99.1
Scan saved at 22:06:36, on 22/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4
(5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido
anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\UAService7.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] C:\Program
Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons]
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program
Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NeroCheck]
C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program
Files\Real Alternative\Update_OB\evntsvc.exe
-osboot
O4 - HKLM\..\Run: [Gainward]
C:\WINNT\TBPanel.exe /A
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "C:\Program
Files\Valve\Steam\\Steam.exe" -silent
O4 - Global Startup: Microsoft Office.lnk =
C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program
Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Logical Disk Manager
Administrative Service (dmadmin) - VERITAS
Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control -
ewido networks - C:\Program Files\ewido
anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega
Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Macromedia Licensing Service -
Unknown owner - C:\Program Files\Common
Files\Macromedia Shared\Service\Macromedia
Licensing.exe
O23 - Service: NVIDIA Display Driver Service
(NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) -
- C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX
Agent Service (default)) - Analog Devices, Inc.
- C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7)
(UserAccess7) - Unknown owner -
C:\WINNT\system32\UAService7.exe
O23 - Service: Iomega Active Disk
(_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega
Corporation - C:\Program
Files\Iomega\AutoDisk\ADService.exe
Anyone got any more ideas as to what might be the problem?
-
SpyAxe is a player in the Smitrem saga of unrelenting modifications to the Smitrem Family of infections and it would be wise to check for remnants of this infection given the security2k.net exposure risk.
Please read these instructions carefully and print them out (or copy to a file on your DESKTOP)! Be sure to follow ALL instructions (except perhaps scans already run)! Make sure to at least run smitRem scan (below).
Download smitRem.exe and save the file to your desktop.
Alternate SITE: smitRem.exe
Double click on the file to extract it to it's own folder on the desktop.
Place a shortcut to Panda ActiveScan on your desktop ((drag the text link to your desktop)).
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup. Don't run it yet!
Next, please reboot your computer in SafeMode by doing the following: - Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested (below) in your next reply.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:- Click on scanner
- Click on Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
Close Ewido
Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.
Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan.
Save the Panda scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log.
Let us know if any problems persist.
