Tech Support banner

Status
Not open for further replies.
1 - 15 of 15 Posts

·
Registered
Joined
·
219 Posts
Discussion Starter #1
can someone please help me with my hijack log!!! well here it goes



Logfile of HijackThis v1.99.1
Scan saved at 7:45:41 PM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [System Monitor] sysmon32.exe
O4 - HKLM\..\Run: [connection] connect.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [System Monitor] sysmon32.exe
O4 - HKLM\..\RunServices: [Microsoft Config Loader] msconfig32.exe
O4 - HKLM\..\RunServices: [S3 Internal Chip] s3serv.exe
O4 - HKLM\..\RunServices: [connection] connect.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\Program Files\Internet Explorer\PLUGINS\Nocs.dll (file missing)
O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\Program Files\Internet Explorer\PLUGINS\Nocs.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_5.cab
O23 - Service: Configuration Loader (a3) - Unknown owner - C:\WINDOWS\System32\bckup32.exe" -service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Index Service (b3) - Unknown owner - C:\WINDOWS\System32\dllhost32.exe" -service (file missing)
O23 - Service: connection (connect) - Unknown owner - C:\WINDOWS\System32\connect.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nick Pwned (JUPE) - Unknown owner - C:\WINDOWS\system32\setup\lsassw.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Config Loader (OMG) - Unknown owner - C:\WINDOWS\System32\msconfig32.exe" -service (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: S3 Internal Chip (s3load) - Unknown owner - C:\WINDOWS\System32\s3serv.exe" -service (file missing)
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: Windows Vptray (svc32) - Unknown owner - C:\WINDOWS\System32\spoolsvc.exe" -service (file missing)

thanks in advance!!!
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download, install, and update Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.


Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go to Start->Run and type Services.msc then hit Ok

Scroll down and find the service called: Configuration Loader (a3)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Now repeat that procedure for each of the following services as they all must be STOPPED and DISABLED.

Index Service (b3)
connection (connect)
Nick Pwned (JUPE)
Microsoft Config Loader (OMG)
S3 Internal Chip (s3load)
Windows Vptray (svc32)



Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [System Monitor] sysmon32.exe
O4 - HKLM\..\Run: [connection] connect.exe
O4 - HKLM\..\RunServices: [System Monitor] sysmon32.exe
O4 - HKLM\..\RunServices: [Microsoft Config Loader] msconfig32.exe
O4 - HKLM\..\RunServices: [S3 Internal Chip] s3serv.exe
O4 - HKLM\..\RunServices: [connection] connect.exe
O23 - Service: Configuration Loader (a3) - Unknown owner - C:\WINDOWS\System32\bckup32.exe" -service (file missing)
O23 - Service: Index Service (b3) - Unknown owner - C:\WINDOWS\System32\dllhost32.exe" -service (file missing)
O23 - Service: connection (connect) - Unknown owner - C:\WINDOWS\System32\connect.exe" -service (file missing)
O23 - Service: Nick Pwned (JUPE) - Unknown owner - C:\WINDOWS\system32\setup\lsassw.exe
O23 - Service: Microsoft Config Loader (OMG) - Unknown owner - C:\WINDOWS\System32\msconfig32.exe" -service (file missing)
O23 - Service: S3 Internal Chip (s3load) - Unknown owner - C:\WINDOWS\System32\s3serv.exe" -service (file missing)
O23 - Service: Windows Vptray (svc32) - Unknown owner - C:\WINDOWS\System32\spoolsvc.exe" -service (file missing)


Delete the following Files/Folders in RED (delete folders if no filename is specified or if they are highlighted in RED) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directory’s ect enabled if it apply’s to your OS)

C:\WINDOWS\System32\bckup32.exe
C:\WINDOWS\System32\dllhost32.exe
C:\WINDOWS\System32\connect.exe
C:\WINDOWS\System32\msconfig32.exe
C:\WINDOWS\System32\s3serv.exe
C:\WINDOWS\system32\setup\lsassw.exe
C:\WINDOWS\System32\spoolsvc.exe
sysmon32.exe
<--locate and delete that file.

Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
  • Once finished, click the [Save report] button
  • Save the report to your desktop
Close Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal mode...

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
    [*] Click on see report. Then click Save report
Please post that log in your next reply along with the Ewido log and a new hijackthis log.
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
NO. Not words...FILES. While your in safe mode navigate to the folders (which are in black) and look for the file in the folder (Which is in Red) and delete it. For example...

C:\WINDOWS\System32\bckup32.exe

You would open:

"My Computer"
"Local Disk (C:)"
"Windows Folder"
"System32 Folder"

Then find the file bckup32.exe...right click it so it's highlighted and hit the delete key.

For the last one (sysmon32.exe) you will need to search for it by clicking START>>Search>>All Files and Folders..then in the "All files and folders Box" put sysmon32.exe in it and click search. Once it finds the files..navigate to that folder and delete it.
 

·
Registered
Joined
·
219 Posts
Discussion Starter #5
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:25:09 PM, 11/6/2005
+ Report-Checksum: 5F646618

+ Scan result:

HKU\S-1-5-21-3852255402-3991436212-650978795-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-3852255402-3991436212-650978795-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-3852255402-3991436212-650978795-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{38D8BEB0-8E9C-48E2-B36E-759615F9930F} -> Spyware.LOP : Cleaned with backup
HKU\S-1-5-21-3852255402-3991436212-650978795-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-3852255402-3991436212-650978795-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
C:\del_me.exe -> TrojanDownloader.FunWeb : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0TQ7KLMB\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Osek.exe/iespl.bat -> Backdoor.ServU-based : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BFAC386C-A9D5-4ABF-98DA-217BAC\57AC1C1F-7005-48F7-A1D0-B919CB -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BFAC386C-A9D5-4ABF-98DA-217BAC\6A1D399E-38F2-4B3F-BC3A-EC5CED -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BFAC386C-A9D5-4ABF-98DA-217BAC\D9F88661-62B6-4AEB-BCAD-389D14/NHelper.dll -> Spyware.NavExcel : Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\BFAC386C-A9D5-4ABF-98DA-217BAC\D9F88661-62B6-4AEB-BCAD-389D14/NHUninstaller.exe -> Spyware.NavExcel : Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\BFAC386C-A9D5-4ABF-98DA-217BAC\D9F88661-62B6-4AEB-BCAD-389D14/NHUpdater.exe -> Spyware.NavExcel : Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\BFAC386C-A9D5-4ABF-98DA-217BAC\F70C985E-CA6A-430D-9AE5-951CEE -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP653\A0393369.exe -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP653\A0393370.exe -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP653\A0393371.dll -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP653\A0393400.dll -> Spyware.TotalVelocity : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP653\A0393437.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP653\A0393439.exe -> Adware.Gator : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\Software_Plugin.exe -> TrojanDownloader.Swizzor.au : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 10:46:47 PM, on 11/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - blank (file missing)
O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - blank (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_5.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)



i had only found one file that i had to delete which was lsassw.exe but the rest of them i couldn't find. i had went to start>run and typed in msconfig then to system configuration utility>startup and i had saw the files msconfig32.exe and s3serv.exe but i didn't know how to delete them in there.
oh and i almost forgot to tell u everytime i try to scan my computer for the panda activescan my computer would always freeze so thats why i didn't post my results for that one.
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Ok.....

Open up the Microsoft AntiSpyware program and empty the Quarantine folder.

Run hijackthis again and do a scan. Check the following entrys and click FIX.

O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - blank (file missing)
O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - blank (file missing)
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)


Close Hijackthis.

Now Open it again. Click Config>>>MiscTools>>>Delete and NT Service. ONce that box opens put the following the box and hit OK.

COMSysApp

Then repeat that procedure again and put this in the box and hit OK

SwPrv

Close hijackthis.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log".

I then need you to repeat the same procedure above again... using the TrendMicro scan tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

So I need the following..

New Hijackthis log
TrendMicro log


Let me know how things are running.
 

·
Registered
Joined
·
219 Posts
Discussion Starter #7
everytime when i type in comsysapp and swprv i get this message saying the service comsysapp is enabled and/or running. disable it first, using hijackthis itself (from the scan results) or the services.msc window.
 

·
Registered
Joined
·
219 Posts
Discussion Starter #8
today i had talked to a high speed data specialist, he told me that in our area the computers were going slow and he also told me to do something to my computer, and i had typed the information, and i had to email it back to him and after that my computer started going fast. so do u think that i should keep on doing what u want me to do or not i really do appeciate u taking the time to help me out.
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
sweetlady said:
everytime when i type in comsysapp and swprv i get this message saying the service comsysapp is enabled and/or running. disable it first, using hijackthis itself (from the scan results) or the services.msc window.
Yes continue on. You still have spyware installed regardless of how fast the PC is.


Did you STOP and DISABLE them as instructed in my first post???

Go to Start->Run and type Services.msc then hit Ok

Scroll down and find the service called: COM+ System Application (COMSysApp)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Now repeat that procedure for each of the following services as they all must be STOPPED and DISABLED.

MS Software Shadow Copy Provider (SwPrv)

Once you disable those....Run hijackthis again, FIX the entrys and Delete the Services as stated in my last post.

Then post that Trendmicro scan log and a new hijackthis log.
 

·
Registered
Joined
·
219 Posts
Discussion Starter #10
Logfile of HijackThis v1.99.1
Scan saved at 6:41:14 PM, on 11/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_5.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)



trendmicro log

Started Scanning
Internet Cookies
Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Found 'zedo.com' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'fastclick.net' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'hc2.humanclick.com' in 'Internet Explorer Cache'
Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Found 'adopt.specificclick.net' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Found 'trafficmp.com' in 'Internet Explorer Cache'
Found 'ads.pointroll.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'adknowledge.com' in 'Internet Explorer Cache'
Found 'tradedoubler.com' in 'Internet Explorer Cache'
Found 'centrport.net' in 'Internet Explorer Cache'
Found 'citi.bridgetrack.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'hc2.humanclick.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\MyWay'
Internet URL Shortcuts
Files and Directories
Found '04[1].gif' in 'C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O45X63I3'
Found '1.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '1048.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '1063.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '1091.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '1117.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '1147.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '1151.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '1184.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '167.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '177.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '194.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '25.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '280.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '348.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '355.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '364.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '374.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '390.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '42.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '429.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '560.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '613.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '702.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '763.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '779.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '799.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '842.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '886.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '906.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '933.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '949.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '980.ga' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga'
Found '14370.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14370'
Found '14600.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14600'
Found '14616.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14616'
Found '14617.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14617'
Found '14682.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14682'
Found '14683.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14683'
Found 'ramymo_pu_v1_020504.gif' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\19829\21752.5'
Found '20278.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20278'
Found '20813.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813'
Found 'content22513-0.html' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\22513.1'
Found 'educha_p_v1_020304.gif' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\22513.1'
Found '20814.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814'
Found 'content22514-0.html' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\22514.1'
Found 'educha_pu_v1_020304.gif' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\22514.1'
Found '21201.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\21201'
Found '22275.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\22275(2)'
Found '22367.gbd3' in 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\22367'
Found '' in 'C:\Program Files\Dynamic Toolbar'
Found '' in 'C:\Program Files\MySearch'
Found '' in 'C:\Program Files\MySearch\bar'
Found '' in 'C:\Program Files\MySearch\bar\History'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O45X63I3\04[1].gif' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O45X63I3\04[1].gif' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O45X63I3\04[1].gif'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1048.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1048.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1048.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1063.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1063.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1063.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1091.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1091.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1091.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1117.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1117.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1117.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1147.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1147.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1147.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1151.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1151.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1151.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1184.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1184.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\1184.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\167.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\167.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\167.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\177.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\177.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\177.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\194.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\194.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\194.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\25.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\25.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\25.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\280.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\280.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\280.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\348.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\348.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\348.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\355.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\355.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\355.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\364.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\364.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\364.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\374.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\374.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\374.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\390.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\390.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\390.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\42.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\42.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\42.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\429.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\429.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\429.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\560.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\560.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\560.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\613.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\613.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\613.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\702.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\702.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\702.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\763.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\763.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\763.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\779.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\779.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\779.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\799.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\799.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\799.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\842.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\842.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\842.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\886.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\886.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\886.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\906.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\906.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\906.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\933.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\933.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\933.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\949.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\949.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\949.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\980.ga' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\980.ga' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\ga\980.ga'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14370\14370.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14370\14370.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14370\14370.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14600\14600.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14600\14600.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14600\14600.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14616\14616.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14616\14616.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14616\14616.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14617\14617.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14617\14617.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14617\14617.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14682\14682.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14682\14682.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14682\14682.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14683\14683.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14683\14683.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\14683\14683.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\19829\21752.5\ramymo_pu_v1_020504.gif' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\19829\21752.5\ramymo_pu_v1_020504.gif' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\19829\21752.5\ramymo_pu_v1_020504.gif'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20278\20278.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20278\20278.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20278\20278.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\20813.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\20813.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\20813.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\22513.1\content22513-0.html' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\22513.1\content22513-0.html' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\22513.1\content22513-0.html'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\22513.1\educha_p_v1_020304.gif' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\22513.1\educha_p_v1_020304.gif' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20813\22513.1\educha_p_v1_020304.gif'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\20814.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\20814.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\20814.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\22514.1\content22514-0.html' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\22514.1\content22514-0.html' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\22514.1\content22514-0.html'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\22514.1\educha_pu_v1_020304.gif' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\22514.1\educha_pu_v1_020304.gif' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\20814\22514.1\educha_pu_v1_020304.gif'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\21201\21201.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\21201\21201.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\21201\21201.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\22275(2)\22275.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\22275(2)\22275.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\22275(2)\22275.gbd3'
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\22367\22367.gbd3' in shortcut areas.
Checking for 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\22367\22367.gbd3' in startup areas.
Cleaning 'C:\Program Files\Common Files\GMT(2)\55y85o6gtg\gb\22367\22367.gbd3'
Checking for 'C:\Program Files\Dynamic Toolbar' in shortcut areas.
Checking for 'C:\Program Files\Dynamic Toolbar' in startup areas.
Cleaning 'C:\Program Files\Dynamic Toolbar'
Checking for 'C:\Program Files\MySearch' in shortcut areas.
Checking for 'C:\Program Files\MySearch' in startup areas.
Cleaning 'C:\Program Files\MySearch'
Checking for 'C:\Program Files\MySearch\bar' in shortcut areas.
Checking for 'C:\Program Files\MySearch\bar' in startup areas.
Cleaning 'C:\Program Files\MySearch\bar'
[SCANMODS] The file 'C:\Program Files\MySearch\bar' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\MySearch\bar\History' in shortcut areas.
Checking for 'C:\Program Files\MySearch\bar\History' in startup areas.
Cleaning 'C:\Program Files\MySearch\bar\History'
[SCANMODS] The file 'C:\Program Files\MySearch\bar\History' was not found. Most likely already cleaned by another scanner module.
Finished Cleaning
Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Run the Trendmicro scanner again and post it's log. I needed the log from the second run..NOT the first (which you posted)

How is the PC running?
 

·
Registered
Joined
·
219 Posts
Discussion Starter #12
sorry i thought i had posted the one for the second scan which i did scan it the second time but anyways here it goes


Started Scanning
Internet Cookies
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Found 'zedo.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'centrport.net' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning


oh and my computer is running good!!!
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below.


Reset hidden/system files and folders

Windows XP
===============

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Windows 2000
===============

  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Select the Advanced settings box option.
  • Select the Hidden files Folders.
  • Deselect the Show all files option.
  • Click Yes to confirm.
  • Click OK.

Windows ME
===============

  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Windows 95/98/98SE
===============

  • Open My Computer.
  • Select the View
  • Select the Folder Options option.
  • Select the View tab. option.
  • Select the Advance Advanced settings box option.
  • Select the Hidden files folder.
  • Deselect the Show all files option
  • Click Apply to confirm.
  • Click OK.



Create a new System Restore point

Windows XP
===============

  • Click Start >> Run - type SYSDM.CPL & press Enter
  • Select the System Restore Tab
  • Tick on the checkbox - "Turn off System Restore on all drives"
  • Click Apply
  • Then untick the same checkbox & click OK
  • This deletes ALL restore points that had the infection and creates a clean one

Windows ME
===============

  • Click the Start tab.
  • Select the Settings option.
  • Select the Control Panel option.
  • Double Click the System icon Performance tab option.
  • Select File System
  • Select the Troubleshooting tab
  • Check the Disable System Restore box
  • Click Apply to confirm.
  • Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option
  • Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.

  • Click the Start button.
  • Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
  • Choose Create a restore point, and then click Next.
  • In the Restore point description box, type a name for your restore point, and then click Next.
    Click OK



Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • Tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  • WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:


In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:




In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.

Please respond to this thread one more time so we can mark this thread as resolved.
 

·
Registered
Joined
·
219 Posts
Discussion Starter #14
i had followed your instructions. i was wondering should i keep the microsoft antispyware on my computer? and everytime when i turn on my computer i get this message saying firewall is not turned on, and when the computer is finish loading then my firewall automatically turns back on by itself so do u know any reason why it does that? how do u avoid laggers in a yahoo chat room? thanks in advance!!!!
 
1 - 15 of 15 Posts
Status
Not open for further replies.
Top