1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Another virus infection:(Dr watson i presume

Discussion in 'Virus & Other Malware Removal' started by cbaz, Sep 5, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. cbaz

    cbaz Thread Starter

    Joined:
    Feb 3, 2005
    Messages:
    7
    Please help!
    I have no idea whats happening to this pc
    Its my sisters
    she mainly uses it for msn..
    I have it hooked up to mine and since its in the living room
    I use it to watch movies from my pc...
    but now when I go to my network places;
    only "My Web Sites on MSN" shows up
    and when i click: view workgroup computers
    I get an error message: "workgroup is not accessible... The list of servers for this workgroup is not currently available" :(
    it used to work just fine.
    now I cant access my files from this pc
    but when i go to mine i can still access files from this one..
    sometimes i get this aurora screen that pops out of nowhere;
    "you computer may contain spyware.." etc.. etc...
    and other times Dr Watson Post Mortem Debugger
    decides to crash the system.


    anyone please help me!!

    Logfile of HijackThis v1.99.1
    Scan saved at 10:50:37 PM, on 5/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
    C:\WINDOWS\system32\fubywco.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Cbas\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = C-BAZ 2005
    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [whyzuw] C:\WINDOWS\system32\fubywco.exe r
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [csrss] C:\Program Files\CursorXP\CursorXP.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
     
  2. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Hello

    Welcome to the forum. I am checking your log now and will return as soon as I have researched all the items.

    While we are working together, please ....
    • Reply to this thread. Do not start a new topic.
    • If you are unsure of what to do, stop and ask! Don't keep going on.
    • Be patient. HijackThis logs take some time to research.
    Please note the following:
    • I will be working on your Malware issues: This may or may not, solve other issues you may have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine.
    • Please continue to review my answers until I tell you your machine is clear. (Absence of symptoms does not mean that everything is clear.)
    • The process may take considerable time.

    David :)
     
  3. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    You are currently using HijackThis from a temporary directory, this can cause problems.
    HijackThis creates backups, these are needed in case of any recovery issues.
    Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

    STEPS For Creating Folder

    1. 1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

      2. Download HijackThis to the new folder:

      3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

      4. Close ALL windows except HJT

      5. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

      6. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')
    Please make sure you post the entire log including the top portion:

    DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER
     
  4. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Hi and Welcome Cbaz! :)

    Please do one of the following before we start:

    1) Please print off these intructions - they will be needed later when internet access is not available.
    2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
    --------------------
    *Click here http://www.mypctuneup.com/evaluate.php download and run the free uninstaller.
    --------------------

    We must stop, disable and delete an added service (023)

    1. To stop a service and set to 'disabled'

    • Go to Start > Run and type in Services.msc then click OK
    • Click the Extended tab.
    • Scroll down until you find the service.
    • Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe(file missing)

    • Click once on the service to highlight it.
    • Click Stop
    • Right-Click on the service.
    • Click on 'Properties'
    • Select the 'General' tab
    • Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
    • From the drop-down menu, click on 'Disabled'
    • Click the 'Apply' tab, then click 'OK'
    • The service is now stopped and disabled.

    --------------------

    Please download ewido security suite (free), and instal it.
    • When installing, under Additional Options uncheck both Install background guard and Install scan via context menu.
    • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
    • The program will prompt you to update. Click the Ok button.
    • The program will now go to the main screen.
    You will need to update Ewido to the latest definition files.
    • On the left-hand side of the main screen click the Update button.
    • Click on Start. The update will start and a progress bar will show the updates being installed.
    Once finished updating, close Ewido. Do NOT run it yet.

    (If you have problems updating, you can use this link to manually update Ewido.
    Make sure that Ewido is closed when installing the update.)

    DO NOT RUN IT YET!

    --------------------

    CleanUp!

    *Download Cleanup from Here
    • A window will open and choose SAVE, then DESKTOP as the destination.
    • On your Desktop, click on Cleanup40.exe icon.
    • Then, click RUN and place a checkmark beside "I Agree"
    • Then click NEXT followed by START and OK.
    • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    • Click OK
    • DO NOT RUN IT YET!

    --------------------

    Download Pocket Killbox, unzip it, and save to your Desktop. Do NOT run it yet.
    --------------------

    *Click here for info on how to boot to safe mode if you don't already know how.
    --------------------

    * Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"
    --------------------

    * Please run HJt again and do another scan. Check the following entries (if present):

    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

    O4 - HKLM\..\Run: [whyzuw] C:\WINDOWS\system32\fubywco.exe r

    O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe


    Please close all browsers and open windows except HJT, then click the Fix Checked button. Close HJT.
    --------------------

    * Restart your computer into safe mode now. Perform the following steps in safe mode:
    --------------------

    Now we can delete those files.

    1. Copy the following list to the Clipboard.
      C:\WINDOWS\system32\fubywco.exe
      c:\windows\SvcProc.exe
    2. Start Pocket Killbox.
    3. Click Delete a file on reboot.
    4. Click File
    5. Select Paste from Clipboard. You should see a file name from the list above appear in the window under "Full Path of File to Delete".
    6. Click the arrow next to that window and ensure that the only the files listed above are present.
    7. Click the red circle with a white cross .
    8. The program will ask you to confirm the delete. Answer yes.
    9. The program will ask you if you want to reboot. Answer yes.

    Allow the system to reboot into normal mode.

    --------------------

    Please close ALL open Windows, Programs and Folders, and run a full scan with Ewido.
    • Click on Scanner
    • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections, then choose clean and click Ok.


    --------------------

    * Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.

    --------------------

    Reboot to normal mode and post new log!
    David :)
     
  5. cbaz

    cbaz Thread Starter

    Joined:
    Feb 3, 2005
    Messages:
    7
    my bad
     
  6. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Please continue with what is said in Post #4
    David :)
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You need to run this fix. The fix D posted isn't going to fix this.

    * Download the trial version of Ewido Security Suite here.
    • Install ewido.
    • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido
    • It will prompt you to update click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click on Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.


    *Download Cleanup from Here
    If that link is down, you can get Cleanup Here.
    • Save the Cleanup40 file to your desktop.
    • On your desktop, click on Cleanup40.exe icon.
    • Then, click RUN and place a checkmark beside "I Agree"
    • Then click NEXT followed by START and OK.
    • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    • Click OK
    • DO NOT RUN IT YET



    * Click here to download Nailfix.zip.
    • Save the file to your desktop.
    • Unzip Nailfix.zip to extract the files it contains.
    • Do not do anything with it yet. You will run the Nailfix.cmd file later in safe mode.


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.


    * Run Ewido:
    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • During the scan it will prompt you to clean files, click OK
    • When the scan is finished, look at the bottom of the screen and click the Save report button.
    • Save the report to your desktop



    * Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.


    * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    * Restart back into Windows normally now.


    * Come back here and post a new HijackThis log, as well as the log from the Ewido scan.
     
  8. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    I don't understand? Doesn't the uninstaller work anymore at removing nail? I used it about a week ago and it did........
    David
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Sorry. I didn't see the uninstaller in the fix. My bad. Anyway, I prefer not to use it unless absolutely necessary myself.
     
  10. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Ok, no worries!
    David! :)
     
  11. cbaz

    cbaz Thread Starter

    Joined:
    Feb 3, 2005
    Messages:
    7
    (y) thank you so much! (y)
    everything seems to be fine now
    Thanks again for the help and for such a quick response!
    :cool: you guys r tops :cool:

    here r the Hijackthis + ewido logs:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:28:20 AM, on 6/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = C-BAZ 2005
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [csrss] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 12:16:21 AM, 6/09/2005
    + Report-Checksum: 1724CB49

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whSurvey -> Spyware.WebHancer : Cleaned with backup
    HKU\S-1-5-21-1004336348-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1004336348-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
    HKU\S-1-5-21-1004336348-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKU\S-1-5-21-1004336348-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
    HKU\S-1-5-21-1004336348-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    HKU\S-1-5-21-1004336348-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9EAC0102-5E61-2312-BC2D-4D54434D5443} -> Spyware.MakeMeSearch : Cleaned with backup
    HKU\S-1-5-21-1004336348-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} -> Spyware.Webhancer : Cleaned with backup
    HKU\S-1-5-21-1004336348-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF021F40-3E14-23A5-CBA2-717765728274} -> Spyware.PurityScan : Cleaned with backup
    HKU\S-1-5-21-1004336348-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
    [1224] C:\Program Files\MSN Messenger\RICHED20.dll -> Spyware.MyWebSearch : Error during cleaning
    C:\!Submit\nail.exe -> Adware.BetterInternet : Cleaned with backup
    C:\!Submit\SvcProc.exe -> Trojan.Stervis.f : Cleaned with backup
    C:\!Submit\zawnxe.exe -> Trojan.Pakes : Cleaned with backup
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\Nail.exe.q_2CFCE00_q -> Adware.BetterInternet : Cleaned with backup
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\wer8274.dll.q_804FC00_q -> Spyware.SBSoft : Cleaned with backup
    C:\Program Files\2search\plugin.dll -> Spyware.2Search : Cleaned with backup
    C:\Program Files\Common Files\onudspqn\mpaqlell\tbrrqeps.exe -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\onudspqn\oufqntdpuq\edraqfnba.exe -> Adware.Gator : Cleaned with backup
    C:\Program Files\Mozilla Firefox\plugins\__delete_on_reboot__NPMyWebS.dll -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MSN Messenger\__delete_on_reboot__RICHED20.dll -> Spyware.MyWebSearch : Cleaned with backup
    C:\WINDOWS\5u74ghe9.exe -> Adware.SAHA : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions : Cleaned with backup
    C:\WINDOWS\nem220.dll_tobedeleted -> TrojanDownloader.Dyfuca : Cleaned with backup
    C:\WINDOWS\system32\2search.exe/getst.exe -> Spyware.2Search : Cleaned with backup
    C:\WINDOWS\system32\4k8k9bj4.exe -> Adware.SAHA : Cleaned with backup
    C:\WINDOWS\system32\djvmd1fl.dll -> Adware.SAHA : Cleaned with backup
    C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
    C:\WINDOWS\system32\kpazlffrvh\dark.exe -> TrojanProxy.Agent.fp : Cleaned with backup
    C:\WINDOWS\system32\kpazlffrvh\g.exe -> TrojanProxy.Ranky.bp : Cleaned with backup
    C:\WINDOWS\system32\msbe.dll_tobedeleted -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\msnnames.exe -> TrojanDownloader.Agent.lq : Cleaned with backup
    C:\WINDOWS\system32\MTC.dll -> TrojanDownloader.Agent.ga : Cleaned with backup
    C:\WINDOWS\system32\spectreysb.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
    C:\WINDOWS\system32\t.exe -> Not-A-Virus.Pornware.Downloader.Tibsystems.a : Cleaned with backup
    C:\WINDOWS\system32\ustart.exe -> Spyware.WinAD : Cleaned with backup
    C:\WINDOWS\system32\webhanc.exe/whAgent.exe -> Spyware.WebHancer : Cleaned with backup


    ::Report End
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run ActiveScan online virus scan here

    When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
    - Save the results from the scan!

    Post a new HiJackThis log along with the results from ActiveScan
     
  13. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Yep, activescan is a great idea! Thanks Flrman1 :)
    David
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/396486

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice