1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: HijackThis log...please check.

Discussion in 'Virus & Other Malware Removal' started by trekguy, Jul 11, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. trekguy

    trekguy Thread Starter

    Joined:
    Nov 17, 2002
    Messages:
    1,944
    Friend's PC, have run Adaware, Spybot, and AVG scan.... thanks :)

    Logfile of HijackThis v1.99.1
    Scan saved at 4:26:06 PM, on 7/11/06
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Park Region Telephone
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [5PWBQYJ46TF6SR] C:\WINDOWS\SYSTEM\Mxiw1Vb1.exe
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [OM_Monitor] C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} - http://fdl.msn.com/public/chat/msnchat3.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v43/yacscom.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  2. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    You can uninstall Kontiki if its listed in Start>>Settings>>Control Panel>>Add or Remove Programs

    Then checkmark and fix this entry in HijackThis:
    O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL

    And you can delete the C:\Program Files\Kontiki folder
     
  3. trekguy

    trekguy Thread Starter

    Joined:
    Nov 17, 2002
    Messages:
    1,944
    OK, thanks... how does it look now??

    Logfile of HijackThis v1.99.1
    Scan saved at 8:43:04 AM, on 7/12/06
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    c:\windows\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Park Region Telephone
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [5PWBQYJ46TF6SR] C:\WINDOWS\SYSTEM\Mxiw1Vb1.exe
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [OM_Monitor] C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} - http://fdl.msn.com/public/chat/msnchat3.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v43/yacscom.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  4. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Also fix this in HijackThis:
    O4 - HKLM\..\Run: [5PWBQYJ46TF6SR] C:\WINDOWS\SYSTEM\Mxiw1Vb1.exe

    Then delete this file:
    C:\WINDOWS\SYSTEM\Mxiw1Vb1.exe

    And let me know if there's still any problems.
     
  5. trekguy

    trekguy Thread Starter

    Joined:
    Nov 17, 2002
    Messages:
    1,944
    OK, fresh log.

    Everything seems OK. A little slow yet. And... it shuts down fine, but will not restart.... as in Start/Shutdown/Restart. When I try to restart, it will shut down, then the AVG boot scan, then the Win98 screen, then a flicker from something... then hangs on the Win98 screen. If I push the restart button, it will eventually start in safe mode... then I can shut down. Upon powering up again, Windows starts OK. ????

    Sometimes during the restart attempt, the mouse will be lost, and a window will appear stating that "a mouse can now be plugged in.... if a ps2 mouse is to be installed, computer must be shut down first" ... or something like that.

    Any ideas?? :confused:

    (I'm going to try a different mouse... just to see)





    Logfile of HijackThis v1.99.1
    Scan saved at 4:27:14 PM, on 7/17/06
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    c:\windows\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Park Region Telephone
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [OM_Monitor] C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} - http://fdl.msn.com/public/chat/msnchat3.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v43/yacscom.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  6. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Download and run the Peper Uninstaller: http://www.thespykiller.co.uk/html/files/uninst.exe
    Restart your computer and see if its still having the problems you described. If it is, put in your Windows CD and go to Start>>Run>>sfc /scannow and allow it to fix any errors it finds.
     
  7. trekguy

    trekguy Thread Starter

    Joined:
    Nov 17, 2002
    Messages:
    1,944
    Switched out the mouse, and the restart problem went away, for some reason.???

    Ran AVG again, and it found downloader.comet.D How come it's there now?? I had run AVG a couple of times before, and there was nothing. ???

    I deleted the app "easydownloadwizard" (AVG found also)... it was in Mydoc/Mypictures

    What next? How do I know if it's clean??

    Thanks for your help.

    :)
     
  8. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Your HijackThis log looks clean, we can do another virus scan to make sure

    Go to Kaspersky Online Scanner and click Accept
    When the updates are finished downloading, click Next>>Scan Settings
    Under Scan using the following antivirus database:, select extended
    Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
    Click My Computer and wait for the scan to finish
    Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here
     
  9. trekguy

    trekguy Thread Starter

    Joined:
    Nov 17, 2002
    Messages:
    1,944
    :eek:


    KASPERSKY ON-LINE SCANNER REPORTKASPERSKY ON-LINE SCANNER REPORT
    Tuesday, July 18, 2006 10:03:31 PM
    Operating System: Microsoft Windows 98 SE
    Kaspersky On-line Scanner version: 5.0.78.0
    Kaspersky Anti-Virus database last update: 19/07/2006
    Kaspersky Anti-Virus database records: 208308


    Scan Settings
    Scan using the following antivirus databaseextended
    Scan Archivestrue
    Scan Mail Basestrue

    Scan TargetMy Computer
    a:\
    c:\
    d:\
    e:\
    f:\

    Scan Statistics
    Total number of scanned objects32857
    Number of viruses found20
    Number of infected objects68
    Number of suspicious objects0
    Duration of the scan process00:46:51

    Infected Object NameVirus NameLast Action
    c:\My Documents\Data\Data\all_files2.exe/data0004 Infected:
    not-a-virus:AdWare.Win32.GigatechSuperBar skipped

    c:\My Documents\Data\Data\all_files2.exe/data0005 Infected:
    not-a-virus:AdWare.Win32.180Solutions skipped

    c:\My Documents\Data\Data\all_files2.exe/data0007 Infected:
    Trojan-Downloader.Win32.Keenval.m skipped

    c:\My Documents\Data\Data\all_files2.exe/data0009/data0001.cab/Save.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped

    c:\My
    Documents\Data\Data\all_files2.exe/data0009/data0001.cab/SaveUninst.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

    c:\My Documents\Data\Data\all_files2.exe/data0009/data0001.cab Infected:
    not-a-virus:AdWare.Win32.SaveNow.af skipped

    c:\My Documents\Data\Data\all_files2.exe/data0009/data0002.cab/Sync.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\Data\all_files2.exe/data0009/data0002.cab/Uninst.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\Data\all_files2.exe/data0009/data0002.cab Infected:
    not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\Data\all_files2.exe/data0009 Infected:
    not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\Data\all_files2.exe NSIS: infected - 10 skipped

    c:\My Documents\Data\Data\memorywatcher.exe/data0004 Infected:
    Trojan-Downloader.Win32.VB.q skipped

    c:\My Documents\Data\Data\memorywatcher.exe NSIS: infected - 1 skipped

    c:\My Documents\Data\all_files2.exe/data0004 Infected:
    not-a-virus:AdWare.Win32.GigatechSuperBar skipped

    c:\My Documents\Data\all_files2.exe/data0005 Infected:
    not-a-virus:AdWare.Win32.180Solutions skipped

    c:\My Documents\Data\all_files2.exe/data0007 Infected:
    Trojan-Downloader.Win32.Keenval.m skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0001.cab/Save.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0001.cab/SaveUninst.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0001.cab Infected:
    not-a-virus:AdWare.Win32.SaveNow.af skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0002.cab/Sync.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0002.cab/Uninst.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0002.cab Infected:
    not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\all_files2.exe/data0009 Infected:
    not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\all_files2.exe NSIS: infected - 10 skipped

    c:\My Documents\Data\all_files_update.exe/data0002 Infected:
    Trojan-Downloader.Win32.Keenval.m skipped

    c:\My Documents\Data\all_files_update.exe NSIS: infected - 1 skipped

    c:\My Documents\Data\memorywatcher.exe/data0004 Infected:
    Trojan-Downloader.Win32.VB.q skipped

    c:\My Documents\Data\memorywatcher.exe NSIS: infected - 1 skipped

    c:\My Documents\My Deliveries\zdnet\beachls.exe/WISE0013.BIN Infected:
    not-a-virus:AdWare.Win32.GoWebSite skipped

    c:\My Documents\My Deliveries\zdnet\beachls.exe WiseSFX: infected - 1
    skipped

    c:\Program Files\Media\Media\StatBlaster.dll Infected:
    not-a-virus:AdWare.Win32.StatBlaster skipped

    c:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\Program Files\NavExcel\NavHelper\v2.0.4\NHUpdater.exe Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\Program Files\wildmedia\KeenValueInstall_117.exe/data0002 Infected:
    Trojan-Downloader.Win32.Keenval.m skipped

    c:\Program Files\wildmedia\KeenValueInstall_117.exe/data0004 Infected:
    not-a-virus:AdWare.Win32.Keenval.a skipped

    c:\Program Files\wildmedia\KeenValueInstall_117.exe/data0006 Infected:
    not-a-virus:AdWare.Win32.Perfnav.d skipped

    c:\Program Files\wildmedia\KeenValueInstall_117.exe/data0007 Infected:
    Trojan-Downloader.Win32.Keenval.l skipped

    c:\Program Files\wildmedia\KeenValueInstall_117.exe/data0008 Infected:
    not-a-virus:AdWare.Win32.Keenval.a skipped

    c:\Program Files\wildmedia\KeenValueInstall_117.exe NSIS: infected - 5
    skipped

    c:\WINDOWS\NDNuninstall4_34.exe Infected:
    not-a-virus:AdWare.Win32.NewDotNet skipped

    c:\WINDOWS\NDNuninstall4_80.exe Infected:
    not-a-virus:AdWare.Win32.NewDotNet skipped

    c:\WINDOWS\.housecall\Quarantine\superbarinstaller_wildmedia.exe.bac_a01493
    Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped

    c:\WINDOWS\.housecall\Quarantine\StatBlaster.exe.bac_a01493 Infected:
    not-a-virus:AdWare.Win32.StatBlaster skipped

    c:\WINDOWS\.housecall\Quarantine\ez.exe.bac_a01493 Infected:
    not-a-virus:AdWare.Win32.EZula.z skipped

    c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493/data0002
    Infected: not-a-virus:AdWare.Win32.BargainBuddy.o skipped

    c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493/data0003
    Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

    c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493 NSIS:
    infected - 2 skipped

    c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493 CryptFF.b:
    infected - 2 skipped

    c:\WINDOWS\.housecall\Quarantine\msbb.exe.bac_a01493 Infected:
    not-a-virus:AdWare.Win32.180Solutions skipped

    c:\WINDOWS\.housecall\Quarantine\ncmyb.dll.bac_a01493 Infected:
    not-a-virus:AdWare.Win32.180Solutions skipped

    c:\cc20030706.exe/NHInstall.exe Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\cc20030706.exe/v2.0.2.cab/NHUninstaller.exe Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\cc20030706.exe/v2.0.2.cab/NHUpdater.exe Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\cc20030706.exe/v2.0.2.cab/NHelper.dll Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\cc20030706.exe/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel
    skipped

    c:\cc20030706.exe CAB: infected - 5 skipped

    c:\webhnc.exe/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer
    skipped

    c:\webhnc.exe/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.290
    skipped

    c:\webhnc.exe/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer
    skipped

    c:\webhnc.exe/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer
    skipped

    c:\webhnc.exe/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer
    skipped

    c:\webhnc.exe/whInstaller.exe Infected:
    not-a-virus:AdWare.Win32.WebHancer.290 skipped

    c:\webhnc.exe ZIP: infected - 6 skipped

    c:\wmedia_bbi8015.exe/data0002 Infected:
    not-a-virus:AdWare.Win32.BargainBuddy.a skipped

    c:\wmedia_bbi8015.exe/data0003 Infected:
    not-a-virus:AdWare.Win32.BargainBuddy.a skipped

    c:\wmedia_bbi8015.exe NSIS: infected - 2 skipped

    c:\dist.exe/uptodate.exe Infected: Trojan-Downloader.Win32.Braidupdate.c
    skipped

    c:\dist.exe CreateInstall: infected - 1 skipped

    Scan process completed.
     
