Solved: Another Challenge :(

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
This is my other computer, and it's really messed up

Logfile of HijackThis v1.99.1
Scan saved at 1:51:27 PM, on 6/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\wdskctl.exe
C:\documents and settings\garrett blank\local settings\temp\TI.exe
C:\documents and settings\garrett blank\local settings\temp\TI.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\FbbGBqq.exe
C:\windows\system32\AbbBwn.exe
C:\windows\system32\FbbGBqq.exe
C:\documents and settings\leslie blank\local settings\temp\CcZ.exe
C:\documents and settings\leslie blank\local settings\temp\M6KH.exe
C:\documents and settings\leslie blank\local settings\temp\M6KH.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\lprbde40.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\?vchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ipssrv.exe
C:\Program Files\nrpn\osoa.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\WINDOWS\system32\AbbBwn.exe
C:\WINDOWS\system32\Uynb15r.exe
C:\WINDOWS\system32\TcvE9HdT.exe
C:\Program Files\Aprps\CxtPls.exe
C:\Hijakthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {09E62980-CC1A-B8C7-64F2-C42E370E95CC} - C:\WINDOWS\system32\pgevmwrm.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Liza Blank\Local Settings\Temp\s0FF.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [TI] C:\documents and settings\garrett blank\local settings\temp\TI.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Rzpt0w1A.exe
O4 - HKLM\..\Run: [TI.exe] C:\documents and settings\garrett blank\local settings\temp\TI.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [dwtIkZf] C:\documents and settings\garrett blank\local settings\temp\dwtIkZf.exe
O4 - HKLM\..\Run: [dwtIkZf.exe] C:\documents and settings\garrett blank\local settings\temp\dwtIkZf.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FbbGBqq] C:\windows\system32\FbbGBqq.exe
O4 - HKLM\..\Run: [AbbBwn.exe] c:\windows\system32\AbbBwn.exe
O4 - HKLM\..\Run: [FbbGBqq.exe] C:\windows\system32\FbbGBqq.exe
O4 - HKLM\..\Run: [CcZ.exe] C:\documents and settings\leslie blank\local settings\temp\CcZ.exe
O4 - HKLM\..\Run: [M6KH.exe] C:\documents and settings\leslie blank\local settings\temp\M6KH.exe
O4 - HKLM\..\Run: [CcZ] C:\documents and settings\leslie blank\local settings\temp\CcZ.exe
O4 - HKLM\..\Run: [M6KH] C:\documents and settings\leslie blank\local settings\temp\M6KH.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [qF6j39g] lprbde40.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Bqff] C:\WINDOWS\system32\?vchost.exe
O4 - HKCU\..\Run: [boptRVMqS] ipssrv.exe
O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bullseye-network.net/cashback/cab/installer_EMARKETMKR.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://premconf.webex.com/client/v_premconf/webex/ieatgpc.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common files\WinTools\WToolsS.exe (file missing)
 
Joined
Jul 26, 2002
Messages
46,349
* Click here to download the PeperFix.exe tool to get rid of the peper trojan:

Click on the PeperFix.exe to launch it.

Click the Find and Fix button.

It will scan the %systemroot% folder and locate all the peper files. You will be prompted to restart your computer. Restart and it will delete the peper files.


* Go to Add/Remove programs and uninstall Viewpoint Manager.


* Go here and download Ad-Aware SE.

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.



* Go here and download Microsoft Antispyware Beta. First in the top menu click File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick Scan Now" and click Spyware scan options. In that window put a tick by Run a full system scan and then put a check by all three options below that then click Run Scan now.

When the scan is finished, let it fix anything that it finds (have it quarantine the items that have that option rather than delete just in case. It is a beta program and there may be false positives)

Restart your computer.


* * Go here to download CCleaner.
  • Install CCleaner
  • Launch CCleaner and look in the upper right corner and click on the "Options" button.
  • Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
  • Click OK
  • Do not run CCleaner yet. You will run it later in safe mode.


* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.

* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Ewido:
  • Click on scanner
  • Put a check by the following before you scan:
    • Binder
      [*]Crypter
      [*]Archives
  • Click the Start Scan button to start the scan.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop


* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the Ewido scan.
 

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
:::Yawn::::: It's late :) HijackThis Log is below. For some reason The Ewido just finished up and closed without giving me the chance to save the report. Loads alot faster, there is this silly looking web search thing on the top of my desk top


Logfile of HijackThis v1.99.1
Scan saved at 2:37:10 AM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\?vchost.exe
C:\Program Files\nrpn\osoa.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijakthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pop.popuptoast.com/9912/search/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {09E62980-CC1A-B8C7-64F2-C42E370E95CC} - C:\WINDOWS\system32\pgevmwrm.dll
O2 - BHO: (no name) - {09E629F3-CC1B-B4B0-64F6-C52E347F95CC} - C:\WINDOWS\system32\pgevmwrm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [TI] C:\documents and settings\garrett blank\local settings\temp\TI.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Hdk276.exe
O4 - HKLM\..\Run: [TI.exe] C:\documents and settings\garrett blank\local settings\temp\TI.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [dwtIkZf] C:\documents and settings\garrett blank\local settings\temp\dwtIkZf.exe
O4 - HKLM\..\Run: [dwtIkZf.exe] C:\documents and settings\garrett blank\local settings\temp\dwtIkZf.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FbbGBqq] C:\windows\system32\FbbGBqq.exe
O4 - HKLM\..\Run: [AbbBwn.exe] c:\windows\system32\AbbBwn.exe
O4 - HKLM\..\Run: [FbbGBqq.exe] C:\windows\system32\FbbGBqq.exe
O4 - HKLM\..\Run: [CcZ.exe] C:\documents and settings\leslie blank\local settings\temp\CcZ.exe
O4 - HKLM\..\Run: [M6KH.exe] C:\documents and settings\leslie blank\local settings\temp\M6KH.exe
O4 - HKLM\..\Run: [CcZ] C:\documents and settings\leslie blank\local settings\temp\CcZ.exe
O4 - HKLM\..\Run: [M6KH] C:\documents and settings\leslie blank\local settings\temp\M6KH.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Bqff] C:\WINDOWS\system32\?vchost.exe
O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Next? :)
 
Joined
Jul 26, 2002
Messages
46,349
* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Click Start > Run > and type in:

services.msc

Click OK.

In the services window find .NET Framework Service.
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pop.popuptoast.com/9912/search/search.html

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {09E62980-CC1A-B8C7-64F2-C42E370E95CC} - C:\WINDOWS\system32\pgevmwrm.dll

O2 - BHO: (no name) - {09E629F3-CC1B-B4B0-64F6-C52E347F95CC} - C:\WINDOWS\system32\pgevmwrm.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

O4 - HKLM\..\Run: [TI] C:\documents and settings\garrett blank\local settings\temp\TI.exe

O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Hdk276.exe

O4 - HKLM\..\Run: [TI.exe] C:\documents and settings\garrett blank\local settings\temp\TI.exe

O4 - HKLM\..\Run: [dwtIkZf] C:\documents and settings\garrett blank\local settings\temp\dwtIkZf.exe

O4 - HKLM\..\Run: [dwtIkZf.exe] C:\documents and settings\garrett blank\local settings\temp\dwtIkZf.exe

O4 - HKLM\..\Run: [FbbGBqq] C:\windows\system32\FbbGBqq.exe

O4 - HKLM\..\Run: [AbbBwn.exe] c:\windows\system32\AbbBwn.exe

O4 - HKLM\..\Run: [FbbGBqq.exe] C:\windows\system32\FbbGBqq.exe

O4 - HKLM\..\Run: [CcZ.exe] C:\documents and settings\leslie blank\local settings\temp\CcZ.exe

O4 - HKLM\..\Run: [M6KH.exe] C:\documents and settings\leslie blank\local settings\temp\M6KH.exe

O4 - HKLM\..\Run: [CcZ] C:\documents and settings\leslie blank\local settings\temp\CcZ.exe

O4 - HKLM\..\Run: [M6KH] C:\documents and settings\leslie blank\local settings\temp\M6KH.exe

O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe

O4 - HKCU\..\Run: [Bqff] C:\WINDOWS\system32\?vchost.exe

O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe

O15 - Trusted Zone: *.musicmatch.com (HKLM)



Next in Hijack This click on the "Config" button in the lower right corner. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Copy and paste the following line in that box:

.NET Connection Service

Click OK.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\wdskctl.exe

C:\documents and settings\garrett blank\local settings\temp\TI.exe

C:\documents and settings\garrett blank\local settings\temp\dwtIkZf.exe

C:\windows\system32\FbbGBqq.exe

c:\windows\system32\AbbBwn.exe

C:\windows\system32\FbbGBqq.exe

C:\documents and settings\leslie blank\local settings\temp\CcZ.exe

C:\documents and settings\leslie blank\local settings\temp\M6KH.exe

C:\Program Files\Srng\Srng.exe

C:\Program Files\nrpn\osoa.exe

C:\WINDOWS\svchost.exe


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


* Delete these folders:

C:\Program Files\Srng
C:\Program Files\nrpn


* Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Do a file search for *vchost.exe and let me know exactly what is found.


* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
 

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
Logfile of HijackThis v1.99.1
Scan saved at 12:23:30 PM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Hijakthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
Incident Status Location

Adware:Adware/SaveNow No disinfected C:\WINDOWS\system32\datastore.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK
Adware:Adware/MemoryWatcher No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\remove_tools.html
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Leslie Blank\Application Data\Lycos
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\Searchx.htm
Adware:Adware/SearchExe No disinfected Windows Registry
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\system32\kyf.dat
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\addit.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\AI_Euro.exe
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\alchem.cab
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\alchem.cab[alchem.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\alchem.cab[alchem.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\alchem.cab[alchem.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\alchem.ini
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\BZX.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\CeBtzKH.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\clicks.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\cLW4u.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\CSpllbPJ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\CYJS2IJz.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\czzKDdDJ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\D.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\d1IQsgH.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\D4M.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\dB46dR.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\dc.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\DGMnzHET.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\dj.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Dkyq9eU.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\doG.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\dTFFV6.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\dTuVkvHG.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\DUU.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\DUUH.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\dvFYE.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\dyp60HR.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\DzuDOaPNd.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\E3sl7F.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\e5Xx.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\ebXCPH.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Eckw2t.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Ecvg.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\eEbMeo.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\EMD.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\EOv.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\etNpU.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\f5D48aD.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\fh.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\fxMaXd.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\G.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\g0.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\G1iWXE6lv.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\g67rJ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\G8fKIQvr4.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\gB.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\GdAOTw3.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\GGLAK.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\gnVZ3pj.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\goJ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\gPp90SjrN.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\GpX.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\gpyfP.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\GQCL.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\GU.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\gUKdbyRIn.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\gZ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\hfG4VE.dll
 

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\HIo.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\HPxAT67.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\HujVaoA.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\HywF.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\I.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\i2.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\iAH.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\iqOyHv.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Ir9.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\ix9Lq.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\j.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\j65cST3hD.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\J9bknAQa.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\jB5grFBRu.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Jc.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\JdDUDZjUL.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\jiMG76.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\JJE9.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\jLK.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\JMj6Q.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Jq2rcgSWn.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\jQlJGCE9.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\jTZj.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\jUNjV16Uu.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\JW28hWRu.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Jx9SH.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\KDab.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\KETuIB51.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\ko.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\KqVNzRgh.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\KurTiZ6.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\l8gS5VE.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\lW.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\lWSSc.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\m.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\M0ve.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\M5Q.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\mC9wnQ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\mCgbZeG.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\MfI.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\MfzvjJEDV.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\mGFD6Y.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\MhevwSdG.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\MITfKivKN.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\MJHf8W.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\mM0Hh.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\mmp4bzE.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\mqRErY6A.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Ms6tN.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\MTl1.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\NAEkDwvF.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\NaXOdz5.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\NCta0enys.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\NzP4e8Ux.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\oEkc.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\OLNtrcqos.dll
 

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\os.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\OS718Jke.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\osXSJeeo.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\oU6Yygj.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\oWVYW.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\OXaN.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\P.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\P5ToJ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\p6.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\pcJ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\PdWzgfv.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\pi4.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\pM3N17I.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\pnby1x.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\PNiQ1.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\pNS3qvj.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\po36Lj.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\psNe6Is.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\PtSLUbqsM.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\pusfkR0.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\q5lKWI8.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Q6IE8tv.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\QG19.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Qhb.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\QHTH.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\r0w.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\ra.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\RhROW.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\rO.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\rqai3d.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\rY1dfbe.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\S7YXZxFo.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\s94c1EU.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\SA9IQo.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\sgj79q.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\si7.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\sINh6SU6m.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\SJ0T.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\Sjla.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\sjWnW.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\sS.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\SZW5q8q8.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\TCM.dll
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\THI2144.tmp\twaintec.cab
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\THI2144.tmp\twaintec.cab[twaintec.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\THI2144.tmp\twaintec.cab[preInsTT.exe]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\THI44C2.tmp\twaintec.cab
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\THI44C2.tmp\twaintec.cab[twaintec.inf]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\THI44C2.tmp\twaintec.cab[twaintec.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Garrett Blank\Local Settings\Temp\THI44C2.tmp\twaintec.cab[preInsTT.exe]








Next? :)
 
Joined
Jul 26, 2002
Messages
46,349
* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\datastore.dll

C:\Program Files\Common Files\remove_tools.html

C:\WINDOWS\system32\Searchx.htm

C:\WINDOWS\system32\kyf.dat


Exit Killbox.


* Delete these folders:

C:\WINDOWS\system32\FLEOK
C:\Documents and Settings\Leslie Blank\Application Data\Lycos


* Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.


* Start Ccleaner and click Run Cleaner


* Restart back into Windows normally now.


* Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

When the scan is finished, anything that it cannot clean have it delete it. Click "Print Report". The report will open in your browser. Go to File > Save As and save the file to your desktop. Under "Save as type" click the dropdown menu and choose "Text file (*.txt) and save it as a text file.

Post a new HiJackThis log along with the report from the Housecall scan
 

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
Logfile of HijackThis v1.99.1
Scan saved at 5:33:33 PM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijakthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
It would not let me save activescan log as you stated :( and it's to much text
to put in here

Next? :)
 
Joined
Jul 26, 2002
Messages
46,349
Your log is clean. Did the scan find anything it could not fix/delete? If so, were you able to find and fix them?
 

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
I'm doing the scan again, I think there is still something there. I also wondered about a few things.
1. Do I need to do this under all log in names?
2. On 2 of my log on names The Windows/System32 folder opens when I log on
3. I have tried to donate several times and for some reason it will not let me. I will try again. But is there another way to donate such as PayPal

Thanks :)
 

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
OK, This is from the Pandasoft Activescan

Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/SideSearch No disinfected C:\Program Files\Lycos
Adware:Adware/IEDriver No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\!Submit\remove_tools.html
Adware:Adware/IEDriver No disinfected C:\!Submit\Searchx.htm
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Kevin Blank\Local Settings\Temporary Internet Files\Content.IE5\6TMPCBAP\auto_update[1].txt
Adware:Adware/Gator No disinfected C:\Documents and Settings\Kevin Blank\Local Settings\Temporary Internet Files\Content.IE5\S58FAZIF\hdplugin_1019_bundle43v5d33[1].cab
Adware:Adware/Gator No disinfected C:\Documents and Settings\Kevin Blank\Local Settings\Temporary Internet Files\Content.IE5\S58FAZIF\hdplugin_1019_bundle43v5d33[1].cab[HDPlugin1019.dll]
Adware:Adware/Gator No disinfected C:\Documents and Settings\Kevin Blank\Local Settings\Temporary Internet Files\Content.IE5\S58FAZIF\hdplugin_1019_bundle43v5d33[1].cab[HDPlugin1019.inf]
Adware:Adware/Gator No disinfected C:\Documents and Settings\Kevin Blank\Local Settings\Temporary Internet Files\Content.IE5\WLA76B6N\hdplugin_1019_bundle85v2d33[1].cab[HDPlugin1019.dll]
Adware:Adware/Gator No disinfected C:\Documents and Settings\Kevin Blank\Local Settings\Temporary Internet Files\Content.IE5\WLA76B6N\hdplugin_1019_bundle85v2d33[1].cab[HDPlugin1019.inf]
Adware:Adware/PurityScan No disinfected C:\Hijakthis\backups\backup-20050630-110511-455.dll
Adware:Adware/PurityScan No disinfected C:\Hijakthis\backups\backup-20050630-110512-790.dll
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Spyware:Spyware/ShopNav No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5184B3FE-4555-457C-85AF-72E842.asq
Adware:Adware/SideSearch No disinfected C:\WINDOWS\sepsd.bin
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\mscjjn.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\mseggo.gif
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\Shex.exe
Adware:Adware/ValueAd No disinfected C:\WINDOWS\system32\VCHOST~1.EXE and here is the

Logfile of HijackThis v1.99.1
Scan saved at 7:20:55 AM, on 7/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijakthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
 

smith1169

Thread Starter
Joined
May 26, 2005
Messages
651
Here is waht I did next :) no clue if it was the right thing

Shut off system restore

Set folder option to view all folders in Windows Explorer

Rebooted in safe mode

Ran ewido security suite Report below.

I'm now going to do another Pandasoft Scan

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:23:53 AM, 7/1/2005
+ Report-Checksum: FDA7FBF6

+ Date of database: 6/30/2005
+ Version of scan engine: v3.0

+ Duration: 50 min
+ Scanned Files: 70330
+ Speed: 23.06 Files/Second
+ Infected files: 50
+ Removed files: 50
+ Files put in quarantine: 50
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\!Submit\Searchx.htm -> Spyware.TwainTech -> Cleaned with backup
C:\!Submit\wdskctl.exe -> Spyware.ShopNav.e -> Cleaned with backup
C:\Documents and Settings\kblank\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\kblank\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\kblank\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\kblank\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\kblank\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\kblank\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\kblank\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\kblank\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\kblank\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\kblank\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevin Blank\Cookies\kevin [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Leslie Blank\Cookies\leslie [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Leslie Blank\Cookies\leslie [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Leslie Blank\Cookies\leslie [email protected]_5w4m[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Leslie Blank\Cookies\leslie [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Leslie Blank\Cookies\leslie [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Leslie Blank\Cookies\leslie [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Leslie Blank\Cookies\leslie [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Leslie Blank\Cookies\leslie [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Liza Blank\Cookies\liza [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Liza Blank\Cookies\liza [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Liza Blank\Cookies\liza [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5184B3FE-4555-457C-85AF-72E842.asq -> Spyware.ShopNav.d -> Cleaned with backup
C:\WINDOWS\system32\mscjjn.dll -> Spyware.180solutions -> Cleaned with backup
C:\WINDOWS\system32\mseggo.gif -> TrojanSpy.Delf.dx -> Cleaned with backup
C:\WINDOWS\system32\ѕvchost.exe -> Spyware.PurityScan -> Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup


::Report End
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

No members online now.
Top