WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Hijack Log Full page pop up ads
Started by
clueless123
, Dec 05 2005 01:40 PM
This topic is locked
68 replies to this topic
#46
clueless123
-
- Authentic Member
-
- 58 posts
Authentic Member
Posted 20 December 2005 - 03:09 AM
Register to Remove
#47
clueless123
-
- Authentic Member
-
- 58 posts
Authentic Member
Posted 20 December 2005 - 03:15 AM
I don't know if you want the full log or not..Its pretty big. I will stop posting right now and you let me know if you want the whole log. Here is the end of it:
Tue Dec 20 03:48:30 2005 => ***** Scanning complete. *****
Tue Dec 20 03:48:30 2005 => Total Objects Scanned: 31543
Tue Dec 20 03:48:30 2005 => Total Virus(es) Found: 57
Tue Dec 20 03:48:30 2005 => Total Disinfected Files: 0
Tue Dec 20 03:48:30 2005 => Total Files Renamed: 0
Tue Dec 20 03:48:30 2005 => Total Deleted Objects: 0
Tue Dec 20 03:48:30 2005 => Total Errors: 118
Tue Dec 20 03:48:30 2005 => Time Elapsed: 00:57:16
Tue Dec 20 03:48:30 2005 => Virus Database Date: 2005/12/12
Tue Dec 20 03:48:30 2005 => Virus Database Count: 164615
Tue Dec 20 03:48:30 2005 => Scan Completed.
#48
daparker
-
- Authentic Member
-
- 779 posts
Advanced Member
Posted 21 December 2005 - 02:28 PM
Here are the directions for MWav:
Please download the free MWAV antivirus tool from here. Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window. Please remove any lines relating to "Invalid object" as they are not needed at this time.
Please download the free MWAV antivirus tool from here. Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window. Please remove any lines relating to "Invalid object" as they are not needed at this time.
#49
clueless123
-
- Authentic Member
-
- 58 posts
Authentic Member
Posted 22 December 2005 - 03:53 PM
It wouldn't let me cut, copy and paste the bottom part of the log..But here is what was there.
***** Scanning Registry and File system for Adware/Spyware *****
Tue Dec 20 02:58:51 2005 => Loading Spyware Signatures from new External Database (Size: 146155).
Tue Dec 20 02:59:18 2005 => Indexed Spyware Databases Successfully Created...
Tue Dec 20 03:26:50 2005 => System found infected with dogpile toolbar Spyware/Adware ({5e92f538-b50b-46c5-9c5f-c6eeced3f6c6})! Action taken: No Action Taken.
Tue Dec 20 03:26:57 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\weatherbug !!!
Tue Dec 20 03:26:57 2005 => Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Dec 20 03:26:57 2005 => Offending Key found: HKCU\Software\funwebproducts !!!
Tue Dec 20 03:26:57 2005 => Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Dec 20 03:27:01 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1
Tue Dec 20 03:27:01 2005 => Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Dec 20 03:27:01 2005 => Offending file found: C:\WINDOWS\TEMP\tbinstall.log
Tue Dec 20 03:27:01 2005 => System found infected with blowsearch Spyware/Adware (tbinstall.log)! Action taken: No Action Taken.
Tue Dec 20 03:27:01 2005 => Offending file found: C:\WINDOWS\TEMP\insthelp.dll
Tue Dec 20 03:27:01 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
Tue Dec 20 03:27:02 2005 => Offending file found: C:\WINDOWS\TEMP\98.zip\skin_js.js
Tue Dec 20 03:27:02 2005 => System found infected with broadcastpc Spyware/Adware (skin_js.js)! Action taken: No Action Taken.
Tue Dec 20 03:27:02 2005 => Offending file found: C:\WINDOWS\TEMP\98.zip\loader.js
Tue Dec 20 03:27:02 2005 => System found infected with broadcastpc Spyware/Adware (loader.js)! Action taken: No Action Taken.
Tue Dec 20 03:27:02 2005 => Offending file found: C:\WINDOWS\TEMP\109.zip\skin_js.js
Tue Dec 20 03:27:02 2005 => System found infected with broadcastpc Spyware/Adware (skin_js.js)! Action taken: No Action Taken.
Tue Dec 20 03:27:02 2005 => Offending file found: C:\WINDOWS\TEMP\109.zip\loader.js
Tue Dec 20 03:27:02 2005 => System found infected with broadcastpc Spyware/Adware (loader.js)! Action taken: No Action Taken.
Tue Dec 20 03:27:02 2005 => Offending file found: C:\WINDOWS\TEMP\120.zip\skin_js.js
Tue Dec 20 03:27:02 2005 => System found infected with broadcastpc Spyware/Adware (skin_js.js)! Action taken: No Action Taken.
Tue Dec 20 03:27:02 2005 => Offending file found: C:\WINDOWS\TEMP\120.zip\loader.js
Tue Dec 20 03:27:02 2005 => System found infected with broadcastpc Spyware/Adware (loader.js)! Action taken: No Action Taken.
Tue Dec 20 03:27:02 2005 => Offending file found: C:\WINDOWS\TEMP\ide21201.vxd
Tue Dec 20 03:27:02 2005 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
Tue Dec 20 03:27:03 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\49ij0hi7\ads[1].htm
Tue Dec 20 03:27:03 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:03 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\49ij0hi7\ads[2].htm
Tue Dec 20 03:27:03 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:04 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\wud3p1yt\ads[1].htm
Tue Dec 20 03:27:04 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:04 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\wud3p1yt\ads[2].htm
Tue Dec 20 03:27:04 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:04 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\aln4erhn\ads[1].htm
Tue Dec 20 03:27:04 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:04 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\aln4erhn\ads[2].htm
Tue Dec 20 03:27:04 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:04 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\aln4erhn\formie[1].css
Tue Dec 20 03:27:04 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 20 03:27:04 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\3an0u5gl\formie[1].css
Tue Dec 20 03:27:04 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 20 03:27:04 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\3an0u5gl\ads[1].htm
Tue Dec 20 03:27:04 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:04 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\3an0u5gl\ads[2].htm
Tue Dec 20 03:27:04 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:05 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\3an0u5gl\blank[1].htm
Tue Dec 20 03:27:05 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:07 2005 => Offending file found: c:\windows\TEMP\tbinstall.log
Tue Dec 20 03:27:07 2005 => System found infected with blowsearch Spyware/Adware (tbinstall.log)! Action taken: No Action Taken.
Tue Dec 20 03:27:07 2005 => Offending file found: c:\windows\TEMP\insthelp.dll
Tue Dec 20 03:27:07 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
Tue Dec 20 03:27:08 2005 => Offending file found: c:\windows\TEMP\ide21201.vxd
Tue Dec 20 03:27:08 2005 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
Tue Dec 20 03:27:08 2005 => Offending file found: C:\WINDOWS\Desktop\l2m9xfix\sed.exe
Tue Dec 20 03:27:08 2005 => System found infected with ezula Spyware/Adware (sed.exe)! Action taken: No Action Taken.
Tue Dec 20 03:27:11 2005 => Offending Folder found: C:\WINDOWS\Start Menu\programs\weatherbug
Tue Dec 20 03:27:11 2005 => Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Dec 20 03:27:12 2005 => Offending Folder found: C:\WINDOWS\Start Menu\Programs\weatherbug
Tue Dec 20 03:27:12 2005 => Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Dec 20 03:27:14 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\iyn9ahfj\ads[1].htm
Tue Dec 20 03:27:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:15 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\iyn9ahfj\ads[2].htm
Tue Dec 20 03:27:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:15 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\iyn9ahfj\global[1].js
Tue Dec 20 03:27:15 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
Tue Dec 20 03:27:15 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\2cje9m5i\ads[1].htm
Tue Dec 20 03:27:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:15 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\2cje9m5i\ads[2].htm
Tue Dec 20 03:27:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:15 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\2cje9m5i\formie[1].css
Tue Dec 20 03:27:15 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 20 03:27:16 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\3td03wy5\ads[2].htm
Tue Dec 20 03:27:16 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:17 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\3td03wy5\misc[1].js
Tue Dec 20 03:27:17 2005 => System found infected with whenu.savenow Spyware/Adware (misc[1].js)! Action taken: No Action Taken.
Tue Dec 20 03:27:17 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\rgz07ho7\ads[2].htm
Tue Dec 20 03:27:17 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:18 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\8rfb1p3w\ads[1].htm
Tue Dec 20 03:27:18 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:18 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\8rfb1p3w\global[1].js
Tue Dec 20 03:27:18 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
Tue Dec 20 03:27:19 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\v6fgf9ea\ads[1].htm
Tue Dec 20 03:27:19 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:19 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\v6fgf9ea\ads[2].htm
Tue Dec 20 03:27:19 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:20 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\opmzchy3\s_code[1].js
Tue Dec 20 03:27:20 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken.
Tue Dec 20 03:27:21 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\opmzchy3\misc[1].js
Tue Dec 20 03:27:21 2005 => System found infected with whenu.savenow Spyware/Adware (misc[1].js)! Action taken: No Action Taken.
Tue Dec 20 03:27:21 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\g6r41u7n\ads[1].htm
Tue Dec 20 03:27:21 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:21 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\g6r41u7n\formie[1].css
Tue Dec 20 03:27:21 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 20 03:27:21 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\g6r41u7n\ads[2].htm
Tue Dec 20 03:27:21 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:22 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\s71jambd\ads[1].htm
Tue Dec 20 03:27:22 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:23 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\uxgbqjgf\ads[2].htm
Tue Dec 20 03:27:23 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:24 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\pagu3h1k\s_code[1].js
Tue Dec 20 03:27:24 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken.
Tue Dec 20 03:27:25 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\dx5zaury\blank[1].htm
Tue Dec 20 03:27:25 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
Tue Dec 20 03:27:25 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\dx5zaury\show_ads[2].js
Tue Dec 20 03:27:25 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Tue Dec 20 03:27:26 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\dx5zaury\global[1].js
Tue Dec 20 03:27:26 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
Tue Dec 20 03:27:26 2005 => Offending file found: C:\WINDOWS\Local Settings\Temporary Internet Files\content.ie5\dx5zaury\s_code[1].js
Tue Dec 20 03:27:26 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken.
#50
clueless123
-
- Authentic Member
-
- 58 posts
Authentic Member
Posted 08 January 2006 - 03:06 AM
Here are the directions for MWav:
Please download the free MWAV antivirus tool from here. Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window. Please remove any lines relating to "Invalid object" as they are not needed at this time.
I'm still having the full page ads come up.
#51
clueless123
-
- Authentic Member
-
- 58 posts
Authentic Member
Posted 08 January 2006 - 03:07 AM
sorry double posted
Edited by clueless123, 08 January 2006 - 03:08 AM.
#52
daparker
-
- Authentic Member
-
- 779 posts
Advanced Member
Posted 22 January 2006 - 07:35 PM
clueless,
I apologize for the long delay in getting back to you. Life and a bit of laziness got in the way. Do you still need help?
#53
clueless123
-
- Authentic Member
-
- 58 posts
Authentic Member
Posted 22 January 2006 - 11:28 PM
YES!!! I still need help
#54
daparker
-
- Authentic Member
-
- 779 posts
Advanced Member
Posted 23 January 2006 - 09:42 AM
Ok, can I see a new HJT log, please?
#55
clueless123
-
- Authentic Member
-
- 58 posts
Authentic Member
Posted 23 January 2006 - 12:45 PM
Here is a new log. I can send you a screen shot of the full page ad if that would help.
Logfile of HijackThis v1.99.1
Scan saved at 1:43:33 PM, on 1/23/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\PROGRAM FILES\WINK\WINK.EXE
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\VERIZON ONLINE\BIN\MPBTN.EXE
C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPTSKMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...://hp.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/info.dogpl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com...://hp.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/info.dogpl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.c...orms/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.c...orms/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: wink.lnk = C:\Program Files\Wink\Wink.exe
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
Logfile of HijackThis v1.99.1
Scan saved at 1:43:33 PM, on 1/23/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\PROGRAM FILES\WINK\WINK.EXE
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\VERIZON ONLINE\BIN\MPBTN.EXE
C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPTSKMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...://hp.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/info.dogpl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com...://hp.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/info.dogpl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.c...orms/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.c...orms/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: wink.lnk = C:\Program Files\Wink\Wink.exe
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
Register to Remove
#56
daveai
-
- Authentic Member
-
- 1,279 posts
Emeritus-ClassroomTeacher/Admin
Posted 26 January 2006 - 01:02 PM
Hello.
DAParker has asked for some help due to his 'real life' work schedule, so I'll do my best to get your case completed.
I'll need a short time today to review the thread up to this point and then will post back with my initial conclusions and recommendations.,
Thanks for your patience.
daveai
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous
#57
daveai
-
- Authentic Member
-
- 1,279 posts
Emeritus-ClassroomTeacher/Admin
Posted 26 January 2006 - 03:46 PM
Okay...I'm back.
I went through this thread twice, ans also read through the previous winfixer problem.
Please send me the screenshot of the full page ad. Send it to daveai AT tomcoyote DOT org...turn that into a real email address with the @ and the . inserted at the appropriate places. (We post them that way to prevent the spam harvesters from adding our email addresses to thier lists).
Also, since you are on win-98...I cannot ask you to run my favorite scans
So, we may have to run several things to figure out what in still infecting your system.
Please start by running the Kaspersky online scan. It won't clean anything...but it takes a fairly deep look into your system.
Please do an online scan with Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
daveai
I went through this thread twice, ans also read through the previous winfixer problem.
Please send me the screenshot of the full page ad. Send it to daveai AT tomcoyote DOT org...turn that into a real email address with the @ and the . inserted at the appropriate places. (We post them that way to prevent the spam harvesters from adding our email addresses to thier lists).
Also, since you are on win-98...I cannot ask you to run my favorite scans
So, we may have to run several things to figure out what in still infecting your system.Please start by running the Kaspersky online scan. It won't clean anything...but it takes a fairly deep look into your system.
Please do an online scan with Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then start to download the latest definition files.
- Once the scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (If available otherwise Standard)
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Scan using the following Anti-Virus database:
- Click OK
- Now under select a target to scan select My Computer
- The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
daveai
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous
#58
clueless123
-
- Authentic Member
-
- 58 posts
Authentic Member
Posted 26 January 2006 - 09:29 PM
KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 26, 2006 22:24:47
Operating System: Microsoft Windows 98 SE
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 27/01/2006
Kaspersky Anti-Virus database records: 173323
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
a:\
c:\
m:\
Scan Statistics:
Total number of scanned objects: 34089
Number of viruses found: 6
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 8207 sec
Infected Object Name - Virus Name
c:\WINDOWS\SYSTEM\UpdInstall.exe.tcf Infected: not-a-virus:AdWare.Win32.Look2Me.b
c:\WINDOWS\Application Data\Identities\{9A3F3FE0-DA33-11D3-9E83-E5051EB6D217}\Microsoft\Outlook Express\Sent Items.dbx/[From "Libby Simmons" <libsimmons@verizon.net>][Date Mon, 19 Dec 2005 13:50:29 -0500]/UNNAMED/msg118.dll Infected: not-a-virus:AdWare.Win32.Look2Me.an
c:\WINDOWS\Application Data\Identities\{9A3F3FE0-DA33-11D3-9E83-E5051EB6D217}\Microsoft\Outlook Express\Sent Items.dbx/[From "Libby Simmons" <libsimmons@verizon.net>][Date Mon, 19 Dec 2005 13:50:29 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.Look2Me.an
c:\WINDOWS\Application Data\Identities\{9A3F3FE0-DA33-11D3-9E83-E5051EB6D217}\Microsoft\Outlook Express\Sent Items.dbx Infected: not-a-virus:AdWare.Win32.Look2Me.an
c:\WINDOWS\Desktop\gettbar.exe/WISE0081.BIN Infected: not-a-virus:AdWare.Win32.Dogpile.a
c:\WINDOWS\Desktop\gettbar.exe Infected: not-a-virus:AdWare.Win32.Dogpile.a
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\Toolbar_cobrand.EXE/WISE0077.BIN Infected: not-a-virus:AdWare.Win32.Dogpile.a
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\Toolbar_cobrand.EXE Infected: not-a-virus:AdWare.Win32.Dogpile.a
c:\WINDOWS\Downloaded Program Files\popcaploader.dll.tcf Infected: not-a-virus:Downloader.Win32.PopCap.b
c:\WINDOWS\Downloaded Program Files\UWFX5_0001_N53L1025NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.f
c:\temp\CSv20P160.exe Infected: Backdoor.Win32.Ruledor.j
c:\!KillBox\msg118.dll Infected: not-a-virus:AdWare.Win32.Look2Me.an
Scan process completed.
#59
daveai
-
- Authentic Member
-
- 1,279 posts
Emeritus-ClassroomTeacher/Admin
Posted 27 January 2006 - 02:14 AM
Thanks
I looked at the screen shot...it helped me understand what's going on. Thanks
Okay...let's start cleaning out some of those files. This process may take several 'go-roounds'.
First we'll use Killbox. Go ahead and re-download this tool, just in case there is a later version that the one you acquired earlier.
Then...save these instructions to a text file (Notepad) on your desktop so you can find them in safe mode.
1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.
2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
3) Once in Safe Mode, please run Killbox.
4) Select "Delete on Reboot".
5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
c:\WINDOWS\SYSTEM\UpdInstall.exe.tcf
c:\WINDOWS\Desktop\gettbar.exe
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\Toolbar_cobrand.EXE
c:\WINDOWS\Downloaded Program Files\popcaploader.dll.tcf
c:\WINDOWS\Downloaded Program Files\UWFX5_0001_N53L1025NetInstaller.exe
c:\temp\CSv20P160.exe
6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
Let the system reboot.
Then, open Outlook Express, and in the 'Sent Items' folder please locate and delete all messages that fit this description:
From "Libby Simmons" <libsimmons@verizon.net>][Date Mon, 19 Dec 2005 13:50:29 -0500]
Next, clean out all the temporary files and cookies on your system. Go to Start > Run and enter: cleanmgr. Let it scan your system for files to remove. Check these three boxes and then press ok to remove: Temporary Files, Temporary Internet Files, Recycle Bin.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and when the scan is finished, choose Edit > select all -> File > delete.
Please let me know about any problems with the temp file deletes.
Note: If you cannot delete them all at once because you have too many, then click and hold ctrl and highlight a batch of them at a time. Once highlighted, R-click over the highlight and select delete. Rinse, lather, repeat until folder is empty
Finally, rerun the Kaspersky scan and send the results.
Thanks
daveai
I looked at the screen shot...it helped me understand what's going on. Thanks
Okay...let's start cleaning out some of those files. This process may take several 'go-roounds'.
First we'll use Killbox. Go ahead and re-download this tool, just in case there is a later version that the one you acquired earlier.
Then...save these instructions to a text file (Notepad) on your desktop so you can find them in safe mode.
1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.
2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
3) Once in Safe Mode, please run Killbox.
4) Select "Delete on Reboot".
5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
c:\WINDOWS\SYSTEM\UpdInstall.exe.tcf
c:\WINDOWS\Desktop\gettbar.exe
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\Toolbar_cobrand.EXE
c:\WINDOWS\Downloaded Program Files\popcaploader.dll.tcf
c:\WINDOWS\Downloaded Program Files\UWFX5_0001_N53L1025NetInstaller.exe
c:\temp\CSv20P160.exe
6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
Let the system reboot.
Then, open Outlook Express, and in the 'Sent Items' folder please locate and delete all messages that fit this description:
From "Libby Simmons" <libsimmons@verizon.net>][Date Mon, 19 Dec 2005 13:50:29 -0500]
Next, clean out all the temporary files and cookies on your system. Go to Start > Run and enter: cleanmgr. Let it scan your system for files to remove. Check these three boxes and then press ok to remove: Temporary Files, Temporary Internet Files, Recycle Bin.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and when the scan is finished, choose Edit > select all -> File > delete.
Please let me know about any problems with the temp file deletes.
Note: If you cannot delete them all at once because you have too many, then click and hold ctrl and highlight a batch of them at a time. Once highlighted, R-click over the highlight and select delete. Rinse, lather, repeat until folder is empty
Finally, rerun the Kaspersky scan and send the results.
Thanks
daveai
Edited by daveai, 27 January 2006 - 02:44 AM.
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous
#60
clueless123
-
- Authentic Member
-
- 58 posts
Authentic Member
Posted 27 January 2006 - 04:38 PM
There was two files I could not find. They were: C:\windows\dowloaded program files\conflict\toolbar_cobrand.exe And c:\windows\downloaded program files\uwx5_0001_n53l1025netinstaller.exe.
There were also two files I could not delete when I was deleting the temp files. They are ~df93f9.tmp And ~df438.tmp
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, January 27, 2006 17:30:09
Operating System: Microsoft Windows 98 SE
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 27/01/2006
Kaspersky Anti-Virus database records: 173495
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
a:\
c:\
m:\
Scan Statistics:
Total number of scanned objects: 33231
Number of viruses found: 6
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 7299 sec
Infected Object Name - Virus Name
c:\WINDOWS\SYSTEM\UpdInstall.exe.tcf Infected: not-a-virus:AdWare.Win32.Look2Me.b
c:\WINDOWS\Desktop\gettbar.exe/WISE0081.BIN Infected: not-a-virus:AdWare.Win32.Dogpile.a
c:\WINDOWS\Desktop\gettbar.exe Infected: not-a-virus:AdWare.Win32.Dogpile.a
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\Toolbar_cobrand.EXE/WISE0077.BIN Infected: not-a-virus:AdWare.Win32.Dogpile.a
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\Toolbar_cobrand.EXE Infected: not-a-virus:AdWare.Win32.Dogpile.a
c:\WINDOWS\Downloaded Program Files\popcaploader.dll.tcf Infected: not-a-virus:Downloader.Win32.PopCap.b
c:\WINDOWS\Downloaded Program Files\UWFX5_0001_N53L1025NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.f
c:\!KillBox\msg118.dll Infected: not-a-virus:AdWare.Win32.Look2Me.an
c:\!KillBox\CSv20P160.exe Infected: Backdoor.Win32.Ruledor.j
Scan process completed.
5 user(s) are reading this topic
0 members, 5 guests, 0 anonymous users
