Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
I noticed that help files in MS Office were missing in users machine. I Ad-awared and scanned machine and noticed in another forum that the answer may have be in a hijack as I have seen this error appear: mk:mad:MSITStore..........

here is the log
Logfile of HijackThis v1.99.1
Scan saved at 13:40:18, on 02/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINXP\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINXP\UMCSTUB.EXE
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\WINXP\Explorer.EXE
C:\WINXP\system32\igfxtray.exe
C:\WINXP\system32\hkcmd.exe
C:\SxpInst\sxplog32.exe
C:\Program Files\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\WINXP\system32\msiexec.exe
C:\Program Files\CA\SharedComponents\CAM\bin\caftf.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WinZip\WINZIP32.EXE
C:\Documents and Settings\z_anderswi\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = one.thus.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://one.thus.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://one.thus.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [CA Roaming Users] DMSCRIPT.EXE "C:\Program Files\CA\Unicenter Software Delivery\SD\Roaming\RoamingUsers.dms"
O4 - HKLM\..\Run: [CA-AMAgent] C:\Program Files\CA\Unicenter Asset Management\Agents\amagent.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office10\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI8FAC~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINXP\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINXP\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://one.thus.net
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://onsite.trustwise.com/services/BTWSApplicationSupport/vscnfchk.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124790952859
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/7adpower/nat2.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.thus.net
O17 - HKLM\Software\..\Telephony: DomainName = ad.thus.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{48F155E3-4DFB-4B4C-AFC1-4234CEA7C788}: NameServer = 194.159.25.80
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.thus.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{48F155E3-4DFB-4B4C-AFC1-4234CEA7C788}: NameServer = 194.159.25.80
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.thus.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{48F155E3-4DFB-4B4C-AFC1-4234CEA7C788}: NameServer = 194.159.25.80
O20 - Winlogon Notify: igfxcui - C:\WINXP\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINXP\system32\NavLogon.dll
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINXP\UMCSTUB.EXE
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM Primer (DMPrimer) - Unknown owner - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe" -DMPRIMER_SERVICE_: (file missing)
O23 - Service: OracleOra81ClientCache - Unknown owner - C:\oracle\bin\ONRSD.EXE
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Antivirus (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


any help would be greatly appreciated
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)


Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
    [*] Click on see report. Then click Save report
Please post that log in your next reply.

Are these related to a company network??

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.thus.net
O17 - HKLM\Software\..\Telephony: DomainName = ad.thus.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{48F155E3-4DFB-4B4C-AFC1-4234CEA7C788}: NameServer = 194.159.25.80
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.thus.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{48F155E3-4DFB-4B4C-AFC1-4234CEA7C788}: NameServer = 194.159.25.80
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.thus.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{48F155E3-4DFB-4B4C-AFC1-4234CEA7C788}: NameServer = 194.159.25.80
 

·
Registered
Joined
·
2 Posts
Discussion Starter #3
Help files missing in Office Part 2

Hi there,

I have followed your instructions as posted:

Here is the Pandasoftware report
Incident Status Location

Adware:adware/ist.istbar No disinfected Windows Registry
Dialer:dialer.asl No disinfected HKEY_CLASSES_ROOT\CLSID\{0D62A517-E7C6-4E1F-A577-07D4AC549A48}
Adware:adware/gator No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\Documents and Settings\greenca\Local Settings\Temp\Del1D.tmp
Dialer:Dialer.BGL No disinfected C:\Documents and Settings\greenca\Local Settings\Temp\ICD1.tmp\games.inf
Dialer:Dialer.BGL No disinfected C:\Documents and Settings\greenca\Local Settings\Temp\ICD4.tmp\games.inf
Dialer:Dialer.BGL No disinfected C:\Documents and Settings\greenca\Local Settings\Temp\ICD6.tmp\games.inf
Dialer:Dialer.BGL No disinfected C:\Documents and Settings\greenca\Local Settings\Temp\ICD7.tmp\games.inf
Dialer:Dialer.BGL No disinfected C:\Documents and Settings\greenca\Local Settings\Temp\ICD8.tmp\games.inf
Adware:Adware/nCase No disinfected C:\Documents and Settings\greenca\Local Settings\Temp\res1E.tmp
Adware:Adware/PowerScan No disinfected C:\Documents and Settings\greenca\Local Settings\Temp\uninstall.exe
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Evvw\Abxsy.exe
Virus:Bck/Dumador.DZ Disinfected C:\WINXP\iccontrol.exe

The hijack log is now as follows:

Logfile of HijackThis v1.99.1
Scan saved at 11:55:22, on 03/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINXP\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINXP\UMCSTUB.EXE
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\WINXP\Explorer.EXE
C:\WINXP\system32\igfxtray.exe
C:\WINXP\system32\hkcmd.exe
C:\SxpInst\sxplog32.exe
C:\Program Files\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINXP\system32\msiexec.exe
C:\WINXP\system32\NOTEPAD.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = one.thus.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://one.thus.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://one.thus.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [CA Roaming Users] DMSCRIPT.EXE "C:\Program Files\CA\Unicenter Software Delivery\SD\Roaming\RoamingUsers.dms"
O4 - HKLM\..\Run: [CA-AMAgent] C:\Program Files\CA\Unicenter Asset Management\Agents\amagent.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office10\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINXP\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINXP\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://one.thus.net
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://onsite.trustwise.com/services/BTWSApplicationSupport/vscnfchk.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124790952859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/7adpower/nat2.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.thus.net
O17 - HKLM\Software\..\Telephony: DomainName = ad.thus.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{48F155E3-4DFB-4B4C-AFC1-4234CEA7C788}: NameServer = 194.159.25.80
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.thus.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{48F155E3-4DFB-4B4C-AFC1-4234CEA7C788}: NameServer = 194.159.25.80
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.thus.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{48F155E3-4DFB-4B4C-AFC1-4234CEA7C788}: NameServer = 194.159.25.80
O20 - Winlogon Notify: igfxcui - C:\WINXP\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINXP\system32\NavLogon.dll
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINXP\UMCSTUB.EXE
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM Primer (DMPrimer) - Unknown owner - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe" -DMPRIMER_SERVICE_: (file missing)
O23 - Service: OracleOra81ClientCache - Unknown owner - C:\oracle\bin\ONRSD.EXE
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Antivirus (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Yes its a company network.

Yet again I appeal for your help.

Thanks
 

·
Registered
Joined
·
6,574 Posts
Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!.

Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say no:

C:\Documents and Settings\greenca\Local Settings\Temp\Del1D.tmp
C:\Documents and Settings\greenca\Local Settings\Temp\ICD1.tmp
C:\Documents and Settings\greenca\Local Settings\Temp\ICD4.tmp
C:\Documents and Settings\greenca\Local Settings\Temp\ICD6.tmp
C:\Documents and Settings\greenca\Local Settings\Temp\ICD7.tmp
C:\Documents and Settings\greenca\Local Settings\Temp\ICD8.tmp
C:\Documents and Settings\greenca\Local Settings\Temp\res1E.tmp
C:\Documents and Settings\greenca\Local Settings\Temp\uninstall.exe
C:\Program Files\Evvw


Go to Start > Run and type regedit and click 'OK'. Naviage to the following registry key and delete the entry in red.

HKEY_CLASSES_ROOT\CLSID\{0D62A517-E7C6-4E1F-A577-07D4AC549A48}

Exit regedit.

Run HJT and check the following items, and then fix them:

O14 - IERESET.INF: START_PAGE_URL=http://one.thus.net
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.cab
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/7adpower/nat2.exe


Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

After you have restarted your computer, re run Panda ActiveScan as before. Return to TSF with new results from HJT and Panda.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top