  10. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Save KillBox to your Desktop

    Run KillBox and select Delete on Reboot
    Copy this list of file locations to your clipboard:

    c:\My Documents\Data\Data\all_files2.exe
    c:\My Documents\Data\Data\memorywatcher.exe
    c:\My Documents\Data\all_files_update.exe
    c:\My Documents\My Deliveries\zdnet\beachls.exe
    c:\Program Files\Media\Media\StatBlaster.dll
    c:\Program Files\Media\
    c:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll
    c:\Program Files\NavExcel\
    c:\Program Files\wildmedia\KeenValueInstall_117.exe
    c:\Program Files\wildmedia\
    c:\WINDOWS\NDNuninstall4_34.exe
    c:\cc20030706.exe
    c:\webhnc.exe
    c:\wmedia_bbi8015.exe
    c:\dist.exe
    Go to File>>Paste from clipboard. Click All Files
    Press the button with a red circle with an X in it, then Yes when prompted to restart your computer
    WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​
     
  11. trekguy

    trekguy Thread Starter

    Joined:
    Nov 17, 2002
    Messages:
    1,944
    OK, done. (y)

    What now?
     
  12. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Your logs look ok now, are you still having any problems?
     
  13. trekguy

    trekguy Thread Starter

    Joined:
    Nov 17, 2002
    Messages:
    1,944
    Seems pretty good now. Does the Kaspersky scanner fix the problems, or just identify them? I ran it again, with the same results.... 20 virus and 68 infected... do I need to do something else??
     
  14. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Try this then do Kaspersky again then

    Run KillBox and select Standard File Kill
    Copy this list of file and folder locations to your clipboard:

    c:\My Documents\Data\Data\all_files2.exe
    c:\My Documents\Data\Data\memorywatcher.exe
    c:\My Documents\Data\all_files_update.exe
    c:\My Documents\My Deliveries\zdnet\beachls.exe
    c:\Program Files\Media\Media\StatBlaster.dll
    c:\Program Files\Media\
    c:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll
    c:\Program Files\NavExcel\
    c:\Program Files\wildmedia\KeenValueInstall_117.exe
    c:\Program Files\wildmedia\
    c:\WINDOWS\NDNuninstall4_34.exe
    c:\cc20030706.exe
    c:\webhnc.exe
    c:\wmedia_bbi8015.exe
    c:\dist.exe
    Go to File>>Paste from clipboard
    For each file, press the button with a red X in it and click Yes>>OK
    When all files/folders have been removed, exit KillBox
     
  15. trekguy

    trekguy Thread Starter

    Joined:
    Nov 17, 2002
    Messages:
    1,944
    I went through each file one at a time, Killbox said " this file does not seem to exist"... so they must be gone??

    Another Kaspersky scan result, still 20 virus... ?? If they are in C:\Killbox or C:\housecall, does that mean they are taken care of, and Kaspersky scanner is just still able to find them??


    KASPERSKY ON-LINE SCANNER REPORTKASPERSKY ON-LINE SCANNER REPORT
    Wednesday, July 19, 2006 8:57:01 PM
    Operating System: Microsoft Windows 98 SE
    Kaspersky On-line Scanner version: 5.0.78.0
    Kaspersky Anti-Virus database last update: 20/07/2006
    Kaspersky Anti-Virus database records: 208507


    Scan Settings
    Scan using the following antivirus databaseextended
    Scan Archivestrue
    Scan Mail Basestrue

    Scan TargetMy Computer
    a:\
    c:\
    d:\
    e:\
    f:\

    Scan Statistics
    Total number of scanned objects32971
    Number of viruses found20
    Number of infected objects68

    Number of suspicious objects0
    Duration of the scan process00:47:06

    Infected Object NameVirus NameLast Action
    c:\My Documents\Data\all_files2.exe/data0004 Infected:
    not-a-virus:AdWare.Win32.GigatechSuperBar skipped

    c:\My Documents\Data\all_files2.exe/data0005 Infected:
    not-a-virus:AdWare.Win32.180Solutions skipped

    c:\My Documents\Data\all_files2.exe/data0007 Infected:
    Trojan-Downloader.Win32.Keenval.m skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0001.cab/Save.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0001.cab/SaveUninst.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0001.cab Infected:
    not-a-virus:AdWare.Win32.SaveNow.af skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0002.cab/Sync.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0002.cab/Uninst.exe
    Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\all_files2.exe/data0009/data0002.cab Infected:
    not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\all_files2.exe/data0009 Infected:
    not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\My Documents\Data\all_files2.exe NSIS: infected - 10 skipped

    c:\My Documents\Data\memorywatcher.exe/data0004 Infected:
    Trojan-Downloader.Win32.VB.q skipped

    c:\My Documents\Data\memorywatcher.exe NSIS: infected - 1 skipped

    c:\WINDOWS\NDNuninstall4_80.exe Infected:
    not-a-virus:AdWare.Win32.NewDotNet skipped

    c:\WINDOWS\.housecall\Quarantine\superbarinstaller_wildmedia.exe.bac_a01493
    Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped

    c:\WINDOWS\.housecall\Quarantine\StatBlaster.exe.bac_a01493 Infected:
    not-a-virus:AdWare.Win32.StatBlaster skipped

    c:\WINDOWS\.housecall\Quarantine\ez.exe.bac_a01493 Infected:
    not-a-virus:AdWare.Win32.EZula.z skipped

    c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493/data0002
    Infected: not-a-virus:AdWare.Win32.BargainBuddy.o skipped

    c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493/data0003
    Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

    c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493 NSIS:
    infected - 2 skipped

    c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493 CryptFF.b:
    infected - 2 skipped

    c:\WINDOWS\.housecall\Quarantine\msbb.exe.bac_a01493 Infected:
    not-a-virus:AdWare.Win32.180Solutions skipped

    c:\WINDOWS\.housecall\Quarantine\ncmyb.dll.bac_a01493 Infected:
    not-a-virus:AdWare.Win32.180Solutions skipped

    c:\!KillBox\dist.exe/uptodate.exe Infected:
    Trojan-Downloader.Win32.Braidupdate.c skipped

    c:\!KillBox\dist.exe CreateInstall: infected - 1 skipped

    c:\!KillBox\wmedia_bbi8015.exe/data0002 Infected:
    not-a-virus:AdWare.Win32.BargainBuddy.a skipped

    c:\!KillBox\wmedia_bbi8015.exe/data0003 Infected:
    not-a-virus:AdWare.Win32.BargainBuddy.a skipped

    c:\!KillBox\wmedia_bbi8015.exe NSIS: infected - 2 skipped

    c:\!KillBox\webhnc.exe/wbhshare.dll Infected:
    not-a-virus:AdWare.Win32.WebHancer skipped

    c:\!KillBox\webhnc.exe/Webhdll.dll Infected:
    not-a-virus:AdWare.Win32.WebHancer.290 skipped

    c:\!KillBox\webhnc.exe/WhAgent.exe Infected:
    not-a-virus:AdWare.Win32.WebHancer skipped

    c:\!KillBox\webhnc.exe/whiehlpr.dll Infected:
    not-a-virus:AdWare.Win32.WebHancer skipped

    c:\!KillBox\webhnc.exe/whieshm.dll Infected:
    not-a-virus:AdWare.Win32.WebHancer skipped

    c:\!KillBox\webhnc.exe/whInstaller.exe Infected:
    not-a-virus:AdWare.Win32.WebHancer.290 skipped

    c:\!KillBox\webhnc.exe ZIP: infected - 6 skipped

    c:\!KillBox\cc20030706.exe/NHInstall.exe Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\!KillBox\cc20030706.exe/v2.0.2.cab/NHUninstaller.exe Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\!KillBox\cc20030706.exe/v2.0.2.cab/NHUpdater.exe Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\!KillBox\cc20030706.exe/v2.0.2.cab/NHelper.dll Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\!KillBox\cc20030706.exe/v2.0.2.cab Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    c:\!KillBox\cc20030706.exe CAB: infected - 5 skipped

    c:\!KillBox\NDNuninstall4_34.exe Infected:
    not-a-virus:AdWare.Win32.NewDotNet skipped

    c:\!KillBox\KeenValueInstall_117.exe/data0002 Infected:
    Trojan-Downloader.Win32.Keenval.m skipped

    c:\!KillBox\KeenValueInstall_117.exe/data0004 Infected:
    not-a-virus:AdWare.Win32.Keenval.a skipped

    c:\!KillBox\KeenValueInstall_117.exe/data0006 Infected:
    not-a-virus:AdWare.Win32.Perfnav.d skipped

    c:\!KillBox\KeenValueInstall_117.exe/data0007 Infected:
    Trojan-Downloader.Win32.Keenval.l skipped

    c:\!KillBox\KeenValueInstall_117.exe/data0008 Infected:
    not-a-virus:AdWare.Win32.Keenval.a skipped

    c:\!KillBox\KeenValueInstall_117.exe NSIS: infected - 5 skipped

    c:\!KillBox\NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel
    skipped

    c:\!KillBox\StatBlaster.dll Infected: not-a-virus:AdWare.Win32.StatBlaster
    skipped

    c:\!KillBox\beachls.exe/WISE0013.BIN Infected:
    not-a-virus:AdWare.Win32.GoWebSite skipped

    c:\!KillBox\beachls.exe WiseSFX: infected - 1 skipped

    c:\!KillBox\all_files_update.exe/data0002 Infected:
    Trojan-Downloader.Win32.Keenval.m skipped

    c:\!KillBox\all_files_update.exe NSIS: infected - 1 skipped

    c:\!KillBox\memorywatcher.exe/data0004 Infected:
    Trojan-Downloader.Win32.VB.q skipped

    c:\!KillBox\memorywatcher.exe NSIS: infected - 1 skipped

    c:\!KillBox\all_files2.exe/data0004 Infected:
    not-a-virus:AdWare.Win32.GigatechSuperBar skipped

    c:\!KillBox\all_files2.exe/data0005 Infected:
    not-a-virus:AdWare.Win32.180Solutions skipped

    c:\!KillBox\all_files2.exe/data0007 Infected:
    Trojan-Downloader.Win32.Keenval.m skipped

    c:\!KillBox\all_files2.exe/data0009/data0001.cab/Save.exe Infected:
    not-a-virus:AdWare.Win32.SaveNow.t skipped

    c:\!KillBox\all_files2.exe/data0009/data0001.cab/SaveUninst.exe Infected:
    not-a-virus:AdWare.Win32.SaveNow.af skipped

    c:\!KillBox\all_files2.exe/data0009/data0001.cab Infected:
    not-a-virus:AdWare.Win32.SaveNow.af skipped

    c:\!KillBox\all_files2.exe/data0009/data0002.cab/Sync.exe Infected:
    not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\!KillBox\all_files2.exe/data0009/data0002.cab/Uninst.exe Infected:
    not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\!KillBox\all_files2.exe/data0009/data0002.cab Infected:
    not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\!KillBox\all_files2.exe/data0009 Infected:
    not-a-virus:AdWare.Win32.SaveNow.v skipped

    c:\!KillBox\all_files2.exe NSIS: infected - 10 skipped

    c:\!KillBox\NavExcel\NavHelper\v2.0.4\NHUpdater.exe Infected:
    not-a-virus:AdWare.Win32.NavExcel skipped

    Scan process completed.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/482377

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice