Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple Problems [CLOSED]


  • This topic is locked This topic is locked

#1
Cooper199

Cooper199

    Member

  • Member
  • PipPip
  • 49 posts
OK Ive spent all day on this and I'm out of ideas. This is my roommates computer. When she opened Explorer it took her to this 'oneclick" website that refused to allow her to dump her temporary internet files. When trying to switch to the other username, it comes up with a black screen with some spyware warning that has been listed in other forums as Trojan Desktophijack. When you switch back to the other user, you temporarily get a fatal error blue screen that says something about Trojan Spy.html but it goes too quickly to get the numbers off of it.

I rebooted in safe mode and ran Norton's and that took 3 hours. It found 1 virus - Trojan Desktop Hijack.B, which it said it quarantined. However, an earlier scan that my roommate did showed viruses that said "Quarantine Failed - Left Alone" for viruses under the following names: Trojan DesktopHijak, Downloader Trojan, Trojan Adwaheck, Trojan Mitglieder, Trojan.Byte Verify, Bloodhound.Exploit.6, W32 Desktophijak, Bloodhound.W32.EP, Trojan.Moo.

(I know, its crazy). On an unrelated note, there seems to be a glitch in Norton's that prevents it from LiveUpdating without actually going through the symantec website.

I've run AdAware - it got rid of some stuff but not a lot. I installed and ran Spybot - same thing. I finally installed Mozilla Firefox and that seems to be running OK, and I tried to uninstall Internet Explorer and Reinstall it, but I don't know if that worked.

In addition, as I'm typing this to you, I'm getting yellow ! System Warnings that say "critical system error...your PC is infected with Spyware" and the like.


In addition to ALL of this, when you try to run the Start> Search feature Microsoft Office keeps trying to Install something--I'm not sure what.

You may figure out that I have exhausted my knowledge on computers (which usually consists of turning it off and back on). Help!

My log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 11:15:00 PM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michele\Desktop\hijackthis-1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicks...es.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicks...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp1684.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Any Help would be greatly appreciated!

Thanks!
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Cooper199

Please post a new HJT.log

Kc :tazz:
  • 0

#3
Cooper199

Cooper199

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Now the little yellow exclamation point wants me to clean up unused desktop items on my desktop, FYI.

THanks!

Logfile of HijackThis v1.99.1
Scan saved at 12:20:08 PM, on 6/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Michele\Desktop\hijackthis-1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicks...es.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicks...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp1684.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Cooper199

Please read through the instructions before you start (you may want to print this out).

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Download Pocket Killbox and unzip it; save it to your Desktop.

Please CLICK here and go to Save As (in Internet Explorer it's "Save Target As") in order to download Metallica’s reg file. Save it to your desktop.

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first. Don't run yet.

Please set your system to show all files; please see here if you're unsure how to do this.

Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop. Please do not run it yet,

Reboot into Safe Mode: please see here if you are not sure how to do this.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicks...es.com/bar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp1684.tmp
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h

Click on Fix Checked when finished and exit HijackThis.

Now run Metallica’s reg file

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run CWShredder to fix your CWS problem.

Run AD-Aware se

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\Program Files\Parallel Tasking\ptask.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\hp1684.tmp
C:\Program Files\AntivirusGold\AntivirusGold.exe /h.
Let the system reboot.

C:\Program Files\[b]AntivirusGold
<--Delete the whole folder


Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
[b]Please post the logs From Panda, Ewido HJT.log
We will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
Cooper199

Cooper199

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
OK! I did everything I could...Once I got to the running HJT scan the first 5 items to remove were no longer there. Then, it wouldn't let me clean out the TIF files--it got stuck at "calculating disk space" and I left it for several hours but it never made any progress. In Killbox at the end the folder Antivirus Gold didn't exist anymore either.

Here are the scans:

Logfile of HijackThis v1.99.1
Scan saved at 9:32:05 AM, on 6/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michele\Desktop\hijackthis-1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Here is Panda:


Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/SearchExe No disinfected C:\WINDOWS\Downloaded Program Files\on-line.exe
Virus:Exploit/Mhtredir.gen Disinfected Operating system
Adware:Adware/Popuper No disinfected Windows Registry
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\System32\wp.bmp
Adware:Adware/Antivirus-gold No disinfected C:\WINDOWS\screen.html
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\IDI90TMN\bb3[1].chm[bb3.html]
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\CAFU25BZ.HTM
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\CAYJGJP6.HTM
Virus:Trj/Downloader.CYL No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\q[1].chm[q.hhc]
Adware:Adware/MSSearch No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\q[1].chm[q.htm]
Virus:Trj/Downloader.CYL No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\q[2].chm[q.hhc]
Adware:Adware/MSSearch No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\q[2].chm[q.htm]
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\NI3PT2DI\online[1].chm
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\CA0HMVKH.HTM
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\CA6F8LEB.HTM
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\CA9KVABN.HTM
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\CA9RBXKW.HTM
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\CAR35LSQ.HTM
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\CAXWJAZN.HTM
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\exit[1].htm
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\mtrslib2[1].js
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\mtrslib2[2].js
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\on-line[1].exe
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\on-line[2].exe
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\on-line[3].exe
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[10].chm
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[11].chm
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[1].chm
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[2].chm
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[3].chm
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[4].chm
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[5].chm
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[6].chm
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[7].chm
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[8].chm
Virus:Trj/Downloader.MR Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\online[9].chm
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\CA2NG5UN.HTM
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\CAU7CPET.HTM
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\on-line[1].exe
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[1].chm
Virus:VBS/Psyme.X No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[1].chm[1.htm]
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[1].chm[on-line.exe]
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[2].chm
Virus:VBS/Psyme.X No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[2].chm[1.htm]
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[2].chm[on-line.exe]
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[3].chm
Virus:VBS/Psyme.X No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[3].chm[1.htm]
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[3].chm[on-line.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\WZ3B6K5H\CA6J0ZFK.HTM
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\XY8ESHU9\exit[1].htm
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\XY8ESHU9\on-line[1].exe
Spyware:Spyware/XXXToolbar No disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\XY8ESHU9\prompt[1].php
Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\ZULHL1KB\CA2NC56N.HTM
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\on-line.exe
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\iwonslot1,0,2,5.inf
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\Downloaded Program Files\on-line.exe
Adware:Adware/Antivirus-gold No disinfected C:\WINDOWS\screen.html
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\oleadm32.dll
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\wp.bmp
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\WNSPOO~1.EXE
And here is Ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:32:13 PM, 6/28/2005
+ Report-Checksum: 9B02F103

+ Date of database: 6/28/2005
+ Version of scan engine: v3.0

+ Duration: 148 min
+ Scanned Files: 170512
+ Speed: 19.20 Files/Second
+ Infected files: 38
+ Removed files: 38
+ Files put in quarantine: 38
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Beth\Local Settings\Temp\banp.exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\bgbedomd.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\Cookies\beth@ads.as4x.tmcs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\Cookies\beth@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\Cookies\beth@specificpop[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\jjpk.exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\kpjh.exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\kplf.exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\nlocjlmd.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\ompejpmd.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\temp.fr67AB -> Trojan.Puper.v -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\temp.frE48B -> Trojan.Puper.v -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\~alstmp.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temp\~alstmp.exe_ -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\dd[1].exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\dd[2].exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\dd[3].exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\dd[4].exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\file[1].exe -> TrojanDownloader.Zlob.q -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\gdnUS1865[1].exe -> TrojanDownloader.Small.ayl -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\NI3PT2DI\object2[1].hta -> TrojanDropper.Small.i -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\object2[1].hta -> TrojanDropper.Small.i -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\object2[3].hta -> TrojanDropper.Small.i -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\XY8ESHU9\object2[1].hta -> TrojanDropper.Small.i -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\XY8ESHU9\object2[2].hta -> TrojanDropper.Small.i -> Cleaned with backup
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\ZULHL1KB\object2[1].hta -> TrojanDropper.Small.i -> Cleaned with backup
C:\WINDOWS\popuper.exe -> Trojan.Puper.l -> Cleaned with backup
C:\WINDOWS\system32\hhk.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\hookdump.exe -> Trojan.Agent.ep -> Cleaned with backup
C:\WINDOWS\system32\hp1684.tmp -> Trojan.Puper.m -> Cleaned with backup
C:\WINDOWS\system32\hp2983.tmp -> Trojan.Puper.m -> Cleaned with backup
C:\WINDOWS\system32\hp9DC5.tmp -> Trojan.Puper.m -> Cleaned with backup
C:\WINDOWS\system32\hpF9A0.tmp -> Trojan.Puper.m -> Cleaned with backup
C:\WINDOWS\system32\intmon.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\msmsgs.exe -> TrojanDownloader.Zlob.G -> Cleaned with backup
C:\WINDOWS\system32\msole32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\ole32vbs.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\shnlog.exe -> Trojan.Puper.m -> Cleaned with backup


::Report End


Explorer seems to be working better than it was but based on these scans it still seems to have issues.

Also, when i go Start> Search Windows still tries to install something.

Thanks again!
  • 0

#6
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Cooper199

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Download and unzip cwsserviceremove to your desktop. use either link below:
cwsserviceremove
cwsserviceremove.zip

Please download sphjfix Save it to your desktop, dont run it yet

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run Ewido full scan. Save the scan.log.

Run the spifix

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicks...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/

Click on Fix Checked when finished and exit HijackThis.

Run Ad-aware se let remove all it finds

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Double click on the cwsserviceremove and when asked to merge say yes

Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\WINDOWS\Downloaded Program Files\on-line.exe
C:\WINDOWS\System32\wp.bmp
C:\WINDOWS\screen.html
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\IDI90TMN\bb3[1].chm[bb3.html]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\q[1].chm[q.hhc]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\q[1].chm[q.htm]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\q[2].chm[q.hhc]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\K92VKXAV\q[2].chm[q.htm]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\exit[1].htm
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\mtrslib2[1].js
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\mtrslib2[2].js
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\on-line[1].exe
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\on-line[2].exe
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q36V6LI7\on-line[3].exe
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\on-line[1].exe
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[1].chm
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[1].chm[1.htm]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[1].chm[on-line.exe]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[2].chm
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[2].chm[1.htm]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[2].chm[on-line.exe]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[3].chm
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[3].chm[1.htm]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\Q8Q5JTSK\online[3].chm[on-line.exe]
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\WZ3B6K5H\CA6J0ZFK.HTM
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\XY8ESHU9\exit[1].htm
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\XY8ESHU9\on-line[1].exe
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\XY8ESHU9\prompt[1].php
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\on-line.exe
C:\WINDOWS\Downloaded Program Files\iwonslot1,0,2,5.inf
C:\WINDOWS\Downloaded Program Files\on-line.exe
C:\WINDOWS\screen.html
C:\WINDOWS\system32\oleadm32.dll
C:\WINDOWS\system32\wp.bmp
C:\WINDOWS\system32\WNSPOO~1.EXE[/B]
Let the system reboot.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#7
Cooper199

Cooper199

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Oky dokie--I'll do that after I get home today. What do i do if the "cleanmgr" function gets locked at calculating disk space again?
  • 0

#8
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Cooper199

We will have to continue trying till we remove the malware.

Looking at the number of virus and malware we have remove I just don't know how your system was still run. ?

Kc :tazz:
  • 0

#9
Cooper199

Cooper199

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
OK! Whew that took forever. Everythign worked except the cleanmgr function -- the same thing happened. But, Cleanup repaired 2.4 Gigs of free space, so perhaps that got rid of it? Anyway, here are the scans...

Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:57:58 PM, 6/30/2005
+ Report-Checksum: 3E71FEF2

+ Date of database: 6/28/2005
+ Version of scan engine: v3.0

+ Duration: 392 min
+ Scanned Files: 170969
+ Speed: 7.27 Files/Second
+ Infected files: 1
+ Removed files: 1
+ Files put in quarantine: 1
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Michele\Cookies\michele@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End



Here is Panda:


Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\WNSPOO~1.EXE
And here is the most recent HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 3:38:13 PM, on 7/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michele\Desktop\hijackthis-1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Darn, it looks like that oneclick searches thing is still there. <sigh> What next?

Beth
  • 0

#10
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Cooper199

Please read through the instructions before you start (you may want to print this out).

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Download Pocket Killbox and unzip it; save it to your Desktop.

Please CLICK here and go to Save As (in Internet Explorer it's "Save Target As") in order to download Metallica’s reg file. Save it to your desktop.

Please download sphjfix Save it to your desktop, dont run it yet

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first. Don't run yet.

Please set your system to show all files; please see here if you're unsure how to do this.

Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop. Please do not run it yet,

Reboot into Safe Mode: please see here if you are not sure how to do this.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Run the spifix

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicks...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/

Click on Fix Checked when finished and exit HijackThis.

Now run Metallica’s reg file

Using Windows Explorer delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.
C:\WINDOWS\system32\WNSPOO~1.EXE<--Delete this file

Find and delete these file's if they exist:
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\WINDOWS\System32\winnook.exe
C:\WINDOWS\desktop.html
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe
C:\WINDOWS\system32\hpD04B.tmp

Find and delete these folders if they exist:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Program Files\Security IGuard
C:\WINDOWS\System32\Services
C:\Windows\System32\Log Files
C:\Program Files\PSGuard
(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)


C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\WINDOWS\System32\winnook.exe
C:\WINDOWS\desktop.html
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe
C:\WINDOWS\system32\hpD04B.tmp

Find and delete these folders if they exist:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Program Files\Security IGuard
C:\WINDOWS\System32\Services
C:\Windows\System32\Log Files
C:\Program Files\PSGuard


Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run CWShredder to fix your CWS problem.

Run AD-Aware se

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda, Ewido HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

Advertisements


#11
Cooper199

Cooper199

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Do I need to reinstall Ewido, Pocket Killbox, Adaware, sphjfix, and CWShredder if I already did that stuff in an earlier attempt?

THanks...
  • 0

#12
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Cooper199

Do I need to reinstall Ewido, Pocket Killbox, Adaware, sphjfix, and CWShredder if I already did that stuff in an earlier attempt?

A simple awsner no but you do need to chech you have the latest update's.

Kc :tazz:
  • 0

#13
Guest_thatman_*

Guest_thatman_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#14
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Cooper199

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda, and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#15
Cooper199

Cooper199

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I'm almost done with the last set of instructions--I'm currently at running AdAware. I'll run panda and then post all the logs...thanks!

Beth
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP