Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Drpmon [RESOLVED]


  • This topic is locked This topic is locked

#1
kris74745

kris74745

    Member

  • Member
  • PipPipPip
  • 107 posts
[FONT=Courier]

I have been having problems with my computer. I've researched what the different problems are and I don't know how to get rid of the few that are left. The tools on your website helped tremendously. Thank you!
Here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 8:25:58 PM, on 7/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [yetrgzf] c:\windows\system32\dqoale.exe r
O4 - HKLM\..\Run: [xtwpewd] c:\windows\system32\jzaqhd.exe r
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [slxoazf] c:\windows\system32\xcgdpb.exe r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [qyctfqs] c:\windows\system32\vdbxlpc.exe r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [ogfavlz] c:\windows\system32\vutcwye.exe r
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [nahfcfq] c:\windows\system32\njbnocw.exe r
O4 - HKLM\..\Run: [lvvngm] c:\windows\system32\oeyayhh.exe r
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rukzzu.exe reg_run
O4 - HKLM\..\Run: [jtrohst] c:\windows\system32\lswgvdx.exe r
O4 - HKLM\..\Run: [ibnxxla] c:\windows\system32\fwaybrc.exe r
O4 - HKLM\..\Run: [hlqrqjj] c:\windows\system32\jkneixi.exe r
O4 - HKLM\..\Run: [faelixd] c:\windows\system32\yrzbqd.exe r
O4 - HKLM\..\Run: [faatmrn] c:\windows\system32\llkhrq.exe r
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [dbhgsey] c:\windows\system32\boqyen.exe r
O4 - HKLM\..\Run: [cwhwtk] c:\windows\system32\gikiba.exe r
O4 - HKLM\..\Run: [ctmynba] c:\windows\system32\ftbbdtk.exe r
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [btwfnmh] c:\windows\system32\fxhkpr.exe r
O4 - HKLM\..\Run: [axnkvja] c:\windows\system32\vkiwco.exe r
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [agtolsg] c:\windows\system32\bygpyl.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096042541221
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I am logged on to EtomiPro. Is there a reason I should remove the program?
Thank you for your help.

kris74745
  • 0

Advertisements


#2
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hello kris74745 and welcome to Geeks To Go. :tazz:

I am UKBiker and will be helping you with this log.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please download Ewido security suite it is a trial version of the program. If you already have Ewido, please update it and run the scans as below
  • Install Ewido security suite
  • Launch Ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
+++++ Step 2 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 3 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have recieved help elsewhere or no longer need our assistance, please let us know.

UKBiker
  • 0

#3
kris74745

kris74745

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hello UKBiker! Thank you for your help. The service is truly appreciated.
I followed your instructions and here are the results:







-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Monday, July 11, 2005 11:54:44
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/07/2005
Kaspersky Anti-Virus database records: 130046
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 66678
Number of viruses found: 8
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 3650 sec

Infected Object Name - Virus Name
C:\Program Files\Norton AntiVirus\Quarantine\064D4A27.exe Infected: Trojan-Downloader.Win32.Qoologic.o
C:\Program Files\Norton AntiVirus\Quarantine\28FE7E23.dll Infected: Trojan-Downloader.Win32.Qoologic.p
C:\Program Files\Norton AntiVirus\Quarantine\38DF4817.exe Infected: Trojan-Downloader.Win32.Intexp.c
C:\Program Files\Norton AntiVirus\Quarantine\59656896.dll Infected: Trojan-Downloader.Win32.Qoologic.s
C:\Program Files\Norton AntiVirus\Quarantine\59691292.exe Infected: Trojan-Downloader.Win32.Qoologic.u
C:\Program Files\Norton AntiVirus\Quarantine\59796480.dll Infected: Trojan-Downloader.Win32.Qoologic.t
C:\Program Files\Norton AntiVirus\Quarantine\597C0E7D.exe Infected: Trojan-Downloader.Win32.Delmed.a
C:\Program Files\Norton AntiVirus\Quarantine\6B6A2359.exe Infected: Trojan-Downloader.Win32.Qoologic.u
C:\Program Files\Norton AntiVirus\Quarantine\6F2C522A.exe Infected: Trojan-Downloader.Win32.Qoologic.q

Scan process completed.



I also ran a Panda scan a few days ago, and here is what it found:



Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/Comet No disinfected C:\OLD\OLD\WINDOWS\INF\CC_43.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys





Here is the Hijack This logfile:


Logfile of HijackThis v1.99.1
Scan saved at 11:56:59 AM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096042541221
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...529/mcfscan.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




Here is the uninstall list:


Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
ccCommon
CleanUp!
Coca Cola Seasons
Coke 6
Display Utility
Easy CD & DVD Creator 6
EPSON Printer Software
eTomi Pro(remove only)
ewido security suite
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
Kaspersky Anti-Virus Web Scanner
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 SR-1 Professional
Microsoft Windows Journal Viewer
Mozilla Firefox (1.0.4)
Mozilla Thunderbird (1.0.2)
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
PowerDVD
RealPlayer
RelevantKnowledge
S3Display
S3Gamma2
S3Info2
S3Overlay
Screensavers Installer
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Symantec Script Blocking Installer
SymNet
Update for Windows XP (KB898461)
VIA Rhine-Family Fast Ethernet Adapter
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinPatrol

I ran Ewido Security Suite and it found nothing.

Let me know what's next!

Thank you,

Kristi
:tazz:
  • 0

#4
kris74745

kris74745

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
I did get rid of Nail.exe. I followed another post, and it is finally gone! I don't know what to do with the other problems. Also, my technician put a router on my computer. Do I really need that? I only have one computer.

Thank you,

Kris74745
  • 0

#5
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There ;)

I got to say that you are doing a great job of cleaning this up on your own! :tazz: This log is much better than the one that you originally posted. There are still a few things that need to go though, so let me have a good look through it and i will post the fix later this evening (its 7;20 pm in the UK). In the meantime, there are a couple of applications that you are running that I am not too familiar with, so could you please tell me what you can about the following apps?

Coca Cola Seasons
Coke 6
Internet Worm Protection
RelevantKnowledge
Screensavers Installer
SPBBC
SymNet

You also asked about Etomi. I am seeking advice on this file sharing application as to its status and will advise you later when I have more Information.

UKBiker
  • 0

#6
kris74745

kris74745

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hello!

I found SPBBC service using winpatrol. I listed what I found below. I think the SymNet has something to do with Symantec and Norton Antivirus files. It pulls up live updates I believe. I cannot find anything about RelevantKnowledge. I found something about Internet Worm Protection and listed it below. I put a smiley face beside the words. The Coke and Coca-cola files are screensavers. The screensavers installer came with the files I believe. I don't use them anymore.

Thank you for your assistance.

Kristi


;)





SPBBC Service

SPBBCSvc.exe SPBBC Service
Version: 1,0,1,47 Copyright © 2004 Symantec Corporation. All rights reserved.
Path: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSvc.exe


Norton AntiVirus 2005 for Windows 98/ME/2000/XP
Copyright © 2004 Symantec Corporation. All rights reserved.

Installation Notes Read Me: August 2004

PLEASE READ THIS DOCUMENT CAREFULLY; it contains
important installation information about Norton
AntiVirus.

Topics include:

- System Requirements
- Supported Email/IM Clients
- Load Auto-Protect during system boot failure
- ZoneAlarm compatibility issue
- MSN/Windows Messenger
- Yahoo! Instant Messenger
- How to save a MSI log file to troubleshoot install
and uninstall issues
- Supported Ports for Norton AntiVirus's email protection
- Creating new user profiles after installing
Norton AntiVirus on Windows 98/98SE
- Digitally signing emails in Outlook Express 6.x and
Office XP
- Dynamic Volumes on Windows 2000 and XP
- Email client configuration and outbound email scanning
- Updating Windows 98*admin video drivers for Auto-Protect
- Using Norton AntiVirus with directory symbolic
links/NTFS junctions
- Using tooltips in Help produce a script error
- Multicast not working with Internet Worm Protection :tazz:
- ICU License - ICU 1.8.1 and later
  • 0

#7
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there Kris74745 :tazz:

Ok, I have found some information on eTomi (thanks Rawe), and I would advise you MOST strongly to remove it and unsusbscribe from their service. You may wish to unsubscribe from it before you continue with the fix below as their requirements for unsubscription may need you to use the application to do so. The fix as posted below will remove the application.

On with the Fix

please ensure that your system is set so as to show all hidden and system files.

Please run HijackThis, click Scan, and checkmark against these entries if they are there:

O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16

Close all open windows except for HijackThis and click Fix Checked.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.co.../safemode.shtml

Then please run Ewido, and run a full scan and have it fix whatever it finds. Post the log from the scan here for me at the end of this fix.

Go to Add/remove programmes in Control Panel and remove these programmes if they are there

Coca Cola Seasons
Coke 6
e Tomi pro
RelevantKnowledge
Screensavers Installer


Using windows explorer, please delete the following folders if they are there

C:\Program Files\Coca Cola Seasons
C:\Program Files\Coke 6
C:\Program Files\e Tomi pro
C:\Program Files\RelevantKnowledge
C:\Program Files\Screensavers Installer

Using Windows Explorer, please delete the following files if they are there

C:\WINDOWS\System32\rlvknlg.exe
C:\WINDOWS\System32\AUNPS2.DLL

InstallAPS.exe<<<<<you will have to search for this one, it may not be there.

Restart your computer in normal mode

Finally, open Internet Options from the Control Panel and click the ‘Certificates’ button on the ‘Content’ tab. Look for ‘Netsetter'and/or‘MarketScore’and/orRelevantKnowledge in the list in the Trusted Root Certification Authorities tab, select them and remove them if they are there.

Restart your computer in normal mode then please rescan with HJT and post a new HijackThis log, as well as the log from the Ewido scan.

Good Luck

UKBiker

Edited by ukbiker, 11 July 2005 - 03:55 PM.

  • 0

#8
kris74745

kris74745

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hi UKBiker! I couldn't find the InstallAPS.exe file. I also can't remove the Coke 6 screensaver file. It gives a message that the install.log could not be opened. I tried in safe mode and normal. Ewido didn't find anything. Here is the new Hijack logfile:


Logfile of HijackThis v1.99.1
Scan saved at 10:14:02 PM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096042541221
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...529/mcfscan.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Do you know what Twain32 is? I saw that in the Windows Explorer and I just want to make sure it is okay. Thank you so much for your help! Let me know what else I need to do!

Kristi

:tazz:
  • 0

#9
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there Kris74745 :help:

Congratulations , your log is clean :tazz: ;) ;)

If you fins a file on your PC and need an independant check as to whether it is infected, this can be done at Jotti

Just a general clean up now and we are done

Now you have to clean out your temporary files and flush your restore points:
  • Start | Run | type cleanmgr | OK
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.
Flush System Restore.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Quarantined items found by your AV and AT scanners can now be deleted.

P2P Alternative Applications.

Here is a link that will give you information about safer alternetives to e Tomi.

P2P

So now that your PC is clean, how do you keep it that way?

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer alternatives available. ConsiderFirefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

Glad to have been of help

UKBiker
  • 0

#10
kris74745

kris74745

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
UKBiker,

Thank you for your assistance. You are truly appreciated.

Kris7475


:tazz:
  • 0

Advertisements


#11
kris74745

kris74745

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
UKBiker,

I still have some viruses that show up with Panda scan, but not with Ewido or Norton. Do you have any suggestions? Here is the Panda file:


Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/Comet No disinfected C:\OLD\OLD\WINDOWS\INF\CC_43.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys



Thank you so much for your help!

kris74745
:tazz:

  • 0

#12
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya kris74745 :tazz:

I think that these are just fragments left over from the cleaning we have done.
What I would suggest is that you do the following in Safe Mode with your system set to show all hidden and system files.

1. Use Windows Explorer and see if this folder exists, if it does, delete the whole folder, if it isnt there, great!

C:\Program Files\MyWay

2. Run Adaware in safe mode and have it do a full system scan, delete everything it finds.

3. I am not sure what this path is, C:\OLD\OLD\WINDOWS\INF\CC_43.inf , is this an old backup or something?

I will do some research on the other entries but let me know how you get on.

UKBiker
  • 0

#13
kris74745

kris74745

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hello UKBiker! I found and deleted MyWay. I did see another suspicious file with the name of pss and it will not go away. It is in the WINDOWS folder. Also, I am not sure about the CC_43 file. I right clicked on it for properties, and it says it is setup information, and it opens with Notepad. I didn't open it though. It also isn't very big. There is another one that is CC_43.PNF and it is precompiled setup information. Just in case you need to know, none of these programs are in add/remove programs. Talk to ya' soon! Ad-Aware didn't find anything critical. Good night for me and good morning to you!

Thanks,

Kristi

:tazz:
  • 0

#14
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi Kris74745

How is the PC running now?

I will do some research into those files for you

UKBiker
  • 0

#15
kris74745

kris74745

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hey there! The PC is running a lot better. The only problem I have noticed are a few random pop-ups that always are from castlemedia. I don't know if they are still popping up since I deleted MyWay. I will check MyWay with Panda again to make sure it is gone. I will do that as soon as I get home from class. Did you ever find out if I really needed a router? I only have one computer, and I am not sure about the person who used to work on our computer. There were some old viruses on there that were supposed to be fixed. Anyway, I will run Panda again, and I will talk to you soon!


Thank you!

Kris74745

:tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP