Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

DrWatsons Problem

Started by Pantrwrstl , Mar 18 2005 01:02 PM

  • Please log in to reply

#16
Michelle
Posted 05 April 2005 - 08:04 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I take it you had no problems that time? :tazz:

Reboot into Safe Mode. While in Safe Mode, run HiJackThis and put a check next to the following items and click "FIX CHECKED":

O2 - BHO: (no name) - {382FEDA5-D2FE-7F48-C4FB-0EBB265F97AB} - (no file)
O2 - BHO: (no name) - {9887C15C-49C8-4058-ABD2-60BD2414C229} - (no file)
O2 - BHO: (no name) - {EA9F32C8-B4D6-2FE7-C577-8FC550F0BADC} - (no file)
O2 - BHO: (no name) - {F2D6E42D-DC5F-61C0-B422-BCCE80BD350E} - (no file)

Reboot into Normal Mode and post a new HiJackThis log.

Michelle ;)
  • 0

Advertisements

#17
Pantrwrstl
Posted 06 April 2005 - 10:44 AM

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:43:25 PM, on 4/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {382FEDA5-D2FE-7F48-C4FB-0EBB265F97AB} - (no file)
O2 - BHO: (no name) - {9887C15C-49C8-4058-ABD2-60BD2414C229} - (no file)
O2 - BHO: (no name) - {EA9F32C8-B4D6-2FE7-C577-8FC550F0BADC} - (no file)
O2 - BHO: (no name) - {F2D6E42D-DC5F-61C0-B422-BCCE80BD350E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [UpConfgVer] "C:\Program Files\Panda Software\Panda Antivirus Platinum\UpgConf.exe" /v:7.07.02
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101264785109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4940B58-3477-435E-9902-34E9FF328239}: NameServer = 209.47.15.118,64.157.143.38,
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
  • 0

#18
Michelle
Posted 06 April 2005 - 10:49 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
When you "fixed" those entries in safe mode did you have anything else open besides HiJackThis?

Michelle
  • 0

#19
Pantrwrstl
Posted 06 April 2005 - 11:02 AM

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
dont think so, ill try again tho
  • 0

#20
Michelle
Posted 06 April 2005 - 11:08 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Thank you. If it doesn't work again, we'll try something else.

Michelle
  • 0

#21
Pantrwrstl
Posted 06 April 2005 - 11:09 AM

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
No other programs running when i scanned or deleted/fixed

Logfile of HijackThis v1.99.1
Scan saved at 1:06:52 PM, on 4/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {382FEDA5-D2FE-7F48-C4FB-0EBB265F97AB} - (no file)
O2 - BHO: (no name) - {9887C15C-49C8-4058-ABD2-60BD2414C229} - (no file)
O2 - BHO: (no name) - {EA9F32C8-B4D6-2FE7-C577-8FC550F0BADC} - (no file)
O2 - BHO: (no name) - {F2D6E42D-DC5F-61C0-B422-BCCE80BD350E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [UpConfgVer] "C:\Program Files\Panda Software\Panda Antivirus Platinum\UpgConf.exe" /v:7.07.02
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101264785109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4940B58-3477-435E-9902-34E9FF328239}: NameServer = 209.47.15.118,64.157.143.38,
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
  • 0

#22
Michelle
Posted 06 April 2005 - 11:15 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Your log is showing you had Internet Explorer window open when you ran the latest HiJackThis scan. Did you try fixing those entries while in Safe Mode or did you just run HiJackThis again while you were in regular mode and connected to the Internet?

Edited by bananafanafo, 06 April 2005 - 11:16 AM.

  • 0

#23
Pantrwrstl
Posted 06 April 2005 - 11:23 AM

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
i rebooted in safe mood, made sure noting was running, opened hijack this, scanned and clicked to fix those 4 items, rebooted ran another scan in normal settings, connected to internet, programs opened
  • 0

#24
Pantrwrstl
Posted 06 April 2005 - 11:23 AM

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
and that last log is the latest scan since i rebooted
  • 0

#25
Michelle
Posted 06 April 2005 - 11:24 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please run ActiveScan

Copy the results from Activescan and paste them here.

If you fixed those entries in safe mode and they are still there, then we have to find out if any other files are using those BHOs. We'll use a program to kill any files that Activescan finds.

Michelle
  • 0

Advertisements

#26
Pantrwrstl
Posted 06 April 2005 - 12:08 PM

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Incident Status Location

Spyware:Spyware/ISTbar No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\Documents and Settings\user\Favorites\Fun & Games\Betting.lnk
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/BlazeFind No disinfected Windows Registry
Spyware:Spyware/LocalNRD No disinfected C:\WINDOWS\inf\addremln.inf
Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\YSBactivex.???
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/PortalScan No disinfected C:\WINDOWS\HLInstaller3.exe
Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\ysbactivex.inf
Spyware:Spyware/LocalNRD No disinfected C:\WINDOWS\inf\addremln.inf
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1FE.tmp
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20A.tmp
Adware:Adware/Envolo No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq240.tmp
Adware:Adware/Envolo No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq244.tmp
Adware:Adware/KeenValue No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp
Adware:Adware/MultiMPP No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp
Adware:Adware/FindWhatever No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp
Adware:Adware/KeenValue No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp\IncFindBHO170.dll
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20050405-204110-977.dll
  • 0

#27
Michelle
Posted 06 April 2005 - 12:15 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
First, let's do this:

Launch Notepad, and copy/paste the box below into a new notepad file. Change the "save as" type to "All Files". Save it as Unreg.bat on your Desktop.

regsvr32 /u C:\WINDOWS\system32\sidivahv.dll
regsvr32 /u C:\WINDOWS\system32\gatjhrgf.dll
regsvr32 /u C:\WINDOWS\system32\hgiveipt.dll

Locate Unreg.bat on your Desktop and double-click on it.

Let me know if you receive any error messages.
  • 0

#28
Pantrwrstl
Posted 06 April 2005 - 12:19 PM

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
LoadLibrary("C:\WINDOWS\system32\sidivahv.dll") failed - The specific module could not be found
  • 0

#29
Michelle
Posted 06 April 2005 - 12:22 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Good! That means it unregistered 2 that were still there. Now, let's do this:

Please print these instructions out before continuing!

*Click Here to download Killbox.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the items listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field):

C:\Documents and Settings\user\Favorites\Fun & Games\Betting.lnk
C:\WINDOWS\inf\addremln.inf
C:\WINDOWS\Downloaded Program Files\YSBactivex.???
C:\WINDOWS\dlmax.dll
C:\WINDOWS\HLInstaller3.exe
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
C:\WINDOWS\Downloaded Program Files\ysbactivex.inf
C:\WINDOWS\inf\addremln.inf
C:\Program Files\AIM\Sysfiles\WxBug.EXE
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1FE.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20A.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq240.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq244.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp\IncFindBHO170.dll

Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts.

While it's restarting tap the F8 key continually until a menu appears, use your up arrow key to highlight Safe Mode then hit enter.

Using Windows Explorer, delete the following folder (in bold):

C:\Program Files\Ares

After that is done, please run ActiveScan again and paste the activescan results to see if anything is left.
  • 0

#30
Pantrwrstl
Posted 06 April 2005 - 12:24 PM

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
also i clicked ok and got the same error, except gatjhrgf.dll could not be found
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP