1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Strange Beeps - HELP

Discussion in 'Windows XP' started by Vampira, Jan 13, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Vampira

    Vampira Thread Starter

    Joined:
    Aug 22, 2005
    Messages:
    8
    If i leave my computer alone with nothing running for approx 10 mins, it starts to beep continuously .... when i look at the task manager it says that the CPU is running at 100% although to my knowledge it should be at 0% as nothing is running


    HELP PLEASE !
     
  2. Dan O

    Dan O

    Joined:
    Feb 13, 1999
    Messages:
    8,974
    Click the Processes tab and the CPU label twice, and then post the highest usage items, so we can suggest what it is.
     
  3. piggyspike

    piggyspike

    Joined:
    Jan 13, 2006
    Messages:
    9
    task manager items are system 74 to 85 percent task manager 12 to 14 percent pavfires exe 3 to 7 percent every thing else is just 1 or 00 don`t know why system is doing this could it be a virus. thanks !
     
  4. piggyspike

    piggyspike

    Joined:
    Jan 13, 2006
    Messages:
    9
    :confused:
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there, DO NOT fix anything, post the log here.
     
  6. piggyspike

    piggyspike

    Joined:
    Jan 13, 2006
    Messages:
    9
    Thanks for all your help, here is the log:




    Logfile of HijackThis v1.99.1
    Scan saved at 16:08:44, on 16/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: Shell=Explorer.exe microsoftv3.exe
    O2 - BHO: BHO - {00000015-A527-34E7-25C2-03A4E313B2E9} - c:\WINDOWS\system32\winsrvs.dll
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HJT – mark them, close IE, click fix checked

    F2 - REG:system.ini: Shell=Explorer.exe microsoftv3.exe

    O2 - BHO: BHO - {00000015-A527-34E7-25C2-03A4E313B2E9} - c:\WINDOWS\system32\winsrvs.dll

    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180s...bridge-c24.cab


    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    c:\WINDOWS\system32\winsrvs.dll

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
    ===========================
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  8. Dan O

    Dan O

    Joined:
    Feb 13, 1999
    Messages:
    8,974
    It appears you using multiple user names, please don't.
     
  9. piggyspike

    piggyspike

    Joined:
    Jan 13, 2006
    Messages:
    9
    Logfile of HijackThis v1.99.1
    Scan saved at 4:43:01 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYGB
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    system is still sick . with CPU runing wild
     
  10. piggyspike

    piggyspike

    Joined:
    Jan 13, 2006
    Messages:
    9
    here is session log thank you
    6:34 PM: | Start of Session, Monday, January 16, 2006 |
    6:34 PM: Spy Sweeper started
    6:34 PM: Sweep initiated using definitions version 601
    6:34 PM: Starting Memory Sweep
    6:36 PM: Memory Sweep Complete, Elapsed Time: 00:02:26
    6:36 PM: Starting Registry Sweep
    6:36 PM: Found Adware: blazefind
    6:36 PM: HKLM\software\preview adservice\ (8 subtraces) (ID = 104556)
    6:36 PM: Found Adware: ist software
    6:36 PM: HKU\.default\software\ist\ (4 subtraces) (ID = 129052)
    6:36 PM: Found Adware: screensavers
    6:36 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140550)
    6:36 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140551)
    6:36 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140555)
    6:36 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140556)
    6:36 PM: HKLM\software\microsoft\code store database\distribution units\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (9 subtraces) (ID = 140566)
    6:36 PM: HKLM\software\screensavers.com\ (ID = 140569)
    6:36 PM: Found Adware: smart-browser
    6:36 PM: HKCR\bho.ibho\ (3 subtraces) (ID = 141846)
    6:36 PM: HKLM\software\classes\bho.ibho\ (3 subtraces) (ID = 141853)
    6:37 PM: Found Adware: ist surf accuracy
    6:37 PM: HKLM\software\sacc\ (8 subtraces) (ID = 203068)
    6:37 PM: Found Adware: winad
    6:37 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
    6:37 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
    6:37 PM: Found Adware: primesoft dialer
    6:37 PM: HKLM\software\scom\dialers\ (ID = 941581)
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1006\software\ist\ (1 subtraces) (ID = 129108)
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\ist\ (1 subtraces) (ID = 129108)
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\scom\dialers\ (1 subtraces) (ID = 941566)
    6:37 PM: Found Adware: qsearch
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\program info\ (ID = 1028138)
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\ist\ (1 subtraces) (ID = 129108)
    6:37 PM: Found Adware: 180search assistant/zango
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\salm\ (3 subtraces) (ID = 135792)
    6:37 PM: Found Adware: screenscenes
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\screenscenes\ (ID = 723706)
    6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\ist\ (1 subtraces) (ID = 129108)
    6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\salm\ (14 subtraces) (ID = 135792)
    6:37 PM: Found Adware: gain - common components
    6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\gator.com\ (56 subtraces) (ID = 528932)
    6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\screenscenes\ (15 subtraces) (ID = 723706)
    6:37 PM: Found Adware: dashbar
    6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\microsoft\internet explorer\main\ || search bar (ID = 1027877)
    6:37 PM: HKU\S-1-5-18\software\ist\ (4 subtraces) (ID = 129108)
    6:37 PM: HKU\S-1-5-18\software\salm\ (11 subtraces) (ID = 135792)
    6:37 PM: Registry Sweep Complete, Elapsed Time:00:01:16
    6:37 PM: Starting Cookie Sweep
    6:37 PM: Found Spy Cookie: 2o7.net cookie
    6:37 PM: [email protected][1].txt (ID = 1957)
    6:37 PM: Found Spy Cookie: yieldmanager cookie
    6:37 PM: [email protected][1].txt (ID = 3751)
    6:37 PM: Found Spy Cookie: advertising cookie
    6:37 PM: [email protected][2].txt (ID = 2175)
    6:37 PM: Found Spy Cookie: falkag cookie
    6:37 PM: [email protected][1].txt (ID = 2650)
    6:37 PM: Found Spy Cookie: atlas dmt cookie
    6:37 PM: [email protected][2].txt (ID = 2253)
    6:37 PM: Found Spy Cookie: atwola cookie
    6:37 PM: [email protected][1].txt (ID = 2255)
    6:37 PM: Found Spy Cookie: a cookie
    6:37 PM: [email protected][1].txt (ID = 2027)
    6:37 PM: Found Spy Cookie: belnk cookie
    6:37 PM: [email protected][1].txt (ID = 2292)
    6:37 PM: Found Spy Cookie: bluestreak cookie
    6:37 PM: [email protected][2].txt (ID = 2314)
    6:37 PM: Found Spy Cookie: burstnet cookie
    6:37 PM: [email protected][2].txt (ID = 2336)
    6:37 PM: Found Spy Cookie: casalemedia cookie
    6:37 PM: [email protected][1].txt (ID = 2354)
    6:37 PM: [email protected][2].txt (ID = 2293)
    6:37 PM: Found Spy Cookie: fastclick cookie
    6:37 PM: [email protected][2].txt (ID = 2651)
    6:37 PM: Found Spy Cookie: touchclarity cookie
    6:37 PM: [email protected][1].txt (ID = 3566)
    6:37 PM: Found Spy Cookie: overture cookie
    6:37 PM: [email protected][1].txt (ID = 3106)
    6:37 PM: Found Spy Cookie: questionmarket cookie
    6:37 PM: [email protected][1].txt (ID = 3217)
    6:37 PM: Found Spy Cookie: serving-sys cookie
    6:37 PM: [email protected][1].txt (ID = 3343)
    6:37 PM: Found Spy Cookie: statcounter cookie
    6:37 PM: [email protected][2].txt (ID = 3447)
    6:37 PM: Found Spy Cookie: tribalfusion cookie
    6:37 PM: [email protected][1].txt (ID = 3589)
    6:37 PM: Found Spy Cookie: gator cookie
    6:37 PM: [email protected][1].txt (ID = 2723)
    6:37 PM: Found Spy Cookie: burstbeacon cookie
    6:37 PM: [email protected][1].txt (ID = 2335)
    6:37 PM: Found Spy Cookie: adserver cookie
    6:37 PM: [email protected][1].txt (ID = 2142)
    6:37 PM: Found Spy Cookie: 247realmedia cookie
    6:37 PM: [email protected][2].txt (ID = 1953)
    6:37 PM: [email protected][1].txt (ID = 2175)
    6:37 PM: [email protected][2].txt (ID = 2253)
    6:37 PM: [email protected][1].txt (ID = 2027)
    6:37 PM: [email protected][1].txt (ID = 2292)
    6:37 PM: [email protected][1].txt (ID = 2314)
    6:37 PM: [email protected][2].txt (ID = 2354)
    6:37 PM: Found Spy Cookie: ccbill cookie
    6:37 PM: [email protected][1].txt (ID = 2369)
    6:37 PM: Found Spy Cookie: cnt cookie
    6:37 PM: [email protected][1].txt (ID = 2422)
    6:37 PM: Found Spy Cookie: sextracker cookie
    6:37 PM: [email protected][1].txt (ID = 3362)
    6:37 PM: [email protected][1].txt (ID = 3362)
    6:37 PM: [email protected][1].txt (ID = 3362)
    6:37 PM: [email protected][2].txt (ID = 3362)
    6:37 PM: [email protected][1].txt (ID = 2651)
    6:37 PM: Found Spy Cookie: humanclick cookie
    6:37 PM: [email protected][2].txt (ID = 2810)
    6:37 PM: Found Spy Cookie: moviemonster cookie
    6:37 PM: [email protected][2].txt (ID = 3010)
    6:37 PM: Found Spy Cookie: outster cookie
    6:37 PM: [email protected][2].txt (ID = 3103)
    6:37 PM: Found Spy Cookie: paycounter cookie
    6:37 PM: [email protected][1].txt (ID = 3115)
    6:37 PM: Found Spy Cookie: pridebucks cookie
    6:37 PM: [email protected][1].txt (ID = 3187)
    6:37 PM: Found Spy Cookie: realmedia cookie
    6:37 PM: [email protected][2].txt (ID = 3235)
    6:37 PM: Found Spy Cookie: server.iad.liveperson cookie
    6:37 PM: [email protected][1].txt (ID = 3341)
    6:37 PM: [email protected][1].txt (ID = 3343)
    6:37 PM: Found Spy Cookie: sexlist cookie
    6:37 PM: [email protected][2].txt (ID = 3353)
    6:37 PM: [email protected][1].txt (ID = 3361)
    6:37 PM: [email protected][2].txt (ID = 3447)
    6:37 PM: Found Spy Cookie: reliablestats cookie
    6:37 PM: [email protected][2].txt (ID = 3254)
    6:37 PM: Found Spy Cookie: tradedoubler cookie
    6:37 PM: [email protected][1].txt (ID = 3575)
    6:37 PM: [email protected][1].txt (ID = 3589)
    6:37 PM: Found Spy Cookie: tripod cookie
    6:37 PM: [email protected][1].txt (ID = 3591)
    6:37 PM: Found Spy Cookie: realtracker cookie
    6:37 PM: [email protected][2].txt (ID = 3242)
    6:37 PM: Found Spy Cookie: xiti cookie
    6:37 PM: [email protected][1].txt (ID = 3717)
    6:37 PM: Found Spy Cookie: xren_cj cookie
    6:37 PM: [email protected]_cj[1].txt (ID = 3723)
    6:37 PM: [email protected]_cj[2].txt (ID = 3723)
    6:37 PM: Found Spy Cookie: xxxcounter cookie
    6:37 PM: [email protected][1].txt (ID = 3733)
    6:37 PM: Found Spy Cookie: yadro cookie
    6:37 PM: [email protected][1].txt (ID = 3743)
    6:37 PM: [email protected][2].txt (ID = 1958)
    6:37 PM: [email protected][1].txt (ID = 1957)
    6:37 PM: [email protected][2].txt (ID = 3751)
    6:37 PM: Found Spy Cookie: pointroll cookie
    6:37 PM: [email protected][2].txt (ID = 3148)
    6:37 PM: Found Spy Cookie: adtech cookie
    6:37 PM: [email protected][2].txt (ID = 2155)
    6:37 PM: [email protected][1].txt (ID = 2175)
    6:37 PM: Found Spy Cookie: adviva cookie
    6:37 PM: [email protected][2].txt (ID = 2177)
    6:37 PM: Found Spy Cookie: apmebf cookie
    6:37 PM: [email protected][1].txt (ID = 2229)
    6:37 PM: [email protected][1].txt (ID = 2650)
    6:37 PM: [email protected][1].txt (ID = 2253)
    6:37 PM: [email protected][1].txt (ID = 2255)
    6:37 PM: [email protected][1].txt (ID = 2027)
    6:37 PM: [email protected][1].txt (ID = 2292)
    6:37 PM: [email protected][2].txt (ID = 2336)
    6:37 PM: [email protected][1].txt (ID = 2354)
    6:38 PM: Found Spy Cookie: cd freaks cookie
    6:38 PM: [email protected][2].txt (ID = 2370)
    6:38 PM: [email protected][1].txt (ID = 2371)
    6:38 PM: Found Spy Cookie: 360i cookie
    6:38 PM: [email protected][2].txt (ID = 1962)
    6:38 PM: [email protected][2].txt (ID = 2293)
    6:38 PM: [email protected][1].txt (ID = 2651)
    6:38 PM: Found Spy Cookie: gamespy cookie
    6:38 PM: [email protected][1].txt (ID = 2719)
    6:38 PM: Found Spy Cookie: starware.com cookie
    6:38 PM: [email protected][1].txt (ID = 3442)
    6:38 PM: [email protected][1].txt (ID = 1958)
    6:38 PM: [email protected][2].txt (ID = 3217)
    6:38 PM: [email protected][2].txt (ID = 3235)
    6:38 PM: Found Spy Cookie: onestat.com cookie
    6:38 PM: [email protected][2].txt (ID = 3098)
    6:38 PM: [email protected][2].txt (ID = 3447)
    6:38 PM: [email protected][2].txt (ID = 3254)
    6:38 PM: Found Spy Cookie: webtrendslive cookie
    6:38 PM: [email protected][1].txt (ID = 3667)
    6:38 PM: Found Spy Cookie: toplist cookie
    6:38 PM: [email protected][1].txt (ID = 3557)
    6:38 PM: [email protected][1].txt (ID = 3575)
    6:38 PM: [email protected][1].txt (ID = 2335)
    6:38 PM: [email protected][1].txt (ID = 3442)
    6:38 PM: Found Spy Cookie: ask cookie
    6:38 PM: [email protected][1].txt (ID = 2245)
    6:38 PM: [email protected][1].txt (ID = 2253)
    6:38 PM: Found Spy Cookie: trakkerd.net cookie
    6:38 PM: [email protected][1].txt (ID = 3586)
    6:38 PM: [email protected][2].txt (ID = 3361)
    6:38 PM: [email protected][2].txt (ID = 3447)
    6:38 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
    6:38 PM: Starting File Sweep
    6:38 PM: c:\program files\preview adservice (1 subtraces) (ID = -2147477102)
    6:38 PM: c:\program files\surfaccuracy (3 subtraces) (ID = -2147478266)
    6:38 PM: c:\program files\media gateway (2 subtraces) (ID = -2147477127)
    6:38 PM: Found Adware: ist istbar
    6:38 PM: a0032475.exe (ID = 107294)
    6:38 PM: backup-20060116-170307-446.dll (ID = 199611)
    6:38 PM: Found Adware: shopathomeselect
    6:38 PM: bundle_cdt1006.exe (ID = 107429)
    6:38 PM: iaqljqk7.dll (ID = 75582)
    6:39 PM: a0037869.exe (ID = 64496)
    6:39 PM: a0037870.exe (ID = 185599)
    6:40 PM: a0055047.exe (ID = 193923)
    6:41 PM: gatorgaininstaller.log (ID = 61390)
    6:41 PM: a0030842.exe (ID = 64496)
    6:41 PM: a0030843.exe (ID = 107294)
    6:41 PM: info.txt (ID = 90430)
    6:42 PM: fca0ivf.exe (ID = 107290)
    6:44 PM: istrecover[1].exe (ID = 64496)
    6:44 PM: istsvc[1].exe (ID = 107294)
    6:44 PM: istdownload[1].exe (ID = 107290)
    6:44 PM: update.exe (ID = 75690)
    6:45 PM: bundle~1.exe (ID = 107429)
    6:46 PM: m8u9hgvs.dll (ID = 75582)
    6:49 PM: saccu.exe (ID = 180136)
    6:58 PM: mediagateway.exe (ID = 107546)
    6:58 PM: Sweep Canceled
    6:58 PM: File Sweep Complete, Elapsed Time: 00:20:55
    6:58 PM: Traces Found: 305
    6:59 PM: Removal process initiated
    6:59 PM: Quarantining All Traces: 180search assistant/zango
    6:59 PM: Quarantining All Traces: ist istbar
    6:59 PM: Quarantining All Traces: qsearch
    6:59 PM: Quarantining All Traces: blazefind
    6:59 PM: Quarantining All Traces: primesoft dialer
    6:59 PM: Quarantining All Traces: winad
    6:59 PM: Quarantining All Traces: ist software
    6:59 PM: Quarantining All Traces: ist surf accuracy
    6:59 PM: Quarantining All Traces: screensavers
    6:59 PM: Quarantining All Traces: shopathomeselect
    6:59 PM: Quarantining All Traces: smart-browser
    6:59 PM: Quarantining All Traces: 247realmedia cookie
    6:59 PM: Quarantining All Traces: 2o7.net cookie
    6:59 PM: Quarantining All Traces: 360i cookie
    6:59 PM: Quarantining All Traces: a cookie
    6:59 PM: Quarantining All Traces: adserver cookie
    6:59 PM: Quarantining All Traces: adtech cookie
    6:59 PM: Quarantining All Traces: advertising cookie
    6:59 PM: Quarantining All Traces: adviva cookie
    6:59 PM: Quarantining All Traces: apmebf cookie
    6:59 PM: Quarantining All Traces: ask cookie
    6:59 PM: Quarantining All Traces: atlas dmt cookie
    6:59 PM: Quarantining All Traces: atwola cookie
    6:59 PM: Quarantining All Traces: belnk cookie
    6:59 PM: Quarantining All Traces: bluestreak cookie
    6:59 PM: Quarantining All Traces: burstbeacon cookie
    6:59 PM: Quarantining All Traces: burstnet cookie
    6:59 PM: Quarantining All Traces: casalemedia cookie
    6:59 PM: Quarantining All Traces: ccbill cookie
    6:59 PM: Quarantining All Traces: cd freaks cookie
    6:59 PM: Quarantining All Traces: cnt cookie
    6:59 PM: Quarantining All Traces: dashbar
    6:59 PM: Quarantining All Traces: falkag cookie
    6:59 PM: Quarantining All Traces: fastclick cookie
    6:59 PM: Quarantining All Traces: gain - common components
    6:59 PM: Quarantining All Traces: gamespy cookie
    6:59 PM: Quarantining All Traces: gator cookie
    6:59 PM: Quarantining All Traces: humanclick cookie
    6:59 PM: Quarantining All Traces: moviemonster cookie
    6:59 PM: Quarantining All Traces: onestat.com cookie
    6:59 PM: Quarantining All Traces: outster cookie
    6:59 PM: Quarantining All Traces: overture cookie
    6:59 PM: Quarantining All Traces: paycounter cookie
    6:59 PM: Quarantining All Traces: pointroll cookie
    6:59 PM: Quarantining All Traces: pridebucks cookie
    6:59 PM: Quarantining All Traces: questionmarket cookie
    6:59 PM: Quarantining All Traces: realmedia cookie
    6:59 PM: Quarantining All Traces: realtracker cookie
    6:59 PM: Quarantining All Traces: reliablestats cookie
    6:59 PM: Quarantining All Traces: screenscenes
    6:59 PM: Quarantining All Traces: server.iad.liveperson cookie
    6:59 PM: Quarantining All Traces: serving-sys cookie
    6:59 PM: Quarantining All Traces: sexlist cookie
    6:59 PM: Quarantining All Traces: sextracker cookie
    6:59 PM: Quarantining All Traces: starware.com cookie
    6:59 PM: Quarantining All Traces: statcounter cookie
    6:59 PM: Quarantining All Traces: toplist cookie
    6:59 PM: Quarantining All Traces: touchclarity cookie
    6:59 PM: Quarantining All Traces: tradedoubler cookie
    6:59 PM: Quarantining All Traces: trakkerd.net cookie
    6:59 PM: Quarantining All Traces: tribalfusion cookie
    6:59 PM: Quarantining All Traces: tripod cookie
    6:59 PM: Quarantining All Traces: webtrendslive cookie
    6:59 PM: Quarantining All Traces: xiti cookie
    6:59 PM: Quarantining All Traces: xren_cj cookie
    6:59 PM: Quarantining All Traces: xxxcounter cookie
    6:59 PM: Quarantining All Traces: yadro cookie
    6:59 PM: Quarantining All Traces: yieldmanager cookie
    7:00 PM: Removal process completed. Elapsed time 00:00:39
    7:05 PM: Deletion from quarantine initiated
    7:05 PM: Processing: 180search assistant/zango
    7:05 PM: Processing: 247realmedia cookie
    7:05 PM: Processing: 2o7.net cookie
    7:05 PM: Processing: 360i cookie
    7:05 PM: Processing: a cookie
    7:05 PM: Processing: adserver cookie
    7:05 PM: Processing: adtech cookie
    7:05 PM: Processing: advertising cookie
    7:05 PM: Processing: adviva cookie
    7:05 PM: Processing: apmebf cookie
    7:05 PM: Processing: ask cookie
    7:05 PM: Processing: atlas dmt cookie
    7:05 PM: Processing: atwola cookie
    7:05 PM: Processing: belnk cookie
    7:05 PM: Processing: blazefind
    7:05 PM: Processing: bluestreak cookie
    7:05 PM: Processing: burstbeacon cookie
    7:05 PM: Processing: burstnet cookie
    7:05 PM: Processing: casalemedia cookie
    7:05 PM: Processing: ccbill cookie
    7:05 PM: Processing: cd freaks cookie
    7:05 PM: Processing: cnt cookie
    7:05 PM: Processing: dashbar
    7:05 PM: Processing: falkag cookie
    7:05 PM: Processing: fastclick cookie
    7:05 PM: Processing: gain - common components
    7:05 PM: Processing: gamespy cookie
    7:05 PM: Processing: gator cookie
    7:05 PM: Processing: humanclick cookie
    7:05 PM: Processing: ist istbar
    7:05 PM: Processing: ist software
    7:05 PM: Processing: ist surf accuracy
    7:05 PM: Processing: moviemonster cookie
    7:05 PM: Processing: onestat.com cookie
    7:05 PM: Processing: outster cookie
    7:05 PM: Processing: overture cookie
    7:05 PM: Processing: paycounter cookie
    7:05 PM: Processing: pointroll cookie
    7:05 PM: Processing: pridebucks cookie
    7:05 PM: Processing: primesoft dialer
    7:05 PM: Processing: qsearch
    7:05 PM: Processing: questionmarket cookie
    7:05 PM: Processing: realmedia cookie
    7:05 PM: Processing: realtracker cookie
    7:05 PM: Processing: reliablestats cookie
    7:05 PM: Processing: screensavers
    7:05 PM: Processing: screenscenes
    7:05 PM: Processing: server.iad.liveperson cookie
    7:05 PM: Processing: serving-sys cookie
    7:05 PM: Processing: sexlist cookie
    7:05 PM: Processing: sextracker cookie
    7:05 PM: Processing: shopathomeselect
    7:05 PM: Processing: smart-browser
    7:05 PM: Processing: starware.com cookie
    7:05 PM: Processing: statcounter cookie
    7:05 PM: Processing: toplist cookie
    7:05 PM: Processing: touchclarity cookie
    7:05 PM: Processing: tradedoubler cookie
    7:05 PM: Processing: trakkerd.net cookie
    7:05 PM: Processing: tribalfusion cookie
    7:05 PM: Processing: tripod cookie
    7:05 PM: Processing: webtrendslive cookie
    7:05 PM: Processing: winad
    7:05 PM: Processing: xiti cookie
    7:05 PM: Processing: xren_cj cookie
    7:05 PM: Processing: xxxcounter cookie
    7:05 PM: Processing: yadro cookie
    7:05 PM: Processing: yieldmanager cookie
    7:05 PM: Deletion from quarantine completed. Elapsed time 00:00:39
    ********
    6:28 PM: | Start of Session, Monday, January 16, 2006 |
    6:28 PM: Spy Sweeper started
    6:29 PM: Your spyware definitions have been updated.
    6:34 PM: | End of Session, Monday, January 16, 2006 |
    system is still the same and showing the same items on task manager thanks and just to clear things up VAMPIRA is agirl at work who helped me by posting my problem and then i joined that same night sorry for the confusion thanks for your help
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    pavfires is part of your Panda Firewall

    =================
    Fix this with HiJack
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

    ======
    http://www.kaspersky.com/virusscanner - Online scan

    When the scan is finished Save the results from the scan!

    Post a new HiJackThis log along with the results from Kaspersky scan
     
  12. piggyspike

    piggyspike

    Joined:
    Jan 13, 2006
    Messages:
    9
    here is th-------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Thursday, January 19, 2006 18:07:04
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 18/01/2006
    Kaspersky Anti-Virus database records: 161284
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - Critical Areas:
    C:\WINDOWS
    C:\DOCUME~1\dave\LOCALS~1\Temp\

    Scan Statistics:
    Total number of scanned objects: 15503
    Number of viruses found: 5
    Number of infected objects: 5
    Number of suspicious objects: 0
    Duration of the scan process: 2428 sec

    Infected Object Name - Virus Name
    C:\WINDOWS\Downloaded Program Files\on.exe Infected: Trojan-Downloader.Win32.Small.bqv
    C:\WINDOWS\loadnew.exe Infected: Trojan-Downloader.Win32.Small.bct
    C:\WINDOWS\system32\.pif Infected: Trojan-Downloader.BAT.Ftp.z
    C:\WINDOWS\Temp\istinstall_158604.exe Infected: Trojan-Downloader.Win32.IstBar.is
    C:\DOCUME~1\dave\LOCALS~1\Temp\istsv_.exe Infected: Trojan-Downloader.Win32.IstBar.mx

    Scan process completed.
    e log
     
  13. piggyspike

    piggyspike

    Joined:
    Jan 13, 2006
    Messages:
    9
    Logfile of HijackThis v1.99.1
    Scan saved at 6:11:20 PM, on 1/19/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYGB
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
     
  14. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HJT – mark them, close IE, click fix checked

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYGB

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\Downloaded Program Files\on.exe
    C:\WINDOWS\loadnew.exe
    C:\WINDOWS\system32\.pif
    C:\WINDOWS\Temp\istinstall_158604.exe
    C:\DOCUMENTS AND SETTINGS\dave\LOCALS SETTINGS\Temp\istsv_.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  15. piggyspike

    piggyspike

    Joined:
    Jan 13, 2006
    Messages:
    9
    hello there.computer is still buzzing i did everything you surgested when i removed all the programs with killbox it did say program apears not to exist. so i tried to remove it any way ran ********
    2:30 PM: | Start of Session, Saturday, January 21, 2006 |
    2:30 PM: Spy Sweeper started
    2:30 PM: Sweep initiated using definitions version 602
    2:31 PM: Starting Memory Sweep
    2:33 PM: Memory Sweep Complete, Elapsed Time: 00:02:50
    2:33 PM: Starting Registry Sweep
    2:37 PM: Registry Sweep Complete, Elapsed Time:00:03:27
    2:37 PM: Starting Cookie Sweep
    2:37 PM: Found Spy Cookie: yieldmanager cookie
    2:37 PM: [email protected][1].txt (ID = 3751)
    2:37 PM: Found Spy Cookie: hbmediapro cookie
    2:37 PM: [email protected][2].txt (ID = 2768)
    2:37 PM: Found Spy Cookie: advertising cookie
    2:37 PM: [email protected][1].txt (ID = 2175)
    2:37 PM: Found Spy Cookie: falkag cookie
    2:37 PM: [email protected][1].txt (ID = 2650)
    2:37 PM: [email protected][1].txt (ID = 2650)
    2:37 PM: Found Spy Cookie: ask cookie
    2:37 PM: [email protected][1].txt (ID = 2245)
    2:37 PM: Found Spy Cookie: atlas dmt cookie
    2:37 PM: [email protected][2].txt (ID = 2253)
    2:37 PM: Found Spy Cookie: belnk cookie
    2:37 PM: [email protected][1].txt (ID = 2292)
    2:37 PM: Found Spy Cookie: ccbill cookie
    2:37 PM: [email protected][1].txt (ID = 2369)
    2:37 PM: [email protected][2].txt (ID = 2293)
    2:37 PM: Found Spy Cookie: fastclick cookie
    2:37 PM: [email protected][1].txt (ID = 2651)
    2:37 PM: Found Spy Cookie: paycounter cookie
    2:37 PM: [email protected][1].txt (ID = 3115)
    2:37 PM: [email protected][1].txt (ID = 2650)
    2:37 PM: Found Spy Cookie: statcounter cookie
    2:37 PM: [email protected][1].txt (ID = 3447)
    2:37 PM: Found Spy Cookie: tradedoubler cookie
    2:37 PM: [email protected][1].txt (ID = 3575)
    2:37 PM: Found Spy Cookie: tribalfusion cookie
    2:37 PM: [email protected][1].txt (ID = 3589)
    2:37 PM: Found Spy Cookie: clickzs cookie
    2:37 PM: [email protected][2].txt (ID = 2413)
    2:37 PM: Found Spy Cookie: xren_cj cookie
    2:37 PM: [email protected]_cj[1].txt (ID = 3723)
    2:37 PM: Found Spy Cookie: 247realmedia cookie
    2:37 PM: [email protected][1].txt (ID = 1953)
    2:37 PM: Found Spy Cookie: 2o7.net cookie
    2:37 PM: [email protected][2].txt (ID = 1957)
    2:37 PM: Found Spy Cookie: about cookie
    2:37 PM: [email protected][2].txt (ID = 2037)
    2:37 PM: [email protected][1].txt (ID = 3751)
    2:37 PM: [email protected][2].txt (ID = 2768)
    2:37 PM: Found Spy Cookie: adtech cookie
    2:37 PM: [email protected][2].txt (ID = 2155)
    2:37 PM: [email protected][1].txt (ID = 2175)
    2:37 PM: Found Spy Cookie: adviva cookie
    2:37 PM: [email protected][2].txt (ID = 2177)
    2:37 PM: [email protected][2].txt (ID = 2253)
    2:37 PM: Found Spy Cookie: bluestreak cookie
    2:37 PM: [email protected][2].txt (ID = 2314)
    2:37 PM: Found Spy Cookie: bravenet cookie
    2:37 PM: [email protected][1].txt (ID = 2322)
    2:37 PM: Found Spy Cookie: casalemedia cookie
    2:37 PM: [email protected][1].txt (ID = 2354)
    2:37 PM: [email protected][1].txt (ID = 2651)
    2:37 PM: [email protected][2].txt (ID = 2038)
    2:37 PM: Found Spy Cookie: hotlog cookie
    2:37 PM: [email protected][1].txt (ID = 2801)
    2:37 PM: Found Spy Cookie: overture cookie
    2:37 PM: [email protected][2].txt (ID = 3105)
    2:37 PM: [email protected][1].txt (ID = 3447)
    2:37 PM: Found Spy Cookie: webtrendslive cookie
    2:37 PM: [email protected][2].txt (ID = 3667)
    2:37 PM: [email protected][1].txt (ID = 3589)
    2:37 PM: Found Spy Cookie: yadro cookie
    2:37 PM: [email protected][1].txt (ID = 3743)
    2:37 PM: [email protected][1].txt (ID = 2245)
    2:37 PM: [email protected][1].txt (ID = 3447)
    2:37 PM: Cookie Sweep Complete, Elapsed Time: 00:00:08
    2:37 PM: Starting File Sweep
    3:19 PM: File Sweep Complete, Elapsed Time: 00:42:16
    3:19 PM: Full Sweep has completed. Elapsed time 00:48:59
    3:19 PM: Traces Found: 40
    3:21 PM: Removal process initiated
    3:21 PM: Quarantining All Traces: about cookie
    3:21 PM: Quarantining All Traces: bravenet cookie
    3:21 PM: Quarantining All Traces: clickzs cookie
    3:21 PM: Quarantining All Traces: hbmediapro cookie
    3:21 PM: Quarantining All Traces: hotlog cookie
    3:21 PM: Quarantining All Traces: yieldmanager cookie
    3:21 PM: Quarantining All Traces: advertising cookie
    3:21 PM: Quarantining All Traces: falkag cookie
    3:21 PM: Quarantining All Traces: ask cookie
    3:21 PM: Quarantining All Traces: atlas dmt cookie
    3:21 PM: Quarantining All Traces: belnk cookie
    3:21 PM: Quarantining All Traces: ccbill cookie
    3:21 PM: Quarantining All Traces: fastclick cookie
    3:21 PM: Quarantining All Traces: paycounter cookie
    3:21 PM: Quarantining All Traces: statcounter cookie
    3:21 PM: Quarantining All Traces: tradedoubler cookie
    3:21 PM: Quarantining All Traces: tribalfusion cookie
    3:21 PM: Quarantining All Traces: xren_cj cookie
    3:21 PM: Quarantining All Traces: 247realmedia cookie
    3:21 PM: Quarantining All Traces: 2o7.net cookie
    3:21 PM: Quarantining All Traces: adtech cookie
    3:21 PM: Quarantining All Traces: adviva cookie
    3:21 PM: Quarantining All Traces: bluestreak cookie
    3:21 PM: Quarantining All Traces: casalemedia cookie
    3:21 PM: Quarantining All Traces: overture cookie
    3:21 PM: Quarantining All Traces: webtrendslive cookie
    3:21 PM: Quarantining All Traces: yadro cookie
    3:21 PM: Removal process completed. Elapsed time 00:00:04
    ********
    1:57 PM: | Start of Session, Saturday, January 21, 2006 |
    1:57 PM: Spy Sweeper started
    1:57 PM: Sweep initiated using definitions version 602
    1:57 PM: Starting Memory Sweep
    1:58 PM: Sweep Canceled
    1:58 PM: Memory Sweep Complete, Elapsed Time: 00:00:47
    1:58 PM: Traces Found: 0
    ********
    6:34 PM: | Start of Session, Monday, January 16, 2006 |
    6:34 PM: Spy Sweeper started
    6:34 PM: Sweep initiated using definitions version 601
    6:34 PM: Starting Memory Sweep
    6:36 PM: Memory Sweep Complete, Elapsed Time: 00:02:26
    6:36 PM: Starting Registry Sweep
    6:36 PM: Found Adware: blazefind
    6:36 PM: HKLM\software\preview adservice\ (8 subtraces) (ID = 104556)
    6:36 PM: Found Adware: ist software
    6:36 PM: HKU\.default\software\ist\ (4 subtraces) (ID = 129052)
    6:36 PM: Found Adware: screensavers
    6:36 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140550)
    6:36 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140551)
    6:36 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140555)
    6:36 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140556)
    6:36 PM: HKLM\software\microsoft\code store database\distribution units\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (9 subtraces) (ID = 140566)
    6:36 PM: HKLM\software\screensavers.com\ (ID = 140569)
    6:36 PM: Found Adware: smart-browser
    6:36 PM: HKCR\bho.ibho\ (3 subtraces) (ID = 141846)
    6:36 PM: HKLM\software\classes\bho.ibho\ (3 subtraces) (ID = 141853)
    6:37 PM: Found Adware: ist surf accuracy
    6:37 PM: HKLM\software\sacc\ (8 subtraces) (ID = 203068)
    6:37 PM: Found Adware: winad
    6:37 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
    6:37 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
    6:37 PM: Found Adware: primesoft dialer
    6:37 PM: HKLM\software\scom\dialers\ (ID = 941581)
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1006\software\ist\ (1 subtraces) (ID = 129108)
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\ist\ (1 subtraces) (ID = 129108)
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\scom\dialers\ (1 subtraces) (ID = 941566)
    6:37 PM: Found Adware: qsearch
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\program info\ (ID = 1028138)
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\ist\ (1 subtraces) (ID = 129108)
    6:37 PM: Found Adware: 180search assistant/zango
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\salm\ (3 subtraces) (ID = 135792)
    6:37 PM: Found Adware: screenscenes
    6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\screenscenes\ (ID = 723706)
    6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\ist\ (1 subtraces) (ID = 129108)
    6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\salm\ (14 subtraces) (ID = 135792)
    6:37 PM: Found Adware: gain - common components
    6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\gator.com\ (56 subtraces) (ID = 528932)
    6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\screenscenes\ (15 subtraces) (ID = 723706)
    6:37 PM: Found Adware: dashbar
    6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\microsoft\internet explorer\main\ || search bar (ID = 1027877)
    6:37 PM: HKU\S-1-5-18\software\ist\ (4 subtraces) (ID = 129108)
    6:37 PM: HKU\S-1-5-18\software\salm\ (11 subtraces) (ID = 135792)
    6:37 PM: Registry Sweep Complete, Elapsed Time:00:01:16
    6:37 PM: Starting Cookie Sweep
    6:37 PM: Found Spy Cookie: 2o7.net cookie
    6:37 PM: [email protected][1].txt (ID = 1957)
    6:37 PM: Found Spy Cookie: yieldmanager cookie
    6:37 PM: [email protected][1].txt (ID = 3751)
    6:37 PM: Found Spy Cookie: advertising cookie
    6:37 PM: [email protected][2].txt (ID = 2175)
    6:37 PM: Found Spy Cookie: falkag cookie
    6:37 PM: [email protected][1].txt (ID = 2650)
    6:37 PM: Found Spy Cookie: atlas dmt cookie
    6:37 PM: [email protected][2].txt (ID = 2253)
    6:37 PM: Found Spy Cookie: atwola cookie
    6:37 PM: [email protected][1].txt (ID = 2255)
    6:37 PM: Found Spy Cookie: a cookie
    6:37 PM: [email protected][1].txt (ID = 2027)
    6:37 PM: Found Spy Cookie: belnk cookie
    6:37 PM: [email protected][1].txt (ID = 2292)
    6:37 PM: Found Spy Cookie: bluestreak cookie
    6:37 PM: [email protected][2].txt (ID = 2314)
    6:37 PM: Found Spy Cookie: burstnet cookie
    6:37 PM: [email protected][2].txt (ID = 2336)
    6:37 PM: Found Spy Cookie: casalemedia cookie
    6:37 PM: [email protected][1].txt (ID = 2354)
    6:37 PM: [email protected][2].txt (ID = 2293)
    6:37 PM: Found Spy Cookie: fastclick cookie
    6:37 PM: [email protected][2].txt (ID = 2651)
    6:37 PM: Found Spy Cookie: touchclarity cookie
    6:37 PM: [email protected][1].txt (ID = 3566)
    6:37 PM: Found Spy Cookie: overture cookie
    6:37 PM: [email protected][1].txt (ID = 3106)
    6:37 PM: Found Spy Cookie: questionmarket cookie
    6:37 PM: [email protected][1].txt (ID = 3217)
    6:37 PM: Found Spy Cookie: serving-sys cookie
    6:37 PM: [email protected][1].txt (ID = 3343)
    6:37 PM: Found Spy Cookie: statcounter cookie
    6:37 PM: [email protected][2].txt (ID = 3447)
    6:37 PM: Found Spy Cookie: tribalfusion cookie
    6:37 PM: [email protected][1].txt (ID = 3589)
    6:37 PM: Found Spy Cookie: gator cookie
    6:37 PM: [email protected][1].txt (ID = 2723)
    6:37 PM: Found Spy Cookie: burstbeacon cookie
    6:37 PM: [email protected][1].txt (ID = 2335)
    6:37 PM: Found Spy Cookie: adserver cookie
    6:37 PM: [email protected][1].txt (ID = 2142)
    6:37 PM: Found Spy Cookie: 247realmedia cookie
    6:37 PM: [email protected][2].txt (ID = 1953)
    6:37 PM: [email protected][1].txt (ID = 2175)
    6:37 PM: [email protected][2].txt (ID = 2253)
    6:37 PM: [email protected][1].txt (ID = 2027)
    6:37 PM: [email protected][1].txt (ID = 2292)
    6:37 PM: [email protected][1].txt (ID = 2314)
    6:37 PM: [email protected][2].txt (ID = 2354)
    6:37 PM: Found Spy Cookie: ccbill cookie
    6:37 PM: [email protected][1].txt (ID = 2369)
    6:37 PM: Found Spy Cookie: cnt cookie
    6:37 PM: [email protected][1].txt (ID = 2422)
    6:37 PM: Found Spy Cookie: sextracker cookie
    6:37 PM: [email protected][1].txt (ID = 3362)
    6:37 PM: [email protected][1].txt (ID = 3362)
    6:37 PM: [email protected][1].txt (ID = 3362)
    6:37 PM: [email protected][2].txt (ID = 3362)
    6:37 PM: [email protected][1].txt (ID = 2651)
    6:37 PM: Found Spy Cookie: humanclick cookie
    6:37 PM: [email protected][2].txt (ID = 2810)
    6:37 PM: Found Spy Cookie: moviemonster cookie
    6:37 PM: [email protected][2].txt (ID = 3010)
    6:37 PM: Found Spy Cookie: outster cookie
    6:37 PM: [email protected][2].txt (ID = 3103)
    6:37 PM: Found Spy Cookie: paycounter cookie
    6:37 PM: [email protected][1].txt (ID = 3115)
    6:37 PM: Found Spy Cookie: pridebucks cookie
    6:37 PM: [email protected][1].txt (ID = 3187)
    6:37 PM: Found Spy Cookie: realmedia cookie
    6:37 PM: [email protected][2].txt (ID = 3235)
    6:37 PM: Found Spy Cookie: server.iad.liveperson cookie
    6:37 PM: [email protected][1].txt (ID = 3341)
    6:37 PM: [email protected][1].txt (ID = 3343)
    6:37 PM: Found Spy Cookie: sexlist cookie
    6:37 PM: [email protected][2].txt (ID = 3353)
    6:37 PM: [email protected][1].txt (ID = 3361)
    6:37 PM: [email protected][2].txt (ID = 3447)
    6:37 PM: Found Spy Cookie: reliablestats cookie
    6:37 PM: [email protected][2].txt (ID = 3254)
    6:37 PM: Found Spy Cookie: tradedoubler cookie
    6:37 PM: [email protected][1].txt (ID = 3575)
    6:37 PM: [email protected][1].txt (ID = 3589)
    6:37 PM: Found Spy Cookie: tripod cookie
    6:37 PM: [email protected][1].txt (ID = 3591)
    6:37 PM: Found Spy Cookie: realtracker cookie
    6:37 PM: [email protected][2].txt (ID = 3242)
    6:37 PM: Found Spy Cookie: xiti cookie
    6:37 PM: [email protected][1].txt (ID = 3717)
    6:37 PM: Found Spy Cookie: xren_cj cookie
    6:37 PM: [email protected]_cj[1].txt (ID = 3723)
    6:37 PM: [email protected]_cj[2].txt (ID = 3723)
    6:37 PM: Found Spy Cookie: xxxcounter cookie
    6:37 PM: [email protected][1].txt (ID = 3733)
    6:37 PM: Found Spy Cookie: yadro cookie
    6:37 PM: [email protected][1].txt (ID = 3743)
    6:37 PM: [email protected][2].txt (ID = 1958)
    6:37 PM: [email protected][1].txt (ID = 1957)
    6:37 PM: [email protected][2].txt (ID = 3751)
    6:37 PM: Found Spy Cookie: pointroll cookie
    6:37 PM: [email protected][2].txt (ID = 3148)
    6:37 PM: Found Spy Cookie: adtech cookie
    6:37 PM: [email protected][2].txt (ID = 2155)
    6:37 PM: [email protected][1].txt (ID = 2175)
    6:37 PM: Found Spy Cookie: adviva cookie
    6:37 PM: [email protected][2].txt (ID = 2177)
    6:37 PM: Found Spy Cookie: apmebf cookie
    6:37 PM: [email protected][1].txt (ID = 2229)
    6:37 PM: [email protected][1].txt (ID = 2650)
    6:37 PM: [email protected][1].txt (ID = 2253)
    6:37 PM: [email protected][1].txt (ID = 2255)
    6:37 PM: [email protected][1].txt (ID = 2027)
    6:37 PM: [email protected][1].txt (ID = 2292)
    6:37 PM: [email protected][2].txt (ID = 2336)
    6:37 PM: [email protected][1].txt (ID = 2354)
    6:38 PM: Found Spy Cookie: cd freaks cookie
    6:38 PM: [email protected][2].txt (ID = 2370)
    6:38 PM: [email protected][1].txt (ID = 2371)
    6:38 PM: Found Spy Cookie: 360i cookie
    6:38 PM: [email protected][2].txt (ID = 1962)
    6:38 PM: [email protected][2].txt (ID = 2293)
    6:38 PM: [email protected][1].txt (ID = 2651)
    6:38 PM: Found Spy Cookie: gamespy cookie
    6:38 PM: [email protected][1].txt (ID = 2719)
    6:38 PM: Found Spy Cookie: starware.com cookie
    6:38 PM: [email protected][1].txt (ID = 3442)
    6:38 PM: [email protected][1].txt (ID = 1958)
    6:38 PM: [email protected][2].txt (ID = 3217)
    6:38 PM: [email protected][2].txt (ID = 3235)
    6:38 PM: Found Spy Cookie: onestat.com cookie
    6:38 PM: [email protected][2].txt (ID = 3098)
    6:38 PM: [email protected][2].txt (ID = 3447)
    6:38 PM: [email protected][2].txt (ID = 3254)
    6:38 PM: Found Spy Cookie: webtrendslive cookie
    6:38 PM: [email protected][1].txt (ID = 3667)
    6:38 PM: Found Spy Cookie: toplist cookie
    6:38 PM: [email protected][1].txt (ID = 3557)
    6:38 PM: [email protected][1].txt (ID = 3575)
    6:38 PM: [email protected][1].txt (ID = 2335)
    6:38 PM: [email protected][1].txt (ID = 3442)
    6:38 PM: Found Spy Cookie: ask cookie
    6:38 PM: [email protected][1].txt (ID = 2245)
    6:38 PM: [email protected][1].txt (ID = 2253)
    6:38 PM: Found Spy Cookie: trakkerd.net cookie
    6:38 PM: [email protected][1].txt (ID = 3586)
    6:38 PM: [email protected][2].txt (ID = 3361)
    6:38 PM: [email protected][2].txt (ID = 3447)
    6:38 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
    6:38 PM: Starting File Sweep
    6:38 PM: c:\program files\preview adservice (1 subtraces) (ID = -2147477102)
    6:38 PM: c:\program files\surfaccuracy (3 subtraces) (ID = -2147478266)
    6:38 PM: c:\program files\media gateway (2 subtraces) (ID = -2147477127)
    6:38 PM: Found Adware: ist istbar
    6:38 PM: a0032475.exe (ID = 107294)
    6:38 PM: backup-20060116-170307-446.dll (ID = 199611)
    6:38 PM: Found Adware: shopathomeselect
    6:38 PM: bundle_cdt1006.exe (ID = 107429)
    6:38 PM: iaqljqk7.dll (ID = 75582)
    6:39 PM: a0037869.exe (ID = 64496)
    6:39 PM: a0037870.exe (ID = 185599)
    6:40 PM: a0055047.exe (ID = 193923)
    6:41 PM: gatorgaininstaller.log (ID = 61390)
    6:41 PM: a0030842.exe (ID = 64496)
    6:41 PM: a0030843.exe (ID = 107294)
    6:41 PM: info.txt (ID = 90430)
    6:42 PM: fca0ivf.exe (ID = 107290)
    6:44 PM: istrecover[1].exe (ID = 64496)
    6:44 PM: istsvc[1].exe (ID = 107294)
    6:44 PM: istdownload[1].exe (ID = 107290)
    6:44 PM: update.exe (ID = 75690)
    6:45 PM: bundle~1.exe (ID = 107429)
    6:46 PM: m8u9hgvs.dll (ID = 75582)
    6:49 PM: saccu.exe (ID = 180136)
    6:58 PM: mediagateway.exe (ID = 107546)
    6:58 PM: Sweep Canceled
    6:58 PM: File Sweep Complete, Elapsed Time: 00:20:55
    6:58 PM: Traces Found: 305
    6:59 PM: Removal process initiated
    6:59 PM: Quarantining All Traces: 180search assistant/zango
    6:59 PM: Quarantining All Traces: ist istbar
    6:59 PM: Quarantining All Traces: qsearch
    6:59 PM: Quarantining All Traces: blazefind
    6:59 PM: Quarantining All Traces: primesoft dialer
    6:59 PM: Quarantining All Traces: winad
    6:59 PM: Quarantining All Traces: ist software
    6:59 PM: Quarantining All Traces: ist surf accuracy
    6:59 PM: Quarantining All Traces: screensavers
    6:59 PM: Quarantining All Traces: shopathomeselect
    6:59 PM: Quarantining All Traces: smart-browser
    6:59 PM: Quarantining All Traces: 247realmedia cookie
    6:59 PM: Quarantining All Traces: 2o7.net cookie
    6:59 PM: Quarantining All Traces: 360i cookie
    6:59 PM: Quarantining All Traces: a cookie
    6:59 PM: Quarantining All Traces: adserver cookie
    6:59 PM: Quarantining All Traces: adtech cookie
    6:59 PM: Quarantining All Traces: advertising cookie
    6:59 PM: Quarantining All Traces: adviva cookie
    6:59 PM: Quarantining All Traces: apmebf cookie
    6:59 PM: Quarantining All Traces: ask cookie
    6:59 PM: Quarantining All Traces: atlas dmt cookie
    6:59 PM: Quarantining All Traces: atwola cookie
    6:59 PM: Quarantining All Traces: belnk cookie
    6:59 PM: Quarantining All Traces: bluestreak cookie
    6:59 PM: Quarantining All Traces: burstbeacon cookie
    6:59 PM: Quarantining All Traces: burstnet cookie
    6:59 PM: Quarantining All Traces: casalemedia cookie
    6:59 PM: Quarantining All Traces: ccbill cookie
    6:59 PM: Quarantining All Traces: cd freaks cookie
    6:59 PM: Quarantining All Traces: cnt cookie
    6:59 PM: Quarantining All Traces: dashbar
    6:59 PM: Quarantining All Traces: falkag cookie
    6:59 PM: Quarantining All Traces: fastclick cookie
    6:59 PM: Quarantining All Traces: gain - common components
    6:59 PM: Quarantining All Traces: gamespy cookie
    6:59 PM: Quarantining All Traces: gator cookie
    6:59 PM: Quarantining All Traces: humanclick cookie
    6:59 PM: Quarantining All Traces: moviemonster cookie
    6:59 PM: Quarantining All Traces: onestat.com cookie
    6:59 PM: Quarantining All Traces: outster cookie
    6:59 PM: Quarantining All Traces: overture cookie
    6:59 PM: Quarantining All Traces: paycounter cookie
    6:59 PM: Quarantining All Traces: pointroll cookie
    6:59 PM: Quarantining All Traces: pridebucks cookie
    6:59 PM: Quarantining All Traces: questionmarket cookie
    6:59 PM: Quarantining All Traces: realmedia cookie
    6:59 PM: Quarantining All Traces: realtracker cookie
    6:59 PM: Quarantining All Traces: reliablestats cookie
    6:59 PM: Quarantining All Traces: screenscenes
    6:59 PM: Quarantining All Traces: server.iad.liveperson cookie
    6:59 PM: Quarantining All Traces: serving-sys cookie
    6:59 PM: Quarantining All Traces: sexlist cookie
    6:59 PM: Quarantining All Traces: sextracker cookie
    6:59 PM: Quarantining All Traces: starware.com cookie
    6:59 PM: Quarantining All Traces: statcounter cookie
    6:59 PM: Quarantining All Traces: toplist cookie
    6:59 PM: Quarantining All Traces: touchclarity cookie
    6:59 PM: Quarantining All Traces: tradedoubler cookie
    6:59 PM: Quarantining All Traces: trakkerd.net cookie
    6:59 PM: Quarantining All Traces: tribalfusion cookie
    6:59 PM: Quarantining All Traces: tripod cookie
    6:59 PM: Quarantining All Traces: webtrendslive cookie
    6:59 PM: Quarantining All Traces: xiti cookie
    6:59 PM: Quarantining All Traces: xren_cj cookie
    6:59 PM: Quarantining All Traces: xxxcounter cookie
    6:59 PM: Quarantining All Traces: yadro cookie
    6:59 PM: Quarantining All Traces: yieldmanager cookie
    7:00 PM: Removal process completed. Elapsed time 00:00:39
    7:05 PM: Deletion from quarantine initiated
    7:05 PM: Processing: 180search assistant/zango
    7:05 PM: Processing: 247realmedia cookie
    7:05 PM: Processing: 2o7.net cookie
    7:05 PM: Processing: 360i cookie
    7:05 PM: Processing: a cookie
    7:05 PM: Processing: adserver cookie
    7:05 PM: Processing: adtech cookie
    7:05 PM: Processing: advertising cookie
    7:05 PM: Processing: adviva cookie
    7:05 PM: Processing: apmebf cookie
    7:05 PM: Processing: ask cookie
    7:05 PM: Processing: atlas dmt cookie
    7:05 PM: Processing: atwola cookie
    7:05 PM: Processing: belnk cookie
    7:05 PM: Processing: blazefind
    7:05 PM: Processing: bluestreak cookie
    7:05 PM: Processing: burstbeacon cookie
    7:05 PM: Processing: burstnet cookie
    7:05 PM: Processing: casalemedia cookie
    7:05 PM: Processing: ccbill cookie
    7:05 PM: Processing: cd freaks cookie
    7:05 PM: Processing: cnt cookie
    7:05 PM: Processing: dashbar
    7:05 PM: Processing: falkag cookie
    7:05 PM: Processing: fastclick cookie
    7:05 PM: Processing: gain - common components
    7:05 PM: Processing: gamespy cookie
    7:05 PM: Processing: gator cookie
    7:05 PM: Processing: humanclick cookie
    7:05 PM: Processing: ist istbar
    7:05 PM: Processing: ist software
    7:05 PM: Processing: ist surf accuracy
    7:05 PM: Processing: moviemonster cookie
    7:05 PM: Processing: onestat.com cookie
    7:05 PM: Processing: outster cookie
    7:05 PM: Processing: overture cookie
    7:05 PM: Processing: paycounter cookie
    7:05 PM: Processing: pointroll cookie
    7:05 PM: Processing: pridebucks cookie
    7:05 PM: Processing: primesoft dialer
    7:05 PM: Processing: qsearch
    7:05 PM: Processing: questionmarket cookie
    7:05 PM: Processing: realmedia cookie
    7:05 PM: Processing: realtracker cookie
    7:05 PM: Processing: reliablestats cookie
    7:05 PM: Processing: screensavers
    7:05 PM: Processing: screenscenes
    7:05 PM: Processing: server.iad.liveperson cookie
    7:05 PM: Processing: serving-sys cookie
    7:05 PM: Processing: sexlist cookie
    7:05 PM: Processing: sextracker cookie
    7:05 PM: Processing: shopathomeselect
    7:05 PM: Processing: smart-browser
    7:05 PM: Processing: starware.com cookie
    7:05 PM: Processing: statcounter cookie
    7:05 PM: Processing: toplist cookie
    7:05 PM: Processing: touchclarity cookie
    7:05 PM: Processing: tradedoubler cookie
    7:05 PM: Processing: trakkerd.net cookie
    7:05 PM: Processing: tribalfusion cookie
    7:05 PM: Processing: tripod cookie
    7:05 PM: Processing: webtrendslive cookie
    7:05 PM: Processing: winad
    7:05 PM: Processing: xiti cookie
    7:05 PM: Processing: xren_cj cookie
    7:05 PM: Processing: xxxcounter cookie
    7:05 PM: Processing: yadro cookie
    7:05 PM: Processing: yieldmanager cookie
    7:05 PM: Deletion from quarantine completed. Elapsed time 00:00:39
    ********
    6:28 PM: | Start of Session, Monday, January 16, 2006 |
    6:28 PM: Spy Sweeper started
    6:29 PM: Your spyware definitions have been updated.
    6:34 PM: | End of Session, Monday, January 16, 2006 |
    a scan with webroot . i also ran HJTLogfile of HijackThis v1.99.1
    Scan saved at 2:26:06 PM, on 1/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
    O4 - HKLM\..\RunOnce: [System Mechanic Cache Cleanup] C:\Program Files\iolo\System Mechanic 4 Professional\SysMech4.exe /COMPLETECACHE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    may be my computer is runing alittle better task manager says system is runing at 97% but i am only talk ing to you. thanks for your help cheers
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/433705

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice