Solved: HijackThis log...please check.

[trekguy]

Friend's PC, have run Adaware, Spybot, and AVG scan.... thanks

Logfile of HijackThis v1.99.1
Scan saved at 4:26:06 PM, on 7/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Park Region Telephone
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
O4 - HKLM\..\Run: [5PWBQYJ46TF6SR] C:\WINDOWS\SYSTEM\Mxiw1Vb1.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} - http://fdl.msn.com/public/chat/msnchat3.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v43/yacscom.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

[brendandonhu]

You can uninstall Kontiki if its listed in Start>>Settings>>Control Panel>>Add or Remove Programs

Then checkmark and fix this entry in HijackThis:
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL

And you can delete the C:\Program Files\Kontiki folder

 

[trekguy]

OK, thanks... how does it look now??

Logfile of HijackThis v1.99.1
Scan saved at 8:43:04 AM, on 7/12/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Park Region Telephone
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
O4 - HKLM\..\Run: [5PWBQYJ46TF6SR] C:\WINDOWS\SYSTEM\Mxiw1Vb1.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} - http://fdl.msn.com/public/chat/msnchat3.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v43/yacscom.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

[brendandonhu]

Also fix this in HijackThis:
O4 - HKLM\..\Run: [5PWBQYJ46TF6SR] C:\WINDOWS\SYSTEM\Mxiw1Vb1.exe

Then delete this file:
C:\WINDOWS\SYSTEM\Mxiw1Vb1.exe

And let me know if there's still any problems.

 

[trekguy]

OK, fresh log.

Everything seems OK. A little slow yet. And... it shuts down fine, but will not restart.... as in Start/Shutdown/Restart. When I try to restart, it will shut down, then the AVG boot scan, then the Win98 screen, then a flicker from something... then hangs on the Win98 screen. If I push the restart button, it will eventually start in safe mode... then I can shut down. Upon powering up again, Windows starts OK. ????

Sometimes during the restart attempt, the mouse will be lost, and a window will appear stating that "a mouse can now be plugged in.... if a ps2 mouse is to be installed, computer must be shut down first" ... or something like that.

Any ideas??

(I'm going to try a different mouse... just to see)





Logfile of HijackThis v1.99.1
Scan saved at 4:27:14 PM, on 7/17/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Park Region Telephone
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} - http://fdl.msn.com/public/chat/msnchat3.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v43/yacscom.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

[brendandonhu]

Download and run the Peper Uninstaller: http://www.thespykiller.co.uk/html/files/uninst.exe
Restart your computer and see if its still having the problems you described. If it is, put in your Windows CD and go to Start>>Run>>sfc /scannow and allow it to fix any errors it finds.

 

[trekguy]

Switched out the mouse, and the restart problem went away, for some reason.???

Ran AVG again, and it found downloader.comet.D How come it's there now?? I had run AVG a couple of times before, and there was nothing. ???

I deleted the app "easydownloadwizard" (AVG found also)... it was in Mydoc/Mypictures

What next? How do I know if it's clean??

Thanks for your help.

 

[brendandonhu]

Your HijackThis log looks clean, we can do another virus scan to make sure

Go to Kaspersky Online Scanner and click Accept
When the updates are finished downloading, click Next>>Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here

 

[trekguy]

KASPERSKY ON-LINE SCANNER REPORTKASPERSKY ON-LINE SCANNER REPORT
Tuesday, July 18, 2006 10:03:31 PM
Operating System: Microsoft Windows 98 SE
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 19/07/2006
Kaspersky Anti-Virus database records: 208308


Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue

Scan TargetMy Computer
a:\
c:\
d:\
e:\
f:\

Scan Statistics
Total number of scanned objects32857
Number of viruses found20
Number of infected objects68
Number of suspicious objects0
Duration of the scan process00:46:51

Infected Object NameVirus NameLast Action
c:\My Documents\Data\Data\all_files2.exe/data0004 Infected:
not-a-virus:AdWare.Win32.GigatechSuperBar skipped

c:\My Documents\Data\Data\all_files2.exe/data0005 Infected:
not-a-virus:AdWare.Win32.180Solutions skipped

c:\My Documents\Data\Data\all_files2.exe/data0007 Infected:
Trojan-Downloader.Win32.Keenval.m skipped

c:\My Documents\Data\Data\all_files2.exe/data0009/data0001.cab/Save.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped

c:\My
Documents\Data\Data\all_files2.exe/data0009/data0001.cab/SaveUninst.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

c:\My Documents\Data\Data\all_files2.exe/data0009/data0001.cab Infected:
not-a-virus:AdWare.Win32.SaveNow.af skipped

c:\My Documents\Data\Data\all_files2.exe/data0009/data0002.cab/Sync.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\Data\all_files2.exe/data0009/data0002.cab/Uninst.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\Data\all_files2.exe/data0009/data0002.cab Infected:
not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\Data\all_files2.exe/data0009 Infected:
not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\Data\all_files2.exe NSIS: infected - 10 skipped

c:\My Documents\Data\Data\memorywatcher.exe/data0004 Infected:
Trojan-Downloader.Win32.VB.q skipped

c:\My Documents\Data\Data\memorywatcher.exe NSIS: infected - 1 skipped

c:\My Documents\Data\all_files2.exe/data0004 Infected:
not-a-virus:AdWare.Win32.GigatechSuperBar skipped

c:\My Documents\Data\all_files2.exe/data0005 Infected:
not-a-virus:AdWare.Win32.180Solutions skipped

c:\My Documents\Data\all_files2.exe/data0007 Infected:
Trojan-Downloader.Win32.Keenval.m skipped

c:\My Documents\Data\all_files2.exe/data0009/data0001.cab/Save.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped

c:\My Documents\Data\all_files2.exe/data0009/data0001.cab/SaveUninst.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

c:\My Documents\Data\all_files2.exe/data0009/data0001.cab Infected:
not-a-virus:AdWare.Win32.SaveNow.af skipped

c:\My Documents\Data\all_files2.exe/data0009/data0002.cab/Sync.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\all_files2.exe/data0009/data0002.cab/Uninst.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\all_files2.exe/data0009/data0002.cab Infected:
not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\all_files2.exe/data0009 Infected:
not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\all_files2.exe NSIS: infected - 10 skipped

c:\My Documents\Data\all_files_update.exe/data0002 Infected:
Trojan-Downloader.Win32.Keenval.m skipped

c:\My Documents\Data\all_files_update.exe NSIS: infected - 1 skipped

c:\My Documents\Data\memorywatcher.exe/data0004 Infected:
Trojan-Downloader.Win32.VB.q skipped

c:\My Documents\Data\memorywatcher.exe NSIS: infected - 1 skipped

c:\My Documents\My Deliveries\zdnet\beachls.exe/WISE0013.BIN Infected:
not-a-virus:AdWare.Win32.GoWebSite skipped

c:\My Documents\My Deliveries\zdnet\beachls.exe WiseSFX: infected - 1
skipped

c:\Program Files\Media\Media\StatBlaster.dll Infected:
not-a-virus:AdWare.Win32.StatBlaster skipped

c:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\Program Files\NavExcel\NavHelper\v2.0.4\NHUpdater.exe Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\Program Files\wildmedia\KeenValueInstall_117.exe/data0002 Infected:
Trojan-Downloader.Win32.Keenval.m skipped

c:\Program Files\wildmedia\KeenValueInstall_117.exe/data0004 Infected:
not-a-virus:AdWare.Win32.Keenval.a skipped

c:\Program Files\wildmedia\KeenValueInstall_117.exe/data0006 Infected:
not-a-virus:AdWare.Win32.Perfnav.d skipped

c:\Program Files\wildmedia\KeenValueInstall_117.exe/data0007 Infected:
Trojan-Downloader.Win32.Keenval.l skipped

c:\Program Files\wildmedia\KeenValueInstall_117.exe/data0008 Infected:
not-a-virus:AdWare.Win32.Keenval.a skipped

c:\Program Files\wildmedia\KeenValueInstall_117.exe NSIS: infected - 5
skipped

c:\WINDOWS\NDNuninstall4_34.exe Infected:
not-a-virus:AdWare.Win32.NewDotNet skipped

c:\WINDOWS\NDNuninstall4_80.exe Infected:
not-a-virus:AdWare.Win32.NewDotNet skipped

c:\WINDOWS\.housecall\Quarantine\superbarinstaller_wildmedia.exe.bac_a01493
Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped

c:\WINDOWS\.housecall\Quarantine\StatBlaster.exe.bac_a01493 Infected:
not-a-virus:AdWare.Win32.StatBlaster skipped

c:\WINDOWS\.housecall\Quarantine\ez.exe.bac_a01493 Infected:
not-a-virus:AdWare.Win32.EZula.z skipped

c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493/data0002
Infected: not-a-virus:AdWare.Win32.BargainBuddy.o skipped

c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493/data0003
Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493 NSIS:
infected - 2 skipped

c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493 CryptFF.b:
infected - 2 skipped

c:\WINDOWS\.housecall\Quarantine\msbb.exe.bac_a01493 Infected:
not-a-virus:AdWare.Win32.180Solutions skipped

c:\WINDOWS\.housecall\Quarantine\ncmyb.dll.bac_a01493 Infected:
not-a-virus:AdWare.Win32.180Solutions skipped

c:\cc20030706.exe/NHInstall.exe Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\cc20030706.exe/v2.0.2.cab/NHUninstaller.exe Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\cc20030706.exe/v2.0.2.cab/NHUpdater.exe Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\cc20030706.exe/v2.0.2.cab/NHelper.dll Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\cc20030706.exe/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel
skipped

c:\cc20030706.exe CAB: infected - 5 skipped

c:\webhnc.exe/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer
skipped

c:\webhnc.exe/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.290
skipped

c:\webhnc.exe/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer
skipped

c:\webhnc.exe/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer
skipped

c:\webhnc.exe/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer
skipped

c:\webhnc.exe/whInstaller.exe Infected:
not-a-virus:AdWare.Win32.WebHancer.290 skipped

c:\webhnc.exe ZIP: infected - 6 skipped

c:\wmedia_bbi8015.exe/data0002 Infected:
not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\wmedia_bbi8015.exe/data0003 Infected:
not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\wmedia_bbi8015.exe NSIS: infected - 2 skipped

c:\dist.exe/uptodate.exe Infected: Trojan-Downloader.Win32.Braidupdate.c
skipped

c:\dist.exe CreateInstall: infected - 1 skipped

Scan process completed.

 

[brendandonhu]

Save KillBox to your Desktop

Run KillBox and select Delete on Reboot
Copy this list of file locations to your clipboard:

c:\My Documents\Data\Data\all_files2.exe
c:\My Documents\Data\Data\memorywatcher.exe
c:\My Documents\Data\all_files_update.exe
c:\My Documents\My Deliveries\zdnet\beachls.exe
c:\Program Files\Media\Media\StatBlaster.dll
c:\Program Files\Media\
c:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll
c:\Program Files\NavExcel\
c:\Program Files\wildmedia\KeenValueInstall_117.exe
c:\Program Files\wildmedia\
c:\WINDOWS\NDNuninstall4_34.exe
c:\cc20030706.exe
c:\webhnc.exe
c:\wmedia_bbi8015.exe
c:\dist.exe
​

Go to File>>Paste from clipboard. Click All Files
Press the button with a red circle with an X in it, then Yes when prompted to restart your computer

WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​

 

[trekguy]

OK, done.

What now?

 

[brendandonhu]

Your logs look ok now, are you still having any problems?

 

[trekguy]

Seems pretty good now. Does the Kaspersky scanner fix the problems, or just identify them? I ran it again, with the same results.... 20 virus and 68 infected... do I need to do something else??

 

[brendandonhu]

Try this then do Kaspersky again then

Run KillBox and select Standard File Kill
Copy this list of file and folder locations to your clipboard:

c:\My Documents\Data\Data\all_files2.exe
c:\My Documents\Data\Data\memorywatcher.exe
c:\My Documents\Data\all_files_update.exe
c:\My Documents\My Deliveries\zdnet\beachls.exe
c:\Program Files\Media\Media\StatBlaster.dll
c:\Program Files\Media\
c:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll
c:\Program Files\NavExcel\
c:\Program Files\wildmedia\KeenValueInstall_117.exe
c:\Program Files\wildmedia\
c:\WINDOWS\NDNuninstall4_34.exe
c:\cc20030706.exe
c:\webhnc.exe
c:\wmedia_bbi8015.exe
c:\dist.exe
​

Go to File>>Paste from clipboard
For each file, press the button with a red X in it and click Yes>>OK
When all files/folders have been removed, exit KillBox

 

[trekguy]

I went through each file one at a time, Killbox said " this file does not seem to exist"... so they must be gone??

Another Kaspersky scan result, still 20 virus... ?? If they are in C:\Killbox or C:\housecall, does that mean they are taken care of, and Kaspersky scanner is just still able to find them??

KASPERSKY ON-LINE SCANNER REPORTKASPERSKY ON-LINE SCANNER REPORT
Wednesday, July 19, 2006 8:57:01 PM
Operating System: Microsoft Windows 98 SE
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 20/07/2006
Kaspersky Anti-Virus database records: 208507


Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue

Scan TargetMy Computer
a:\
c:\
d:\
e:\
f:\

Scan Statistics
Total number of scanned objects32971
Number of viruses found20
Number of infected objects68
Number of suspicious objects0
Duration of the scan process00:47:06

Infected Object NameVirus NameLast Action
c:\My Documents\Data\all_files2.exe/data0004 Infected:
not-a-virus:AdWare.Win32.GigatechSuperBar skipped

c:\My Documents\Data\all_files2.exe/data0005 Infected:
not-a-virus:AdWare.Win32.180Solutions skipped

c:\My Documents\Data\all_files2.exe/data0007 Infected:
Trojan-Downloader.Win32.Keenval.m skipped

c:\My Documents\Data\all_files2.exe/data0009/data0001.cab/Save.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped

c:\My Documents\Data\all_files2.exe/data0009/data0001.cab/SaveUninst.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

c:\My Documents\Data\all_files2.exe/data0009/data0001.cab Infected:
not-a-virus:AdWare.Win32.SaveNow.af skipped

c:\My Documents\Data\all_files2.exe/data0009/data0002.cab/Sync.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\all_files2.exe/data0009/data0002.cab/Uninst.exe
Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\all_files2.exe/data0009/data0002.cab Infected:
not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\all_files2.exe/data0009 Infected:
not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\My Documents\Data\all_files2.exe NSIS: infected - 10 skipped

c:\My Documents\Data\memorywatcher.exe/data0004 Infected:
Trojan-Downloader.Win32.VB.q skipped

c:\My Documents\Data\memorywatcher.exe NSIS: infected - 1 skipped

c:\WINDOWS\NDNuninstall4_80.exe Infected:
not-a-virus:AdWare.Win32.NewDotNet skipped

c:\WINDOWS\.housecall\Quarantine\superbarinstaller_wildmedia.exe.bac_a01493
Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped

c:\WINDOWS\.housecall\Quarantine\StatBlaster.exe.bac_a01493 Infected:
not-a-virus:AdWare.Win32.StatBlaster skipped

c:\WINDOWS\.housecall\Quarantine\ez.exe.bac_a01493 Infected:
not-a-virus:AdWare.Win32.EZula.z skipped

c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493/data0002
Infected: not-a-virus:AdWare.Win32.BargainBuddy.o skipped

c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493/data0003
Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493 NSIS:
infected - 2 skipped

c:\WINDOWS\.housecall\Quarantine\sjbe_bbi8014.exe.bac_a01493 CryptFF.b:
infected - 2 skipped

c:\WINDOWS\.housecall\Quarantine\msbb.exe.bac_a01493 Infected:
not-a-virus:AdWare.Win32.180Solutions skipped

c:\WINDOWS\.housecall\Quarantine\ncmyb.dll.bac_a01493 Infected:
not-a-virus:AdWare.Win32.180Solutions skipped

c:\!KillBox\dist.exe/uptodate.exe Infected:
Trojan-Downloader.Win32.Braidupdate.c skipped

c:\!KillBox\dist.exe CreateInstall: infected - 1 skipped

c:\!KillBox\wmedia_bbi8015.exe/data0002 Infected:
not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\!KillBox\wmedia_bbi8015.exe/data0003 Infected:
not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\!KillBox\wmedia_bbi8015.exe NSIS: infected - 2 skipped

c:\!KillBox\webhnc.exe/wbhshare.dll Infected:
not-a-virus:AdWare.Win32.WebHancer skipped

c:\!KillBox\webhnc.exe/Webhdll.dll Infected:
not-a-virus:AdWare.Win32.WebHancer.290 skipped

c:\!KillBox\webhnc.exe/WhAgent.exe Infected:
not-a-virus:AdWare.Win32.WebHancer skipped

c:\!KillBox\webhnc.exe/whiehlpr.dll Infected:
not-a-virus:AdWare.Win32.WebHancer skipped

c:\!KillBox\webhnc.exe/whieshm.dll Infected:
not-a-virus:AdWare.Win32.WebHancer skipped

c:\!KillBox\webhnc.exe/whInstaller.exe Infected:
not-a-virus:AdWare.Win32.WebHancer.290 skipped

c:\!KillBox\webhnc.exe ZIP: infected - 6 skipped

c:\!KillBox\cc20030706.exe/NHInstall.exe Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\!KillBox\cc20030706.exe/v2.0.2.cab/NHUninstaller.exe Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\!KillBox\cc20030706.exe/v2.0.2.cab/NHUpdater.exe Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\!KillBox\cc20030706.exe/v2.0.2.cab/NHelper.dll Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\!KillBox\cc20030706.exe/v2.0.2.cab Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

c:\!KillBox\cc20030706.exe CAB: infected - 5 skipped

c:\!KillBox\NDNuninstall4_34.exe Infected:
not-a-virus:AdWare.Win32.NewDotNet skipped

c:\!KillBox\KeenValueInstall_117.exe/data0002 Infected:
Trojan-Downloader.Win32.Keenval.m skipped

c:\!KillBox\KeenValueInstall_117.exe/data0004 Infected:
not-a-virus:AdWare.Win32.Keenval.a skipped

c:\!KillBox\KeenValueInstall_117.exe/data0006 Infected:
not-a-virus:AdWare.Win32.Perfnav.d skipped

c:\!KillBox\KeenValueInstall_117.exe/data0007 Infected:
Trojan-Downloader.Win32.Keenval.l skipped

c:\!KillBox\KeenValueInstall_117.exe/data0008 Infected:
not-a-virus:AdWare.Win32.Keenval.a skipped

c:\!KillBox\KeenValueInstall_117.exe NSIS: infected - 5 skipped

c:\!KillBox\NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel
skipped

c:\!KillBox\StatBlaster.dll Infected: not-a-virus:AdWare.Win32.StatBlaster
skipped

c:\!KillBox\beachls.exe/WISE0013.BIN Infected:
not-a-virus:AdWare.Win32.GoWebSite skipped

c:\!KillBox\beachls.exe WiseSFX: infected - 1 skipped

c:\!KillBox\all_files_update.exe/data0002 Infected:
Trojan-Downloader.Win32.Keenval.m skipped

c:\!KillBox\all_files_update.exe NSIS: infected - 1 skipped

c:\!KillBox\memorywatcher.exe/data0004 Infected:
Trojan-Downloader.Win32.VB.q skipped

c:\!KillBox\memorywatcher.exe NSIS: infected - 1 skipped

c:\!KillBox\all_files2.exe/data0004 Infected:
not-a-virus:AdWare.Win32.GigatechSuperBar skipped

c:\!KillBox\all_files2.exe/data0005 Infected:
not-a-virus:AdWare.Win32.180Solutions skipped

c:\!KillBox\all_files2.exe/data0007 Infected:
Trojan-Downloader.Win32.Keenval.m skipped

c:\!KillBox\all_files2.exe/data0009/data0001.cab/Save.exe Infected:
not-a-virus:AdWare.Win32.SaveNow.t skipped

c:\!KillBox\all_files2.exe/data0009/data0001.cab/SaveUninst.exe Infected:
not-a-virus:AdWare.Win32.SaveNow.af skipped

c:\!KillBox\all_files2.exe/data0009/data0001.cab Infected:
not-a-virus:AdWare.Win32.SaveNow.af skipped

c:\!KillBox\all_files2.exe/data0009/data0002.cab/Sync.exe Infected:
not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\!KillBox\all_files2.exe/data0009/data0002.cab/Uninst.exe Infected:
not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\!KillBox\all_files2.exe/data0009/data0002.cab Infected:
not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\!KillBox\all_files2.exe/data0009 Infected:
not-a-virus:AdWare.Win32.SaveNow.v skipped

c:\!KillBox\all_files2.exe NSIS: infected - 10 skipped

c:\!KillBox\NavExcel\NavHelper\v2.0.4\NHUpdater.exe Infected:
not-a-virus:AdWare.Win32.NavExcel skipped

Scan process completed.