I got the Dr Watson Post Mortem Debugger
#1
Posted 19 March 2005 - 12:25 AM
#3
Posted 25 March 2005 - 10:54 AM
#4
Posted 25 March 2005 - 08:59 PM
It should open in notebook right click inside the log, click copy, Then come back here click Add Reply> Right click inside it and click paste, Next Click Add Reply,
Should be as easy at that,
#5
Posted 29 March 2005 - 10:36 PM
#6
Posted 30 March 2005 - 05:27 AM
Thanks
Don
Edited by don77, 30 March 2005 - 05:27 AM.
#7
Posted 30 March 2005 - 09:40 PM
Thank you for telling me
Logfile of HijackThis v1.99.1
Scan saved at 9:38:08 PM, on 3/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\AIM\aim.exe
C:\program files\valve\steam\steam.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Josh Nguyen\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101159102015
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
I hope this will help
Thanks agian,
Josh
#8
Posted 30 March 2005 - 09:49 PM
Thanks alot
#9
Posted 30 March 2005 - 10:56 PM
#10
Posted 31 March 2005 - 12:43 AM
jjblyn33 please do not hijack other peoples threads, it's very confusing, and since you've done it mulitiple times -- rude. Please stick to your original post and wait for a reply.To avoid confusion, do not post your question in someone else's topic.
#11
Posted 31 March 2005 - 05:32 AM
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD
C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll <-- Delete Folder
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm <-- Delete Folder
C:\Program Files\AWS\WeatherBug\Weather.exe <-- Delete Folder
Restart your computer,
Please run these two online scans. Make sure they are set to clean automatically:
TrendMicro's HouseCall
ActiveScan
You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.
Then scan again with HijackThis and post another log.
#12
Posted 31 March 2005 - 10:20 PM
I have encountered a problem
Hi again Josh,
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
AND HERE IS THE PROBLEM
i did go to reboot in safe mode and in the hidden folders but when i went to go search out theses things i didnt find them just maybe a folder of them but just not the same adress of the files below. so i didnt touch it and came to ask you what to do i mean it looks like the Hijack thingy deleted them already. Well thanks for your help and i will wait for your call
Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD
C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll <-- Delete Folder
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm <-- Delete Folder
C:\Program Files\AWS\WeatherBug\Weather.exe <-- Delete Folder
Restart your computer,
Please run these two online scans. Make sure they are set to clean automatically:
TrendMicro's HouseCall
ActiveScan
You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.
Then scan again with HijackThis and post another log.
#13
Posted 01 April 2005 - 07:17 PM
WildTangent
Ebates_MoeMoneyMaker
WeatherBug
Please delete them,
Next
Please run the 2 online virus scans and post back what they find please
#14
Posted 03 April 2005 - 12:13 PM
And here are the reports ................
From House Call's scan
Results:
We have detected 5 infected file(s) with 5 virus(es) on your computer.
Detected File Associated Virus Name
C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\perfectnavUninstall.exe TROJ_KEENVALUE.B
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP142\A0322652.exe TROJ_DLOADER.DH
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP148\A0323178.dll TROJ_AGENT.JS
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP153\A0325000.exe TROJ_AGENT.AE
C:\WINDOWS\farmmext.exe.bak TROJ_DLOADER.DH
What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet. Results:
We have detected 74 spyware(s) on your computer.
Spyware Name Spyware Type
ADW_MIWAY.A Adware
ADW_SECTHOUGHT.A Adware
COOKIE_45 Cookie
COOKIE_169 Cookie
COOKIE_193 Cookie
COOKIE_211 Cookie
COOKIE_222 Cookie
COOKIE_252 Cookie
COOKIE_346 Cookie
COOKIE_407 Cookie
COOKIE_408 Cookie
COOKIE_442 Cookie
COOKIE_478 Cookie
COOKIE_534 Cookie
COOKIE_650 Cookie
COOKIE_741 Cookie
COOKIE_756 Cookie
COOKIE_809 Cookie
COOKIE_968 Cookie
COOKIE_1144 Cookie
COOKIE_1236 Cookie
COOKIE_1255 Cookie
COOKIE_1314 Cookie
COOKIE_1346 Cookie
COOKIE_1362 Cookie
COOKIE_1375 Cookie
COOKIE_1504 Cookie
COOKIE_1543 Cookie
COOKIE_1570 Cookie
COOKIE_1661 Cookie
COOKIE_1678 Cookie
COOKIE_1698 Cookie
COOKIE_1701 Cookie
COOKIE_1738 Cookie
COOKIE_2077 Cookie
COOKIE_2081 Cookie
COOKIE_2089 Cookie
COOKIE_2100 Cookie
COOKIE_2157 Cookie
COOKIE_2216 Cookie
COOKIE_2275 Cookie
COOKIE_2376 Cookie
COOKIE_2411 Cookie
COOKIE_2513 Cookie
COOKIE_2631 Cookie
COOKIE_2639 Cookie
COOKIE_2676 Cookie
COOKIE_2842 Cookie
COOKIE_2921 Cookie
COOKIE_2991 Cookie
COOKIE_2996 Cookie
COOKIE_3004 Cookie
COOKIE_3018 Cookie
COOKIE_3036 Cookie
COOKIE_3081 Cookie
COOKIE_3117 Cookie
SPYW_PPNETWORK.A Spyware
COOKIE_3182 Cookie
COOKIE_3183 Cookie
COOKIE_3184 Cookie
COOKIE_3185 Cookie
COOKIE_3186 Cookie
COOKIE_3188 Cookie
COOKIE_3196 Cookie
COOKIE_3201 Cookie
SPYW_PPNETWORK.B Spyware
COOKIE_6853 Cookie
COOKIE_6855 Cookie
COOKIE_3235 Cookie
COOKIE_3237 Cookie
COOKIE_3238 Cookie
ADW_TREBATES Adware
ADW_MYSPEED.A Adware
SPYW_PYNIX.A Spyware
What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix. Results:
We have detected 1 vulnerability/vulnerabilities on your computer.
Risk Level Issue How to Fix
Important A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said Web site, and is able to control it accordingly. The actions that the attacker could take would depend on the specific content being protected.
FROM Activescan i got ............
Incident Status Location
Adware:Adware/Gator No disinfected C:\DOCUME~1\JOSHNG~1\LOCALS~1\Temp\bundle.inf
Adware:Adware/nCase No disinfected C:\Temp\FLEOK
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:Spyware/Altnet No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Josh Nguyen\Favorites\Sites about\Ab scissor.url
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking
Adware:Adware/Apropos No disinfected C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\localNRD.dll
Spyware:Spyware/LocalNRD No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\localNrd.inf
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\p2psetup.exe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\pynix.cab[Pynix.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\Pynix.dll
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Paul Nguyen\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight No disinfected C:\I386\conscorr.inf
Spyware:Spyware/LocalNRD No disinfected C:\I386\localNrd.inf
Adware:Adware/Twain-Tech No disinfected C:\I386\twaintec.inf
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.exe.bak
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\conscorr.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\dlmax.inf
Virus:Trj/Downloader.GK Disinfected C:\WINDOWS\INF\polall1r.inf
Virus:Trj/Imiserv.D Disinfected C:\WINDOWS\systb.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL.DLL
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Hope this will help
Thank you
Josh
#15
Posted 04 April 2005 - 07:26 PM
Go Here download and install Cleanup!
Open the program click on Cleanup and let it do it's thingwhen asked to rebnoot do so,
Next reboot to safe mode again please now I need you to search for and delete the following files highlighted in Bold or folders highlighted in Red
Adware:Adware/Gator No disinfected C:\DOCUME~1\JOSHNG~1\LOCALS~1\Temp\bundle.inf
Adware:Adware/nCase No disinfected C:\Temp\FLEOK
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Josh Nguyen\Favorites\Sites about\Ab scissor.url
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking
Adware:Adware/Apropos No disinfected C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\localNRD.dll
Spyware:Spyware/LocalNRD No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\localNrd.inf
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\p2psetup.exe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\pynix.cab[Pynix.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\Pynix.dll
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Paul Nguyen\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight No disinfected C:\I386\conscorr.inf
Spyware:Spyware/LocalNRD No disinfected C:\I386\localNrd.inf
Adware:Adware/Twain-Tech No disinfected C:\I386\twaintec.inf
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.exe.bak
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\conscorr.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\dlmax.inf
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL.DLL
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Restart your computer,
Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.
Run a scan with Ad-aware Restart your computer,
Run another scan with TrendMicro and Active scan
Post back how you make out please
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users