Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Media Pipe

1K views 10 replies 2 participants last post by  D_Trojanator 
#1 ·
Someone downloaded media pipe and now its not leaving me alone and i have a pop up girl saying that i have to pay for it can any1 help me plz
 
#2 ·
Hi my name is David


Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
#3 ·
Logfile of HijackThis v1.99.1
Scan saved at 9:18:17 AM, on 1/8/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MediaPipe\ItBill.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\ItBill\itbill.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eastenders Screenmate] C:\Program Files\Eastenders Screenmates\SM.EXE
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1048.dll,InstantAccess
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0E79192A-C52C-4260-920F-639AC2296203} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1048_EN_XP.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29385a3ca70ef4197c16/netzip/RdxIE601.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
 
#4 ·
Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
_____________________

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

Zango Programs
Zango
ItBill

______________

Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.
_____________________

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked" (if present!):

O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\ItBill\itbill.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1048.dll,InstantAccess
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29385a3c...p/RdxIE601.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

_____________________

Boot into Safe Mode
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
C:\Program Files\ItBill\itbill.exe
C:\Program Files\p2pnetworks\mpp2pl.exe
C:\WINDOWS\system32\p2esocks_1048.dll

_____________________

Manually delete these folders:

C:\Program Files\Zango Programs
C:\Program Files\p2pnetworks
C:\Program Files\ItBill

_____________________

Please Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. (if you cannot delete some items it's fine!)

Then go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.f

Finally go to Control Panel > Internet Options. m
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.
_____________________

Empty the Recycle Bin.
_____________________

Reboot to normal mode and post a new HJT log
David
 
#5 ·
Logfile of HijackThis v1.99.1
Scan saved at 11:56:49 AM, on 1/8/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\srvany.exe
C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eastenders Screenmate] C:\Program Files\Eastenders Screenmates\SM.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0E79192A-C52C-4260-920F-639AC2296203} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1048_EN_XP.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
 
#6 ·
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

DAvid
 
#7 ·
Incident Status Location

Adware:adware/block-checker Not disinfected C:\WINDOWS\SYSTEM32\ccapp.exe
Adware:adware/navipromo Not disinfected C:\WINDOWS\SYSTEM32\msegcompid.dll
Dialer:dialer.b Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\EGAUTH.inf
Potentially unwanted tool:application/mywebsearch Not disinfected C:\PROGRAM FILES\MyWebSearch
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\SOFTWARE\FUN WEB PRODUCTS
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\me\Cookies\me@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\me\Cookies\me@mediaplex[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\me\Cookies\me@atdmt[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\me\Cookies\me@centrport[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\me\Cookies\me@xiti[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\me\Cookies\me@go[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\me\Cookies\me@z1.adserver[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\me\Cookies\me@com[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\me\Cookies\me@spylog[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\me\Cookies\me@server.iad.liveperson[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\me\Cookies\me@seeq[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\me\Cookies\me@overture[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\me\Cookies\me@tickle[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\me\Cookies\me@tradedoubler[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\me\Cookies\me@cs.sexcounter[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\me\Cookies\me@serving-sys[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\me\Cookies\me@112.2o7[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\me\Cookies\me@tribalfusion[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\me\Cookies\me@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\me\Cookies\me@dist.belnk[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\me\Cookies\me@888[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\me\Cookies\me@bluestreak[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\me\Cookies\me@ad.yieldmanager[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\me\Cookies\me@perf.overture[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\me\Cookies\me@data.coremetrics[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\me\Cookies\me@questionmarket[2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\me\Cookies\me@adviva[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\me\Cookies\me@media.fastclick[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\me\Cookies\me@ads.pointroll[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\me\Cookies\me@landing.domainsponsor[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\me\Cookies\me@trafficmp[2].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\me\Cookies\me@bs.serving-sys[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\me\Cookies\me@counter16.sextracker[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\me\Cookies\me@as-us.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\me\Cookies\me@as1.falkag[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\me\Cookies\me@i.screensavers[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\me\Cookies\me@azjmp[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\me\Cookies\me@adopt.hbmediapro[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\me\Cookies\me@maxserving[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\me\Cookies\me@stats1.reliablestats[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\me\Cookies\me@c5.zedo[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\me\Cookies\me@ask[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\me\Cookies\me@zedo[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\me\Cookies\me@www.burstbeacon[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\me\Cookies\me@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\me\Cookies\me@sel.as-eu.falkag[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\me\Cookies\me@adtech[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\me\Cookies\me@counter9.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\me\Cookies\me@counter6.sextracker[1].txt
Spyware:Cookie/217.73.66.16 Not disinfected C:\Documents and Settings\me\Cookies\me@217.73.66[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\me\Cookies\me@casalemedia[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\me\Cookies\me@burstnet[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\me\Cookies\me@advertising[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\me\Cookies\me@hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\me\Cookies\me@fastclick[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\me\Cookies\me@winfixer[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\me\Cookies\me@statcounter[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\me\Cookies\me@xmts[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\me\Cookies\me@clickbank[1].txt
Spyware:Cookie/WegCash Not disinfected C:\Documents and Settings\me\Cookies\me@programs.wegcash[1].txt
Spyware:Cookie/Internetfuel Not disinfected C:\Documents and Settings\me\Cookies\me@internetfuel[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\me\Cookies\me@counter1.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\me\Cookies\me@sextracker[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\me\Cookies\me@2o7[1].txt
 
#8 ·
Please download Atribune's Blockrem from http://www.atribune.org/downloads/blockrem.zip

-Unzip it to its own folder on your desktop.
-Boot your computer to safe mode by rebooting and tapping the F8 button repeatedly until it brings up a boot menu.
-From that menu, select Safe Mode by using the arrow keys to highlight it then pressing enter.
-Once in safe mode open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it.
-Once it is running please follow the onscreen instructions.
-Reboot in normal mode and post a new HijackThis log.

David
 
#11 ·
Ok, glad i could help.

Download killbox from here:

KillBox

Unzip the folder to your desktop.

1. Start Killbox.exe
2. Select the Delete on Reboot option.
3. Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\SYSTEM32\ccapp.exe
C:\WINDOWS\SYSTEM32\msegcompid.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\EGAUTH.inf


4. Go to the File menu of Killbox, and choose Paste from Clipboard.
5. Click the Delete File button that is a red-and-white X. When asked if you want to delete these files say Yes. When asked if you want to reboot now, say No.
6. Exit Killbox.
___________________

Please download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.]
_____________

How's everything running?
David :)
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top