1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help with Infected Computer

Discussion in 'Virus & Other Malware Removal' started by coachdan32, Oct 26, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. coachdan32

    coachdan32 Thread Starter

    Joined:
    Nov 13, 2003
    Messages:
    1,021
    I have a trojan problem that really has me shutdown. I cannot get to the internet or email at all. Anytime I try to go out online, it hijacks the browser and tries to redirect to a different page that ends with "dnserror" in the url and it is trying to download something. At that point I kill the internet connection. I have the following pop-ups coming up:

    1. A dialogue box that says "Security warning: New variant of [email protected]". In the text of the dialogue box it says "You are unprotected from new version of [email protected] trojan. [email protected] is a trojan horse that steals information and gathers email addresses from the compromised computer. Click OK to download antivirus software and pass full system scan to delete/quarantine infected files."
    If you click on the OK, which I was sceptical to do but my son had already done it before I got home, an about:blank window of IE opens and of course nothing ever comes up (I am sure it is downloading more nasties to the pc during this process).

    2. A second popup resembles the MS Windows updates balloon that tells you updates are available. It says "Security Alert: Spyware found". The text in the balloon says "Your computer is infected with last version of PSW.x-Vir trojan. PSW trojans steals your private information such as passwords, IP addresses, credit card information, registration details, documents, etc. Click this balloon to remove PSW.x-Vir spyware."
    Again, my son has clicked on that as well with the same results as above.

    When I run Adaware or my Anti-virus scan (Avast Home Edition), I get errors that say certains sectors of memory cannot be accessed due to virus infection on the PC. Other security software on the machine includes Zone Alarm and Spyware Blaster. I am posting this from work as I am unable to get online on the home machine. I should have gotten a HiJack This log, but no way to send it to my work machine as email is hosed at this time. Can someone please help me erradicate this demon?? Thanks in advance to anyone that will assist.
     
  2. coachdan32

    coachdan32 Thread Starter

    Joined:
    Nov 13, 2003
    Messages:
    1,021
    Is there a reason my problem is not getting attention? Am I missing something I need to have on the post? I don't have a HiJack log, but I am not sure how I could get one with no internet access or email on that machine.
     
  3. coachdan32

    coachdan32 Thread Starter

    Joined:
    Nov 13, 2003
    Messages:
    1,021
    I took the liberty of reading other posts that had the same problem and followed advice from it. Everything seems to be better, but I wanted to finish the advice the other poster had and post the logs from the cleanup to see if I am clean. I also, after some troubleshooting, made the decision to upgrade to IE 7 to help prevent future adware trojans.

    HiJack This log:
    Logfile of HijackThis v1.99.1
    Scan saved at 11:09:47 AM, on 10/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\CFusionMX7\runtime\bin\jrunsvc.exe
    C:\CFusionMX7\runtime\bin\jrun.exe
    C:\CFusionMX7\db\slserver54\bin\swagent.exe
    C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
    C:\CFusionMX7\db\slserver54\bin\swsoc.exe
    C:\windows\system32\drivers\dcfssvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\MSSQL\BINN\SQLSERVR.EXE
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\windows\system32\svchost.exe
    C:\windows\system32\fxssvc.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\windows\zHotkey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\ALCFDRTM.EXE
    C:\windows\SOUNDMAN.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\windows\ALCWZRD.EXE
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\Program Files\Common Files\Citianywhere\CAPing.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\StreamPoint\StreamPoint.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BigFix\bigfix.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\wamp\wampserver.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\HiJack This 1.99.1\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: KTBho Class - {25EDC164-41A6-47C3-80BD-5E4FBE1BA7AB} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Kaboodle Toolbar - {92857633-2441-4A14-8236-DFCB97AD3E87} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [\\Plato\EPSON CX4600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P20 "\\Plato\EPSON CX4600" /O20 "\\PLATO\EPSON CX4600" /M "Stylus CX4600"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [\\Plato\EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P34 "\\Plato\EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [CAPing] C:\Program Files\Common Files\Citianywhere\CAPing.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Logitech.StreamPoint.Host] C:\Program Files\Logitech\StreamPoint\StreamPoint.exe
    O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,[email protected]
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: WampServer.lnk = C:\wamp\wampserver.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
    O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
    O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\windows\system32\drivers\dcfssvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe



    SmitFraudFix log:
    SmitFraudFix v2.242

    Scan done at 21:37:12.79, Fri 10/26/2007
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.
    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\DOCUME~1\Owner\FAVORI~1\Online Security Test.url Deleted
    C:\Program Files\Media-Codec\ Deleted
    C:\Program Files\Video Access ActiveX Object\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{37881957-8488-46E1-96E3-C4241243535D}: DhcpNameServer=74.128.1.33 74.128.1.31
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{37881957-8488-46E1-96E3-C4241243535D}: DhcpNameServer=74.128.1.33 74.128.1.31
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{37881957-8488-46E1-96E3-C4241243535D}: DhcpNameServer=74.128.1.33 74.128.1.31
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=74.128.1.33 74.128.1.31
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=74.128.1.33 74.128.1.31
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=74.128.1.33 74.128.1.31


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End




    SuperAntiSpyware log:
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/26/2007 at 10:51 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 00:42:12

    Memory items scanned : 636
    Memory threats detected : 0
    Registry items scanned : 7404
    Registry threats detected : 0
    File items scanned : 42356
    File threats detected : 28

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt

    Adware.180solutions/ZangoSearch
    C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076022.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076023.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076024.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076025.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076026.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076028.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076030.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076031.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076032.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076033.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076035.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076036.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP891\A0076046.EXE
     
  4. coachdan32

    coachdan32 Thread Starter

    Joined:
    Nov 13, 2003
    Messages:
    1,021
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/643703

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice