Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Frustrated w/psguard [RESOLVED]


  • This topic is locked This topic is locked

#1
mucha

mucha

    Member

  • Member
  • PipPip
  • 14 posts
:tazz: I seem to have come down with psgaurd issues. My desktop has been hijacked, replaced with a spyware-adware warning. I have followed steps indicated on the Malware Removal page and had limited success. The icon on my toolbar is gone. If I could get some help with the Hijack log it would be greatly appreciated. Thanks.

Here is my last log.

Logfile of HijackThis v1.99.1
Scan saved at 11:35:12 AM, on 8/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MFCKZ32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\PROGRAM FILES\SANDICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SDKBM32.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\NEW FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iqekb.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iqekb.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\iqekb.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iqekb.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iqekb.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\iqekb.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: Class - {623FF47C-1C5C-7D6F-C88D-248E932EFDF7} - C:\WINDOWS\SYSTEM\ATLHA32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [SandIcon] C:\Program Files\SandIcon.Exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSF2F3.TMP /R /A
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [SDKBM32.EXE] C:\WINDOWS\SYSTEM\SDKBM32.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MFCKZ32.EXE] C:\WINDOWS\SYSTEM\MFCKZ32.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {CAD3EF00-9556-11D4-9740-0001031AA926} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nm1228.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify157.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai...meInstaller.exe
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.105...etzip/RdxIE.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdep...sses/CFJava.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.c.../printQuick.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bits...om/tdserver.cab
O16 - DPF: {9386632C-00D9-440F-A448-E25BE16459B2} (DemoShield DemoX Class) - http://www.asicomp.c...ox/pm/demox.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...344/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.183.229.3,205.216.137.2,205.216.137.4
  • 0

Advertisements


#2
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello, and welcome to the GeekstoGo Forums. My name is Jfcap,and I will be helping you clean your system. I would like to start off by apologizing in the delay in our response time. We try not to let posts slip through the cracks, but things do happen due the the ammount of posts on our website, so again I apologize.

There are a few infections on here. We will do them one at a time. So stick with me, and we will get this fixed!

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

Then post a new HiJackThis log.
  • 0

#3
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for the help Jfcap.

I used procedure 4 do remove NewDotNet.

Here is my ne HiJackthis log. Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 3:06:51 PM, on 8/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MFCKZ32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\PROGRAM FILES\SANDICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\oqhkb.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\oqhkb.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\oqhkb.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\oqhkb.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\oqhkb.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\oqhkb.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: Class - {50869ABA-33E9-4196-7AEE-75E885433BAA} - C:\WINDOWS\NETSM32.DLL (file missing)
O2 - BHO: Class - {2FA713FF-3397-DC95-DA5F-D3DF9D69AD1C} - C:\WINDOWS\JAVAZW32.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [SandIcon] C:\Program Files\SandIcon.Exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSF2F3.TMP /R /A
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SDKBM32.EXE] C:\WINDOWS\SYSTEM\SDKBM32.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MFCKZ32.EXE] C:\WINDOWS\SYSTEM\MFCKZ32.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {CAD3EF00-9556-11D4-9740-0001031AA926} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nm1228.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify157.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai...meInstaller.exe
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.105...etzip/RdxIE.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdep...sses/CFJava.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.c.../printQuick.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bits...om/tdserver.cab
O16 - DPF: {9386632C-00D9-440F-A448-E25BE16459B2} (DemoShield DemoX Class) - http://www.asicomp.c...ox/pm/demox.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...344/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.183.229.3,205.216.137.2,205.216.137.4
  • 0

#4
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

You have a CoolWebSearch infection.

Download CWShredder here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder


Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

Then post a new HiJackThis log for me.
  • 0

#5
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,

I downloaded CWShredder, updated it, and ran it in safe mode.

Here is my new log. Thanks, Mucha.

Logfile of HijackThis v1.99.1
Scan saved at 1:01:35 PM, on 8/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MFCKZ32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\PROGRAM FILES\SANDICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: Class - {50869ABA-33E9-4196-7AEE-75E885433BAA} - C:\WINDOWS\NETSM32.DLL (file missing)
O2 - BHO: Class - {2FA713FF-3397-DC95-DA5F-D3DF9D69AD1C} - C:\WINDOWS\JAVAZW32.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [SandIcon] C:\Program Files\SandIcon.Exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSF2F3.TMP /R /A
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SDKBM32.EXE] C:\WINDOWS\SYSTEM\SDKBM32.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MFCKZ32.EXE] C:\WINDOWS\SYSTEM\MFCKZ32.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {CAD3EF00-9556-11D4-9740-0001031AA926} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nm1228.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify157.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai...meInstaller.exe
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.105...etzip/RdxIE.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdep...sses/CFJava.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.c.../printQuick.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bits...om/tdserver.cab
O16 - DPF: {9386632C-00D9-440F-A448-E25BE16459B2} (DemoShield DemoX Class) - http://www.asicomp.c...ox/pm/demox.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...344/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.183.229.3,205.216.137.2,205.216.137.4
  • 0

#6
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items, then click FIX CHECKED:
===================================================
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {50869ABA-33E9-4196-7AEE-75E885433BAA} - C:\WINDOWS\NETSM32.DLL (file missing)
O2 - BHO: Class - {2FA713FF-3397-DC95-DA5F-D3DF9D69AD1C} - C:\WINDOWS\JAVAZW32.DLL (file missing)
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.105...etzip/RdxIE.cab

===================================================

Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#7
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello,
It looks like I have my desktop back. Thanks a ton.
I am having a problem in which AVG Resident Shield keeps popping up.
It says something like: Virus Detected
while opening file C:\WINDOWS\SYSTEM\D3RB32.DLL.
Trojan horse Downlader Agent SV.
It is not exactly the same each time.

Here is my new HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 12:22:27 AM, on 8/29/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MFCKZ32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\PROGRAM FILES\SANDICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [SandIcon] C:\Program Files\SandIcon.Exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSF2F3.TMP /R /A
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SDKBM32.EXE] C:\WINDOWS\SYSTEM\SDKBM32.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MFCKZ32.EXE] C:\WINDOWS\SYSTEM\MFCKZ32.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {CAD3EF00-9556-11D4-9740-0001031AA926} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nm1228.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify157.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai...meInstaller.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdep...sses/CFJava.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.c.../printQuick.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bits...om/tdserver.cab
O16 - DPF: {9386632C-00D9-440F-A448-E25BE16459B2} (DemoShield DemoX Class) - http://www.asicomp.c...ox/pm/demox.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...344/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.183.229.3,205.216.137.2,205.216.137.4


Here is my smitfiles.txt log


smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~


oleext.dll
wppp.html


~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~


oleext.dll


~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Clean!! :tazz:

And here is my Panda ActiveScan log. I am sorry but I couldn't find the autoclean box for the life of me.


Incident Status Location

Spyware:spyware/petro-line No disinfected C:\WINDOWS\FAVORITES\SITES ABOUT\Credit counseling.url
Adware:adware/ezula No disinfected C:\WINDOWS\SYSTEM\stub.exe
Spyware:spyware/smitfraud No disinfected C:\WINDOWS\SYSTEM\oleext.dll
Adware:adware/navipromo No disinfected C:\WINDOWS\SYSTEM\sdktm32.exe
Adware:adware/cws.aboutblank No disinfected C:\WINDOWS\SYSTEM\crme32.exe
Adware:adware/searchaid No disinfected C:\WINDOWS\javazu32.exe
Spyware:spyware/new.net No disinfected C:\WINDOWS\newdotnet2_98.dll
Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\stub.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\gziqkc.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\etpbzd.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\eqarva.dat
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_80.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_88.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_94.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall5_20.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall5_40.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_30.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\bsbiax.dat
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:Adware/SearchAid No disinfected C:\ms32.tmp
  • 0

#8
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Things are looking better, lets fix everything that PandaScan found:

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\FAVORITES\SITES ABOUT\Credit counseling.url
C:\WINDOWS\SYSTEM\stub.exe
C:\WINDOWS\SYSTEM\oleext.dll
C:\WINDOWS\SYSTEM\sdktm32.exe
C:\WINDOWS\SYSTEM\crme32.exe
C:\WINDOWS\javazu32.exe
C:\WINDOWS\newdotnet2_98.dll
C:\WINDOWS\SYSTEM\stub.exe
C:\WINDOWS\gziqkc.dat
C:\WINDOWS\etpbzd.dat
C:\WINDOWS\eqarva.dat
C:\WINDOWS\NDNuninstall4_80.exe
C:\WINDOWS\NDNuninstall4_88.exe
C:\WINDOWS\NDNuninstall4_94.exe
C:\WINDOWS\NDNuninstall5_20.exe
C:\WINDOWS\NDNuninstall5_40.exe
C:\WINDOWS\NDNuninstall6_30.exe
C:\WINDOWS\bsbiax.dat
C:\ms32.tmp
6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.
  • 0

#9
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello, Everything with the killbox went fine. My system seems to be running very good. Thank you for the help Justin. Let me know if I need to do anything else. Mucha.
  • 0

#10
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hello, look like I spoke too soon. AVG residen shield is still popping up continually when I open firefox. I basically have to reboot to get it to go away. Thanks, Mucha
  • 0

Advertisements


#11
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

When AVG Resident Shield Pops up, what does it say?
  • 0

#12
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello,

It says something like: Virus Detected
while opening file C:\WINDOWS\SYSTEM\D3RB32.DLL.
Trojan horse Downlader Agent SV.
It is not exactly the same each time. Although the last few times I've logged on today it hasn't been coming back. So it may be alright. But your the expert so I thought you should know about it.

Thanks for everything, Mucha
  • 0

#13
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Please download TrojanHunter, and run the program to scan your computer.

Let me know how many files that it fixes (you do not have to list each file).

Then run PandaScan again and post the log for me. :tazz:
  • 0

#14
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hello, Trojan hunter fixed one file. Here is what PandaScan came up with. It is kind of scary. Please let me know what you think. Thanks you, Mucha


Incident Status Location

Adware:adware/transponder No disinfected C:\WINDOWS\SYSTEM\msts32.exe
Adware:adware/navipromo No disinfected C:\WINDOWS\SYSTEM\sdkfe32.exe
Spyware:spyware/new.net No disinfected C:\PROGRAM FILES\FirstLook
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntkc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crxu.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysiv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winjr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winsz.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkyw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipth.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appsx32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winps32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mszt.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\iefp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addgy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysvv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javaas32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntyv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addpv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\adddr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javalh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntaf32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysjn.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netst32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkfg32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntow.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addus32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysxe.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysae32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winam.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkcf.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntfn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkfv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcsh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkqv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlwu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javana.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntdq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlni32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntly.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcpk32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javazq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ieax.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winfc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addty32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winzo.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\iegv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javakh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ieol.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appye32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apixm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javatq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mslr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addby.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apifc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apppd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlvz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msos32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3ki32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netkq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javags.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apiwe.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3uz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apiqk.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winvo.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javauw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlat32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mscc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javazi32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crhy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\applh32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addlq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntuy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlto32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apiha32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crqj32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winud.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkhz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipdd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appct32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\syszc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netfr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addqc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysfz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netoa.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msoi.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crpn.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\nter32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addmh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crdo32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlzt.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winsi32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addsy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkgv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msye.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apivr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appfa.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcyt32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winsy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netgp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winai32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlzg32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netui.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crky32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ieif32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apirl.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdknp.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msgq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addwy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apiac32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appkc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlpz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msjs32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crgn.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netob32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3jn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\iewr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipwh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipyb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkkm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winyr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javark32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crrs32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ieth.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appda.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3ch32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlrw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntvi.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysvr.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkug32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntsb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\nethz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkii.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipyf32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addcj.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\iegn.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\creb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\cria32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3pi32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ievn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipog.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javahh32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msyp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcpv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3da32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winuh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addzm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addbf32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3gb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appbn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcps32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msdc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crgw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winip.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\syslb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlci32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crej32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msgr.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javavg.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apigz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netia32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcxx32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntbw.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3am.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crzq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdksd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\iewe.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\cray.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlpt.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apiiu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkyc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javamg.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javaga32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apilw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atljz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipzh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntml.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atllb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkgn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crur32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcuh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcwt32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addgz.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netcd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkuw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msld.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addph32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ieyq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apihq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlcc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntar.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appzh32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msed32.dll
Ad
  • 0

#15
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Lets fix this!
1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\SYSTEM\msts32.exe
C:\WINDOWS\SYSTEM\sdkfe32.exe
C:\PROGRAM FILES\FirstLook
C:\WINDOWS\SYSTEM\ntkc32.dll
C:\WINDOWS\SYSTEM\crxu.dll
C:\WINDOWS\SYSTEM\sysiv32.dll
C:\WINDOWS\SYSTEM\winjr32.dll
C:\WINDOWS\SYSTEM\winsz.dll
C:\WINDOWS\SYSTEM\sdkyw32.dll
C:\WINDOWS\SYSTEM\ipth.dll
C:\WINDOWS\SYSTEM\appsx32.dll
C:\WINDOWS\SYSTEM\winps32.dll
C:\WINDOWS\SYSTEM\mszt.dll
C:\WINDOWS\SYSTEM\iefp32.dll
C:\WINDOWS\SYSTEM\addgy.dll
C:\WINDOWS\SYSTEM\sysvv32.dll
C:\WINDOWS\SYSTEM\javaas32.dll
C:\WINDOWS\SYSTEM\ntyv.dll
C:\WINDOWS\SYSTEM\addpv32.dll
C:\WINDOWS\SYSTEM\adddr32.dll
C:\WINDOWS\SYSTEM\javalh.dll
C:\WINDOWS\SYSTEM\ntaf32.dll
C:\WINDOWS\SYSTEM\sysjn.dll
C:\WINDOWS\SYSTEM\netst32.dll
C:\WINDOWS\SYSTEM\sdkfg32.dll
C:\WINDOWS\SYSTEM\ntow.dll
C:\WINDOWS\SYSTEM\addus32.dll
C:\WINDOWS\SYSTEM\sysxe.dll
C:\WINDOWS\SYSTEM\sysae32.dll
C:\WINDOWS\SYSTEM\winam.dll
C:\WINDOWS\SYSTEM\sdkcf.dll
C:\WINDOWS\SYSTEM\ntfn32.dll
C:\WINDOWS\SYSTEM\sdkfv32.dll
C:\WINDOWS\SYSTEM\mfcsh.dll
C:\WINDOWS\SYSTEM\sdkqv32.dll
C:\WINDOWS\SYSTEM\atlwu32.dll
C:\WINDOWS\SYSTEM\javana.dll
C:\WINDOWS\SYSTEM\ntdq.dll
C:\WINDOWS\SYSTEM\atlni32.dll
C:\WINDOWS\SYSTEM\ntly.dll
C:\WINDOWS\SYSTEM\mfcpk32.dll
C:\WINDOWS\SYSTEM\javazq.dll
C:\WINDOWS\SYSTEM\ieax.dll
C:\WINDOWS\SYSTEM\winfc.dll
C:\WINDOWS\SYSTEM\addty32.dll
C:\WINDOWS\SYSTEM\winzo.dll
C:\WINDOWS\SYSTEM\iegv.dll
C:\WINDOWS\SYSTEM\javakh.dll
C:\WINDOWS\SYSTEM\ieol.dll
C:\WINDOWS\SYSTEM\appye32.dll
C:\WINDOWS\SYSTEM\apixm.dll
C:\WINDOWS\SYSTEM\javatq.dll
C:\WINDOWS\SYSTEM\mslr32.dll
C:\WINDOWS\SYSTEM\addby.dll
C:\WINDOWS\SYSTEM\apifc32.dll
C:\WINDOWS\SYSTEM\apppd.dll
C:\WINDOWS\SYSTEM\atlvz32.dll
C:\WINDOWS\SYSTEM\msos32.dll
C:\WINDOWS\SYSTEM\d3ki32.dll
C:\WINDOWS\SYSTEM\netkq.dll
C:\WINDOWS\SYSTEM\javags.dll
C:\WINDOWS\SYSTEM\apiwe.dll
C:\WINDOWS\SYSTEM\d3uz32.dll
C:\WINDOWS\SYSTEM\apiqk.dll
C:\WINDOWS\SYSTEM\winvo.dll
C:\WINDOWS\SYSTEM\javauw32.dll
C:\WINDOWS\SYSTEM\atlat32.dll
C:\WINDOWS\SYSTEM\mscc.dll
C:\WINDOWS\SYSTEM\javazi32.dll
C:\WINDOWS\SYSTEM\crhy.dll
C:\WINDOWS\SYSTEM\applh32.dll
C:\WINDOWS\SYSTEM\addlq.dll
C:\WINDOWS\SYSTEM\ntuy.dll
C:\WINDOWS\SYSTEM\atlto32.dll
C:\WINDOWS\SYSTEM\apiha32.dll
C:\WINDOWS\SYSTEM\crqj32.dll
C:\WINDOWS\SYSTEM\winud.dll
C:\WINDOWS\SYSTEM\sdkhz32.dll
C:\WINDOWS\SYSTEM\ipdd.dll
C:\WINDOWS\SYSTEM\appct32.dll
C:\WINDOWS\SYSTEM\syszc32.dll
C:\WINDOWS\SYSTEM\netfr32.dll
C:\WINDOWS\SYSTEM\addqc.dll
C:\WINDOWS\SYSTEM\sysfz32.dll
C:\WINDOWS\SYSTEM\netoa.dll
C:\WINDOWS\SYSTEM\msoi.dll
C:\WINDOWS\SYSTEM\crpn.dll
C:\WINDOWS\SYSTEM\nter32.dll
C:\WINDOWS\SYSTEM\addmh.dll
C:\WINDOWS\SYSTEM\crdo32.dll
C:\WINDOWS\SYSTEM\atlzt.dll
C:\WINDOWS\SYSTEM\winsi32.dll
C:\WINDOWS\SYSTEM\addsy.dll
C:\WINDOWS\SYSTEM\sdkgv32.dll
C:\WINDOWS\SYSTEM\msye.dll
C:\WINDOWS\SYSTEM\apivr32.dll
C:\WINDOWS\SYSTEM\appfa.dll
C:\WINDOWS\SYSTEM\mfcyt32.dll
C:\WINDOWS\SYSTEM\winsy.dll
C:\WINDOWS\SYSTEM\netgp32.dll
C:\WINDOWS\SYSTEM\winai32.dll
C:\WINDOWS\SYSTEM\atlzg32.dll
C:\WINDOWS\SYSTEM\netui.dll
C:\WINDOWS\SYSTEM\crky32.dll
C:\WINDOWS\SYSTEM\ieif32.dll
C:\WINDOWS\SYSTEM\apirl.dll
C:\WINDOWS\SYSTEM\sdknp.dll
C:\WINDOWS\SYSTEM\msgq32.dll
C:\WINDOWS\SYSTEM\addwy.dll
C:\WINDOWS\SYSTEM\apiac32.dll
C:\WINDOWS\SYSTEM\appkc.dll
C:\WINDOWS\SYSTEM\atlpz32.dll
C:\WINDOWS\SYSTEM\msjs32.dll
C:\WINDOWS\SYSTEM\crgn.dll
C:\WINDOWS\SYSTEM\netob32.dll
C:\WINDOWS\SYSTEM\d3jn32.dll
C:\WINDOWS\SYSTEM\iewr32.dll
C:\WINDOWS\SYSTEM\ipwh.dll
C:\WINDOWS\SYSTEM\ipyb32.dll
C:\WINDOWS\SYSTEM\sdkkm.dll
C:\WINDOWS\SYSTEM\winyr32.dll
C:\WINDOWS\SYSTEM\javark32.dll
C:\WINDOWS\SYSTEM\crrs32.dll
C:\WINDOWS\SYSTEM\ieth.dll
C:\WINDOWS\SYSTEM\appda.dll
C:\WINDOWS\SYSTEM\d3ch32.dll
C:\WINDOWS\SYSTEM\atlrw32.dll
C:\WINDOWS\SYSTEM\ntvi.dll
C:\WINDOWS\SYSTEM\sysvr.dll
C:\WINDOWS\SYSTEM\sdkug32.dll
C:\WINDOWS\SYSTEM\ntsb32.dll
C:\WINDOWS\SYSTEM\nethz32.dll
C:\WINDOWS\SYSTEM\sdkii.dll
C:\WINDOWS\SYSTEM\ipyf32.dll
C:\WINDOWS\SYSTEM\addcj.dll
C:\WINDOWS\SYSTEM\iegn.dll
C:\WINDOWS\SYSTEM\creb32.dll
C:\WINDOWS\SYSTEM\cria32.dll
C:\WINDOWS\SYSTEM\d3pi32.dll
C:\WINDOWS\SYSTEM\ievn32.dll
C:\WINDOWS\SYSTEM\ipog.dll
C:\WINDOWS\SYSTEM\javahh32.dll
C:\WINDOWS\SYSTEM\msyp32.dll
C:\WINDOWS\SYSTEM\mfcpv.dll
C:\WINDOWS\SYSTEM\d3da32.dll
C:\WINDOWS\SYSTEM\winuh.dll
C:\WINDOWS\SYSTEM\addzm.dll
C:\WINDOWS\SYSTEM\addbf32.dll
C:\WINDOWS\SYSTEM\d3gb32.dll
C:\WINDOWS\SYSTEM\appbn32.dll
C:\WINDOWS\SYSTEM\mfcps32.dll
C:\WINDOWS\SYSTEM\msdc32.dll
C:\WINDOWS\SYSTEM\crgw32.dll
C:\WINDOWS\SYSTEM\winip.dll
C:\WINDOWS\SYSTEM\syslb32.dll
C:\WINDOWS\SYSTEM\atlci32.dll
C:\WINDOWS\SYSTEM\crej32.dll
C:\WINDOWS\SYSTEM\msgr.dll
C:\WINDOWS\SYSTEM\javavg.dll
C:\WINDOWS\SYSTEM\apigz32.dll
C:\WINDOWS\SYSTEM\netia32.dll
C:\WINDOWS\SYSTEM\mfcxx32.dll
C:\WINDOWS\SYSTEM\ntbw.dll
C:\WINDOWS\SYSTEM\d3am.dll
C:\WINDOWS\SYSTEM\crzq.dll
C:\WINDOWS\SYSTEM\sdksd.dll
C:\WINDOWS\SYSTEM\iewe.dll
C:\WINDOWS\SYSTEM\cray.dll
C:\WINDOWS\SYSTEM\atlpt.dll
C:\WINDOWS\SYSTEM\apiiu32.dll
C:\WINDOWS\SYSTEM\sdkyc.dll
C:\WINDOWS\SYSTEM\javamg.dll
C:\WINDOWS\SYSTEM\javaga32.dll
C:\WINDOWS\SYSTEM\apilw32.dll
C:\WINDOWS\SYSTEM\atljz32.dll
C:\WINDOWS\SYSTEM\ipzh.dll
C:\WINDOWS\SYSTEM\ntml.dll
C:\WINDOWS\SYSTEM\atllb32.dll
C:\WINDOWS\SYSTEM\sdkgn32.dll
C:\WINDOWS\SYSTEM\crur32.dll
C:\WINDOWS\SYSTEM\mfcuh.dll
C:\WINDOWS\SYSTEM\mfcwt32.dll
C:\WINDOWS\SYSTEM\addgz.dll
C:\WINDOWS\SYSTEM\netcd.dll
C:\WINDOWS\SYSTEM\sdkuw32.dll
C:\WINDOWS\SYSTEM\msld.dll
C:\WINDOWS\SYSTEM\addph32.dll
C:\WINDOWS\SYSTEM\ieyq.dll
C:\WINDOWS\SYSTEM\apihq32.dll
C:\WINDOWS\SYSTEM\atlcc32.dll
C:\WINDOWS\SYSTEM\ntar.dll
C:\WINDOWS\SYSTEM\appzh32.dll
C:\WINDOWS\SYSTEM\msed32.dll
6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Then run PandaScan again, and post the log for me. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP