Tech Support banner

Status
Not open for further replies.
1 - 20 of 27 Posts

·
Registered
Joined
·
61 Posts
Discussion Starter #1
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 3:25:03 PM, on 10/23/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ONTRACK\SYSTEMSUITE\MXTASK.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: SystemSuite.lnk = C:\Program Files\Ontrack\SystemSuite\MXTask.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab


End of KRC HijackThis Analyzer Log.
====================================================================
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Don't see much in the log. Are you having an issue....or just checking??
 

·
Registered
Joined
·
61 Posts
Discussion Starter #3
well both.. my pc seems to be slow and locking up and acting funk on start up and rebooting.. i am not sure if i have been jacked or not. i ran micro trend antivirus, adaware and spybot and nothing came up on spybot antivirus and minor issues in adaware. i tought htj would catch something else.

any clues?
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello chazmonte,

Have you installed any new programs or hardware recently?

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/products/mwav/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use CTRL C on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.
 

·
Registered
Joined
·
61 Posts
Discussion Starter #5
virus log

Object "maxspeed Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "maxspeed Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "esyndicate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "midaddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bookedspace Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "abetterinternet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "midaddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "midaddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "aurora Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "tvmedia Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "tv media display Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\program files". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\BSWESE.EXE" refers to invalid object "E:\aamsstp\app\bswese.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MB912dem.exe" refers to invalid object "E:\DEMOS\MB912DEM\math912d\MB912dem.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\wb32.exe" refers to invalid object "E:\DEMOS\WB69DEMO\WB32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\msoc.dll" refers to invalid object "C:\Program Files\Microsoft Office\Office". Action Taken: No Action Taken.
Entry "HKCR\.sto\shell\open\command" refers to invalid object "E:\DEMOS\WB69DEMO\WB32.exe %1". Action Taken: No Action Taken.
Entry "HKCR\Math.Blaster.1\shell\open\command" refers to invalid object "E:\MATH1\MB1EDIT.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\IncrediMessage\shell\open\command" refers to invalid object "C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c "%1"". Action Taken: No Action Taken.
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Nothing bad here, just orphaned registry entries. You didn't mention--have you installed any new programs or hardware recently?
 

·
Registered
Joined
·
61 Posts
Discussion Starter #7
i have not istalled any new software or hardware.

however i forgot to empty my avg antivirus Quarantine folder before running mwav

but when i restarted my pc avg identifed the following file as a virus
thin-8~1.exe adware generic.asf

avg instructs me to restart with my rescue disk but i am getting errors and can not load avg with the rescue disk

also scanned my hard drive with avg and it did not reconize the virus although it indicates there is an error in the boot file
:4-dontkno
 

·
Registered
Joined
·
61 Posts
Discussion Starter #8
btw i forgot to mention that at start up when avg identifies the thin-8~1.exe adware generic.asf as a virus i do have the option at continuing which is evident by being posting here.

any clues or should i just restore and reformat my hard drive and start from sratch?
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.
 

·
Registered
Joined
·
61 Posts
Discussion Starter #10
Started Scanning
Files and Directories
Found 'wnstssv.exe' in 'c:\WINDOWS\SYSTEM'
Found 'WBCMUninst_Helper.exe' in 'c:\WINDOWS\SYSTEM'
Found 'WBCMUninst.exe' in 'c:\WINDOWS\SYSTEM'
Found 'ICMUPG53.exe' in 'c:\WINDOWS\SYSTEM'
Found 'ALCHEM.INF' in 'c:\WINDOWS\INF'
Found 'CONSCORR.INF' in 'c:\WINDOWS\INF'
Found 'WildApp.inf' in 'c:\WINDOWS\Downloaded Program Files'
Found '' in 'c:\WINDOWS\bsx32'
Found 'TV1.bsx' in 'c:\WINDOWS\bsx32'
Found 'XTFL2.bsx' in 'c:\WINDOWS\bsx32'
Found 'ADVC3.bsx' in 'c:\WINDOWS\bsx32'
Found 'TMP1.bsx' in 'c:\WINDOWS\bsx32'
Found 'INK1.bsx' in 'c:\WINDOWS\bsx32'
Found 'DEBT1.bsx' in 'c:\WINDOWS\bsx32'
Found 'SPZ3.bsx' in 'c:\WINDOWS\bsx32'
Found 'BID1.bsx' in 'c:\WINDOWS\bsx32'
Found 'BingoRoom1.bsx' in 'c:\WINDOWS\bsx32'
Found 'CASH2.bsx' in 'c:\WINDOWS\bsx32'
Found 'CARD2.bsx' in 'c:\WINDOWS\bsx32'
Found 'OPPR2.bsx' in 'c:\WINDOWS\bsx32'
Found 'EML1.bsx' in 'c:\WINDOWS\bsx32'
Found 'kwv2.dat' in 'c:\WINDOWS'
Found 'uninstall.exe' in 'c:\Program Files\VB6 Runtime Files for IDAutomation.com Applications'
Found 'backup-20050325-144134-947.dll' in 'c:\backups'
Programs in Memory
Internet URL Shortcuts
Internet Cookies
Found 'bluestreak.com' in 'Internet Explorer Cache'
Found 'go.com' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'adopt.specificclick.net' in 'Internet Explorer Cache'
Found 'about.com' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'bannerspace.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Found 'www.burstbeacon.com' in 'Internet Explorer Cache'
Found 'hypertracker.com' in 'Internet Explorer Cache'
Found 'a.websponsors.com' in 'Internet Explorer Cache'
Found 'zedo.com' in 'Internet Explorer Cache'
Found 'adknowledge.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'atwola.com' in 'Internet Explorer Cache'
Found 'citi.bridgetrack.com' in 'Internet Explorer Cache'
Found 'superstats.com' in 'Internet Explorer Cache'
Found 'keywordmax.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'edge.ru4.com' in 'Internet Explorer Cache'
Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Found 'tradedoubler.com' in 'Internet Explorer Cache'
Found 'ads.pointroll.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Winad Client'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'Interface\{851F86C9-D3CC-4574-93F5-40E2D65159E4}'
Found '' in 'SOFTWARE\Classes\Interface\{851F86C9-D3CC-4574-93F5-40E2D65159E4}'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WBCM'
Found 'masterupdatetime' in 'Software\Microsoft\Internet Explorer\Main'
Found 'payloadupdatetime' in 'Software\Microsoft\Internet Explorer\Main'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'c:\WINDOWS\SYSTEM\wnstssv.exe' in shortcut areas.
Checking for 'c:\WINDOWS\SYSTEM\wnstssv.exe' in startup areas.
Cleaning 'c:\WINDOWS\SYSTEM\wnstssv.exe'
Checking for 'c:\WINDOWS\SYSTEM\WBCMUninst_Helper.exe' in shortcut areas.
Checking for 'c:\WINDOWS\SYSTEM\WBCMUninst_Helper.exe' in startup areas.
Cleaning 'c:\WINDOWS\SYSTEM\WBCMUninst_Helper.exe'
Checking for 'c:\WINDOWS\SYSTEM\WBCMUninst.exe' in shortcut areas.
Checking for 'c:\WINDOWS\SYSTEM\WBCMUninst.exe' in startup areas.
Cleaning 'c:\WINDOWS\SYSTEM\WBCMUninst.exe'
Checking for 'c:\WINDOWS\SYSTEM\ICMUPG53.exe' in shortcut areas.
Checking for 'c:\WINDOWS\SYSTEM\ICMUPG53.exe' in startup areas.
Cleaning 'c:\WINDOWS\SYSTEM\ICMUPG53.exe'
Checking for 'c:\WINDOWS\INF\ALCHEM.INF' in shortcut areas.
Checking for 'c:\WINDOWS\INF\ALCHEM.INF' in startup areas.
Cleaning 'c:\WINDOWS\INF\ALCHEM.INF'
Checking for 'c:\WINDOWS\INF\CONSCORR.INF' in shortcut areas.
Checking for 'c:\WINDOWS\INF\CONSCORR.INF' in startup areas.
Cleaning 'c:\WINDOWS\INF\CONSCORR.INF'
Checking for 'c:\WINDOWS\Downloaded Program Files\WildApp.inf' in shortcut areas.
Checking for 'c:\WINDOWS\Downloaded Program Files\WildApp.inf' in startup areas.
Cleaning 'c:\WINDOWS\Downloaded Program Files\WildApp.inf'
Checking for 'c:\WINDOWS\bsx32' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32' in startup areas.
Cleaning 'c:\WINDOWS\bsx32'
Checking for 'c:\WINDOWS\bsx32\TV1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\TV1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\TV1.bsx'
Checking for 'c:\WINDOWS\bsx32\XTFL2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\XTFL2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\XTFL2.bsx'
Checking for 'c:\WINDOWS\bsx32\ADVC3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADVC3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADVC3.bsx'
Checking for 'c:\WINDOWS\bsx32\CAS1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\CAS1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\CAS1.bsx'
Checking for 'c:\WINDOWS\bsx32\KanFinance3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\KanFinance3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\KanFinance3.bsx'
Checking for 'c:\WINDOWS\bsx32\ADBN1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADBN1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADBN1.bsx'
Checking for 'c:\WINDOWS\bsx32\TMP1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\TMP1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\TMP1.bsx'
Checking for 'c:\WINDOWS\bsx32\FAM1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FAM1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FAM1.bsx'
Checking for 'c:\WINDOWS\bsx32\INK1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\INK1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\INK1.bsx'
Checking for 'c:\WINDOWS\bsx32\EDU1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\EDU1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\EDU1.bsx'
Checking for 'c:\WINDOWS\bsx32\DEBT1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\DEBT1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\DEBT1.bsx'
Checking for 'c:\WINDOWS\bsx32\MORT1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\MORT1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\MORT1.bsx'
Checking for 'c:\WINDOWS\bsx32\SPZ3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\SPZ3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\SPZ3.bsx'
Checking for 'c:\WINDOWS\bsx32\CARS1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\CARS1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\CARS1.bsx'
Checking for 'c:\WINDOWS\bsx32\BID1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\BID1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\BID1.bsx'
Checking for 'c:\WINDOWS\bsx32\BingoRoom1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\BingoRoom1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\BingoRoom1.bsx'
Checking for 'c:\WINDOWS\bsx32\CASH2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\CASH2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\CASH2.bsx'
Checking for 'c:\WINDOWS\bsx32\WIRE1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\WIRE1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\WIRE1.bsx'
Checking for 'c:\WINDOWS\bsx32\SPORT1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\SPORT1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\SPORT1.bsx'
Checking for 'c:\WINDOWS\bsx32\INSUR1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\INSUR1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\INSUR1.bsx'
Checking for 'c:\WINDOWS\bsx32\CARD2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\CARD2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\CARD2.bsx'
Checking for 'c:\WINDOWS\bsx32\OPPR2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\OPPR2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\OPPR2.bsx'
Checking for 'c:\WINDOWS\bsx32\EML1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\EML1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\EML1.bsx'
Checking for 'c:\WINDOWS\bsx32\TV1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\TV1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\TV1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\TV1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\XTFL2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\XTFL2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\XTFL2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\XTFL2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ADVC3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADVC3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADVC3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ADVC3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\TMP1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\TMP1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\TMP1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\TMP1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\INK1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\INK1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\INK1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\INK1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\DEBT1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\DEBT1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\DEBT1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\DEBT1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\SPZ3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\SPZ3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\SPZ3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\SPZ3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\BID1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\BID1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\BID1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\BID1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\BingoRoom1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\BingoRoom1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\BingoRoom1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\BingoRoom1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\CASH2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\CASH2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\CASH2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\CASH2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\CARD2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\CARD2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\CARD2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\CARD2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\OPPR2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\OPPR2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\OPPR2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\OPPR2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\EML1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\EML1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\EML1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\EML1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\kwv2.dat' in shortcut areas.
Checking for 'c:\WINDOWS\kwv2.dat' in startup areas.
Cleaning 'c:\WINDOWS\kwv2.dat'
Checking for 'c:\Program Files\VB6 Runtime Files for IDAutomation.com Applications\uninstall.exe' in shortcut areas.
Checking for 'c:\Program Files\VB6 Runtime Files for IDAutomation.com Applications\uninstall.exe' in startup areas.
Cleaning 'c:\Program Files\VB6 Runtime Files for IDAutomation.com Applications\uninstall.exe'
Checking for 'c:\backups\backup-20050325-144134-947.dll' in shortcut areas.
Checking for 'c:\backups\backup-20050325-144134-947.dll' in startup areas.
Cleaning 'c:\backups\backup-20050325-144134-947.dll'
Finished Cleaning
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
chazmonte said:
where do i find the microtrend tool???????
The tool..is the scan. Rerun it again and post the log. I need the log from the second scan...not the first.
 

·
Registered
Joined
·
61 Posts
Discussion Starter #13
2nd virus log

sorry for not realizing what you meant about the second scan.

btw-grisoft anti virus is still identifyinh the thin-8~1.exe adware generic.asf as a virus on my pc. it allows me to continue at my own risk, which is what i have been doing.

here is the second scan results:
Started Scanning
Files and Directories
Programs in Memory
Internet URL Shortcuts
Internet Cookies
Found 'bluestreak.com' in 'Internet Explorer Cache'
Found 'perf.overture.com' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'adopt.specificclick.net' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'www.burstbeacon.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Found 'zedo.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Windows Registry
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Let's dig it out.....

Download WinPFInd http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Download Track qoo http://www.geekstogo.com/downloads/Trackqoo.zip
Save it somewhere you will remember like the Desktop. Unzip the Track qoo.vbs inside to your desktop. DO NOT run it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.!



Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.! Once the Scan is Complete it will make a txt file (log) of what was found.

1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Please post those results in your next post!

REBOOT to normal mode.

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

So I need the following tool logs..

WinPFind.txt log
Track qoo.vbs log
 

·
Registered
Joined
·
61 Posts
Discussion Starter #15
i had a widows script host pop up while i was trying to run the track qoo
the following is what was in the error box (i tried to copy and paste the pop up box, but was not able to do it)

script: c:windows\desktop\track qoo.vbs
line:16
char:1
error: file name or class name not found during automation operation 'get object'
code: 800a01b0
source: microsoft vb script error

here is the winpfind results
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.1998
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 2/23/05 5:23:00 PM 71168 c:\thin-85-1-x-x.exe
UPX! 3/27/05 10:04:46 PM 178832 c:\FxWebsch.exe
buddy.exe 3/28/05 1:32:36 PM 22244 c:\windows.txt
qoologic 10/30/05 11:54:00 AM 203302 c:\WinPFind.zip
PECompact2 8/8/05 10:46:48 PM 11601440 c:\RealPlayer10-5GOLD_bb.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
buddy.exe 7/22/05 9:46:36 PM 110936 c:\windows\SFCLOG.TXT
buddy.exe 4/1/05 4:57:22 PM 118455 c:\windows\Default.sf0
PECompact2 10/24/05 1:58:16 PM 16183757 c:\windows\LPT$VPN.909
qoologic 10/24/05 1:58:16 PM 16183757 c:\windows\LPT$VPN.909
SAHAgent 10/24/05 1:58:16 PM 16183757 c:\windows\LPT$VPN.909
PECompact2 10/24/05 1:58:16 PM 16183757 c:\windows\VPTNFILE.909
qoologic 10/24/05 1:58:16 PM 16183757 c:\windows\VPTNFILE.909
SAHAgent 10/24/05 1:58:16 PM 16183757 c:\windows\VPTNFILE.909
UPX! 6/12/05 8:13:22 PM 1044560 c:\windows\vsapi32.dll
aspack 6/12/05 8:13:22 PM 1044560 c:\windows\vsapi32.dll
UPX! 6/12/05 8:13:24 PM 170053 c:\windows\tsc.exe
UPX! 5/3/05 11:44:44 AM 25157 c:\windows\RMAgentOutput.dll

Checking %System% folder...

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/30/05 11:59:40 AM RH 8310816 c:\windows\SYSTEM.DAT
10/30/05 12:01:14 PM RH 1364000 c:\windows\USER.DAT
10/30/05 11:56:44 AM H 9300 c:\windows\ttfCache
10/30/05 11:56:22 AM H 827730 c:\windows\ShellIconCache
10/1/05 11:03:48 PM HS 4096 c:\windows\All Users\DRM\drmv2.sst
10/30/05 11:49:16 AM HS 1369 c:\windows\Application Data\Microsoft\Internet Explorer\Desktop.htt
10/29/05 12:46:18 PM H 352 c:\windows\Application Data\Microsoft\MSN Messenger\2306139505\sqmdata00.sqm

Checking for CPL files...
Microsoft Corporation 5/11/98 8:01:00 PM 72192 c:\windows\SYSTEM\APPWIZ.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 221280 c:\windows\SYSTEM\DESK.CPL
Microsoft Corporation 8/29/02 292352 c:\windows\SYSTEM\INETCPL.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 58880 c:\windows\SYSTEM\INTL.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 103424 c:\windows\SYSTEM\MAIN.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 420864 c:\windows\SYSTEM\MMSYS.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 93248 c:\windows\SYSTEM\MODEM.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 14448 c:\windows\SYSTEM\NETCPL.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 47104 c:\windows\SYSTEM\PASSWORD.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 44720 c:\windows\SYSTEM\POWERCFG.CPL
5/11/98 8:01:00 PM 70656 c:\windows\SYSTEM\STICPL.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 385104 c:\windows\SYSTEM\SYSDM.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 57856 c:\windows\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 10/30/01 8:10:00 AM 442368 c:\windows\SYSTEM\JOY.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 66048 c:\windows\SYSTEM\ACCESS.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 14848 c:\windows\SYSTEM\TELEPHON.CPL
Compaq Computer Corporation 10/15/98 8:08:22 AM 145408 c:\windows\SYSTEM\UICONFIG.cpl
Aureal Semiconductor 3/26/98 3:24:32 PM 120832 c:\windows\SYSTEM\SA3DCpl.cpl
Rockwell 7/9/98 1:00:08 AM 185856 c:\windows\SYSTEM\CSACPL.CPL
Compaq Computer Corporation 6/16/98 4:37:50 PM 180736 c:\windows\SYSTEM\OSDCPL.cpl
Microsoft Corporation 8/1/97 53520 c:\windows\SYSTEM\MLCFG32.CPL
Microsoft Corporation 9/5/97 7:45:44 PM 32528 c:\windows\SYSTEM\WGPOCPL.CPL
7/28/98 5:02:50 PM 55808 c:\windows\SYSTEM\CPQDIAG.CPL
Microsoft Corporation 1/12/99 7952 c:\windows\SYSTEM\ODBCCP32.CPL
Apple Computer, Inc. 9/23/04 6:57:40 PM 323072 c:\windows\SYSTEM\QuickTime.cpl
Microsoft Corporation 2/10/99 11:48:48 AM 40960 c:\windows\SYSTEM\FINDFAST.CPL
Sun Microsystems 3/25/05 11:34:56 AM 53352 c:\windows\SYSTEM\jpicpl32.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
10/30/05 11:30:18 AM 305 C:\WINDOWS\Start Menu\Programs\StartUp\Quicken Scheduled Updates.lnk
10/30/05 11:30:16 AM 494 C:\WINDOWS\Start Menu\Programs\StartUp\SystemSuite.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/11/04 4:30:02 PM 846 C:\WINDOWS\Application Data\dw.log
3/25/05 3:02:04 AM 275148 C:\WINDOWS\Application Data\tvmknwrd.dll
3/25/05 7:46:24 AM 35 C:\WINDOWS\Application Data\tvmuknwrd.dll
UPX! 3/25/05 2:55:48 AM RHS 82432 C:\WINDOWS\Application Data\utas.exe

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Fix-It Menu
{A50302A0-8E15-11d2-887B-006008C1C087} = C:\PROGRAM FILES\ONTRACK\SYSTEMSUITE\mxctxmnu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Fix-It Menu
{A50302A0-8E15-11d2-887B-006008C1C087} = C:\PROGRAM FILES\ONTRACK\SYSTEMSUITE\mxctxmnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRAM FILES\AIM\AIM.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\SYSTEM\MSJAVA.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Links
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SystemTray SysTray.Exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
AVG7_CC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
AVG7_EMC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
AVG7_AMSVR C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HC Reminder hc.exe
EncMonitor C:\Program Files\Encompass\Monitor.exe
Aureal A3D Interactive Audio sa3dsrv.exe
SchedulingAgent mstask.exe
KB891711 c:\windows\SYSTEM\KB891711\KB891711.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/30/05 12:13:20 PM

ASLO:
there was an other report that on mt desktop that i am not sure what it is related to
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGEMC.EXE"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

-----------------
Help
THANKS
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Sorry Chaz...lost track of your thread. Let's continue....

Download KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Then reboot into safe mode.

Open add/remove programs and remove TVMedia IF it's listed.

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

c:\thin-85-1-x-x.exe
c:\FxWebsch.exe
C:\WINDOWS\Application Data\tvmknwrd.dll
C:\WINDOWS\Application Data\tvmuknwrd.dll
C:\WINDOWS\Application Data\utas.exe


Once you reboot...run an AVG Scan and see if it detects thin-85-1-x-x.exe again. Post another WinpFind log and a new hijackthis log and let me know of any problems.
 

·
Registered
Joined
·
61 Posts
Discussion Starter #18
the avg virus scan did not detect c:\thin-85-1-x-x.exe, and did not detect it it on start up

when running clean up i could not check the box for the Delete Prefetch files, i continued anyway. i did not think or see any problems

here are the log for hjt and winpfind

hjt
Logfile of HijackThis v1.99.1
Scan saved at 7:43:45 PM, on 11/1/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ONTRACK\SYSTEMSUITE\MXTASK.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: SystemSuite.lnk = C:\Program Files\Ontrack\SystemSuite\MXTask.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

winpfind log:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.1998
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
buddy.exe 3/28/05 1:32:36 PM 22244 c:\windows.txt
qoologic 10/30/05 11:54:00 AM 203302 c:\WinPFind.zip
PECompact2 8/8/05 10:46:48 PM 11601440 c:\RealPlayer10-5GOLD_bb.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
buddy.exe 7/22/05 9:46:36 PM 110936 c:\windows\SFCLOG.TXT
buddy.exe 4/1/05 4:57:22 PM 118455 c:\windows\Default.sf0
PECompact2 10/24/05 1:58:16 PM 16183757 c:\windows\LPT$VPN.909
qoologic 10/24/05 1:58:16 PM 16183757 c:\windows\LPT$VPN.909
SAHAgent 10/24/05 1:58:16 PM 16183757 c:\windows\LPT$VPN.909
PECompact2 10/24/05 1:58:16 PM 16183757 c:\windows\VPTNFILE.909
qoologic 10/24/05 1:58:16 PM 16183757 c:\windows\VPTNFILE.909
SAHAgent 10/24/05 1:58:16 PM 16183757 c:\windows\VPTNFILE.909
UPX! 6/12/05 8:13:22 PM 1044560 c:\windows\vsapi32.dll
aspack 6/12/05 8:13:22 PM 1044560 c:\windows\vsapi32.dll
UPX! 6/12/05 8:13:24 PM 170053 c:\windows\tsc.exe
UPX! 5/3/05 11:44:44 AM 25157 c:\windows\RMAgentOutput.dll

Checking %System% folder...

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/1/05 7:32:14 PM RH 8310816 c:\windows\SYSTEM.DAT
11/1/05 7:26:54 PM RH 1364000 c:\windows\USER.DAT
11/1/05 7:22:14 PM H 9141 c:\windows\ttfCache
10/1/05 11:03:48 PM HS 4096 c:\windows\All Users\DRM\drmv2.sst
11/1/05 7:24:54 PM HS 1369 c:\windows\Application Data\Microsoft\Internet Explorer\Desktop.htt
10/30/05 1:20:28 PM H 352 c:\windows\Application Data\Microsoft\MSN Messenger\2306139505\sqmdata00.sqm

Checking for CPL files...
Microsoft Corporation 5/11/98 8:01:00 PM 72192 c:\windows\SYSTEM\APPWIZ.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 221280 c:\windows\SYSTEM\DESK.CPL
Microsoft Corporation 8/29/02 292352 c:\windows\SYSTEM\INETCPL.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 58880 c:\windows\SYSTEM\INTL.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 103424 c:\windows\SYSTEM\MAIN.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 420864 c:\windows\SYSTEM\MMSYS.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 93248 c:\windows\SYSTEM\MODEM.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 14448 c:\windows\SYSTEM\NETCPL.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 47104 c:\windows\SYSTEM\PASSWORD.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 44720 c:\windows\SYSTEM\POWERCFG.CPL
5/11/98 8:01:00 PM 70656 c:\windows\SYSTEM\STICPL.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 385104 c:\windows\SYSTEM\SYSDM.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 57856 c:\windows\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 10/30/01 8:10:00 AM 442368 c:\windows\SYSTEM\JOY.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 66048 c:\windows\SYSTEM\ACCESS.CPL
Microsoft Corporation 5/11/98 8:01:00 PM 14848 c:\windows\SYSTEM\TELEPHON.CPL
Compaq Computer Corporation 10/15/98 8:08:22 AM 145408 c:\windows\SYSTEM\UICONFIG.cpl
Aureal Semiconductor 3/26/98 3:24:32 PM 120832 c:\windows\SYSTEM\SA3DCpl.cpl
Rockwell 7/9/98 1:00:08 AM 185856 c:\windows\SYSTEM\CSACPL.CPL
Compaq Computer Corporation 6/16/98 4:37:50 PM 180736 c:\windows\SYSTEM\OSDCPL.cpl
Microsoft Corporation 8/1/97 53520 c:\windows\SYSTEM\MLCFG32.CPL
Microsoft Corporation 9/5/97 7:45:44 PM 32528 c:\windows\SYSTEM\WGPOCPL.CPL
7/28/98 5:02:50 PM 55808 c:\windows\SYSTEM\CPQDIAG.CPL
Microsoft Corporation 1/12/99 7952 c:\windows\SYSTEM\ODBCCP32.CPL
Apple Computer, Inc. 9/23/04 6:57:40 PM 323072 c:\windows\SYSTEM\QuickTime.cpl
Microsoft Corporation 2/10/99 11:48:48 AM 40960 c:\windows\SYSTEM\FINDFAST.CPL
Sun Microsystems 3/25/05 11:34:56 AM 53352 c:\windows\SYSTEM\jpicpl32.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
10/30/05 11:30:18 AM 305 C:\WINDOWS\Start Menu\Programs\StartUp\Quicken Scheduled Updates.lnk
10/30/05 11:30:16 AM 494 C:\WINDOWS\Start Menu\Programs\StartUp\SystemSuite.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/11/04 4:30:02 PM 846 C:\WINDOWS\Application Data\dw.log
3/25/05 3:02:04 AM 275148 C:\WINDOWS\Application Data\tvmknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Fix-It Menu
{A50302A0-8E15-11d2-887B-006008C1C087} = C:\PROGRAM FILES\ONTRACK\SYSTEMSUITE\mxctxmnu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Fix-It Menu
{A50302A0-8E15-11d2-887B-006008C1C087} = C:\PROGRAM FILES\ONTRACK\SYSTEMSUITE\mxctxmnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRAM FILES\AIM\AIM.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\SYSTEM\MSJAVA.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Links
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SystemTray SysTray.Exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
AVG7_CC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
AVG7_EMC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
AVG7_AMSVR C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HC Reminder hc.exe
EncMonitor C:\Program Files\Encompass\Monitor.exe
Aureal A3D Interactive Audio sa3dsrv.exe
SchedulingAgent mstask.exe
KB891711 c:\windows\SYSTEM\KB891711\KB891711.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/1/05 7:41:51 PM
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Sorry...ment to take that out. Win98 has no Prefetch folder. Anyway run KILLBOX again using the same instructions for this file...

C:\WINDOWS\Application Data\tvmknwrd.dll

Once you reboot..do it again. I want to KILL IT twice.

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
    [*] Click on see report. Then click Save report

Please post that log in your next reply. Let me know how things are running and of any issues you have.
 

·
Registered
Joined
·
61 Posts
Discussion Starter #20
pc still slugish


Incident Status Location

Adware:adware/virtualbouncer No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\VBouncerOuter1132040406.EXE
Adware:adware/clickalchemy No disinfected C:\WINDOWS\ALCHEM.INI
Adware:adware/sidesearch No disinfected C:\WINDOWS\Application Data\Lycos
Adware:adware/iedriver No disinfected Windows Registry
Adware:Adware/FlashBang No disinfected C:\WINDOWS\SYSTEM\PCFlashBangUninstall.exe
Adware:Adware/BookedSpace No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_26A911E001C42404000F8E13.fiz[F8EBC.nd2]
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_87C2650001C42489009ECD78.fiz[9ECFE2.nd2]
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_87C2650001C42489009ECD78.fiz[9ED2A2.nd2]
Adware:Adware/SideSearch No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_87C2650001C42489009ECD78.fiz[9ED38D.nd2]
Adware:Adware/WinTools No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_42A31D8001C4A93A000F2D6F.fiz[F3769.nd2]
Adware:Adware/TopRebates No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_2928FB2001C4A93C001BA25E.fiz[1BA3B7.nd2]
Adware:Adware/WUpd No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_2928FB2001C4A93C001BA25E.fiz[1BA57F.nd2]
Adware:Adware/WUpd No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_2928FB2001C4A93C001BA25E.fiz[1BA615.nd2]
Adware:Adware/WinTools No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_2928FB2001C4A93C001BA25E.fiz[1BAD4E.nd2]
Adware:Adware/WinTools No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_0C6388E001C4A93F002E8FA0.fiz[2E97B0.nd2]
Adware:Adware/MyBHOSpy No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_2E8CF1E001C4AD590069243E.fiz[694DC8.nd2]
Adware:Adware/WinTools No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_2E8CF1E001C4AD590069243E.fiz[69530E.nd2]
Adware:Adware/PurityScan No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_2E8CF1E001C4AD590069243E.fiz[69557D.nd2]
Adware:Adware/WUpd No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_2E8CF1E001C4AD590069243E.fiz[695A3C.nd2]
Virus:Trj/Multidropper.AM Disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_1567A68001C42404000F1D1C.RB0[F1DF9.nd2]
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_87C2650001C42489009ECD78.RB0[9ECEBF.nd2]
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_87C2650001C42489009ECD78.RB0[9ECFE2.nd2]
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_87C2650001C42489009ECD78.RB0[9ED2A2.nd2]
Adware:Adware/SideSearch No disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_87C2650001C42489009ECD78.RB0[9ED38D.nd2]
Virus:Trj/Multidropper.BJ Disinfected C:\Program Files\Ontrack\SystemSuite\UninstallEngine\UndoLogs\F_624EB64001C4249100D247B6.RB0[D248CC.nd2]
Adware:Adware/PurityScan No disinfected C:\!KillBox\utas.exe
Spyware:Spyware/BetterInet No disinfected C:\!KillBox\thin-85-1-x-x.exe​
 
1 - 20 of 27 Posts
Status
Not open for further replies.
Top