Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

have tried it all..need help [RESOLVED]


  • This topic is locked This topic is locked

#1
aarrow

aarrow

    New Member

  • Member
  • Pip
  • 7 posts
I can't seem to remove this blue screen. I have run all the ones at the malware post start except ewido ..as i have windows ME. The only thing i can think of is posting my hijack this log and hope someone can point me in the right direction...Logfile of HijackThis v1.99.1
Scan saved at 11:24:39 AM, on 9/18/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\WINDOWS\TASKMON.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\THE CLEANER\TCA.EXE
C:\PROGRAM FILES\THE CLEANER\TCM.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2sea...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2sea...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2sea...sidesearch.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\ADVANCEDSEARCHBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\ADVANCEDSEARCHBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINSTALL.EXE
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\ADVANCEDSEARCHBAR.DLL
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\ADVANCEDSEARCHBAR.DLL
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.asdbiz.biz
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.asdbiz.biz (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll (file missing)
O21 - SSODL: OLE Module - {0211C4D9-BC71-8916-38AD-9DEA5D213614} - C:\WINDOWS\SYSTEM\chp.dll

please help if you get a chance
  • 0

Advertisements


#2
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Hello! My name is Skate and im gonna try my best to walk you through this! :tazz:
Read over these instructions first, if you have questions ask now before starting!

Downloads
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2sea...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2sea...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2sea...sidesearch.html
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINSTALL.EXE
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.asdbiz.biz
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.asdbiz.biz (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll (file missing)
O21 - SSODL: OLE Module - {0211C4D9-BC71-8916-38AD-9DEA5D213614} - C:\WINDOWS\SYSTEM\chp.dll

Please remember to close all other windows, including browsers then click Fix checked.


File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\winstall.exe
C:\WINDOWS\SYSTEM\birdihuy32.dll
C:\WINDOWS\SYSTEM\chp.dll


Run Downloaded Programs
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Further Scanning
Please run a Scan at the Following site
Panda ActiveScan

Make sure that you choose the "fix" or "clean" option when available
at the end of this scan you will be given then option to save a log from the scan -SAVE THAT LOG- and post it here along with a new HijackThis Log, and the contents of the smitfiles.txt log by using Add Reply.

Let us know if any problems persist.

Edited by skate_punk_21, 20 September 2005 - 02:28 PM.

  • 0

#3
aarrow

aarrow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hiya Skate thanks for responding i really appreciate it. :) First off in my Display in the control panel i only had ...Background, Screen saver, Appearance, and Settings....no desktop or customize desktop :tazz: Second ....while i was in safe mode i couldn't acess the internet, so i couldn't run panda scan. when i restarted my comp to reply to you i still had the "Blue Screen" w/ your system is infected on it. well anyway here is my hijackthis log. and the smitfiles text hope it helps Logfile of HijackThis v1.99.1
Scan saved at 6:19:46 PM, on 9/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TASKMON.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\THE CLEANER\TCA.EXE
C:\PROGRAM FILES\THE CLEANER\TCM.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\ADVANCEDSEARCHBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\ADVANCEDSEARCHBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\ADVANCEDSEARCHBAR.DLL
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\ADVANCEDSEARCHBAR.DLL
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab


smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~




~~~ Icons in system folder ~~~



~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~




~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Clean!! :) thanks again for trying to help the helpless :)
  • 0

#4
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
OK sorry about that - do the online scan now from normal mode. Be sure to post the results!

Edited by skate_punk_21, 20 September 2005 - 05:18 PM.

  • 0

#5
aarrow

aarrow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
k thanks Skate..........here is panda log :tazz:
Incident Status Location

Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM\vxh8jkdq6.exe
Dialer:dialer.bew No disinfected C:\WINDOWS\SYSTEM\maxd1.exe
Adware:adware/tvmedia No disinfected C:\WINDOWS\Application Data\tvmuknwrd.dll
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\CONSCORR.INF
Adware:adware/twain-tech No disinfected C:\WINDOWS\INF\MULTIMPP.INF
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\banner.inf
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\bbchk.exe
Adware:adware program No disinfected C:\WINDOWS\flag.bla
Adware:adware/sidesearch No disinfected C:\PROGRAM FILES\Lycos
Adware:adware/downloadware No disinfected C:\PROGRAM FILES\Recommended Hotfix - 421701D
Adware:adware/portalscan No disinfected C:\PROGRAM FILES\COMMON FILES\Slmss
Adware:adware/bookedspace No disinfected C:\WINDOWS\bsx32
Adware:adware/exactsearch No disinfected Windows Registry
Virus:Trj/Downloader.EMN Disinfected C:\WINDOWS\SYSTEM\vxh8jkdq5.exe
Dialer:Dialer.CQM No disinfected C:\WINDOWS\SYSTEM\efsdfgxg.exe
Dialer:Dialer.CZF No disinfected C:\WINDOWS\SYSTEM\maxd1.exe
Dialer:Dialer.CQM No disinfected C:\WINDOWS\SYSTEM\vxgame4.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\CONSCORR.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\POLALL1R.INF
Adware:Adware/MultiMPP No disinfected C:\WINDOWS\INF\MULTIMPP.INF
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\banner.inf
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2217.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2217.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\gdnUS2217.exe
Adware:Adware/Popuper No disinfected C:\_RESTORE\TEMP\A0182562.CPY
Adware:Adware/SpySheriff No disinfected C:\_RESTORE\TEMP\A0182563.CPY
Adware:Adware/SpySheriff No disinfected C:\_RESTORE\TEMP\A0182564.CPY
Adware:Adware/SpywareNo No disinfected C:\_RESTORE\TEMP\A0182566.CPY
Adware:Adware/SpywareNo No disinfected C:\_RESTORE\TEMP\A0182567.CPY
Adware:Adware/SpySheriff No disinfected C:\_RESTORE\TEMP\A0182568.CPY
Virus:Trj/Spabot.S Disinfected C:\_RESTORE\TEMP\A0182597.CPY
Virus:Trj/Downloader.EMN Disinfected C:\_RESTORE\TEMP\A0182613.CPY
Virus:Bck/Agent.ANE Disinfected C:\lo-1108515189.exe
Thanks again for the help
  • 0

#6
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Download the attachment at the end of this post and save it to your desktop. Then right click and rename it to fix2.Bat - DO not run it yet.

Download MWaveScan
  • Double-click mwav.exe and unzip it to its default Directory @ C:\Kaspersky
  • Locate "kavupd.exe" in the New Folder and Double Click to Update.
  • If it says the signatures are more than 30 days old, keep trying!
  • Keep trying until you get the actual signatures! (it will say "downloading yadda yadda yadda")
  • When you see "Updates downloaded Successfully, please press any key to continue" go ahead, but do not run anything else in this folder...

Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Double Click fix2.bat - a dos window will open and close. this is normal.

Now go to the Kaspersky folder-> Locate and Double Click "mwavscan.com" to launch the MWAV Scanner!

Once opened-> Leave the Default Settings "ticked" and add a "tick" to"Drives"-> this will light up "All Drives"-> Add a "tick" to "Scan all Files"-> Click "Scan Clean" to begin!
This Scan may take Several Hours or more to Complete,Depending on the Hard Drive Size!

Please be sure it is Completed before proceeding!

1. Once the Scan has finished, All entries Identified as Infected will displayed in the lower pane! - Highlight everything that is inside the lower pane and press Ctrl+C at the same time to Copy!
2. Open a Blank Notepad Page and Paste the results (Ctrl+V) to it and Save it to your Desktop!

REBOOT back to nomal mode and paste that logs contents..
  • 0

#7
aarrow

aarrow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey Skate ran the mwave scan and here are the results you asked for. :)


File C:\WINDOWS\SYSTEM\vxh8jkdq7.exe infected by "Trojan-Downloader.Win32.Small.atl" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2217.exe infected by "Trojan-Downloader.Win32.Small.ayl" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2217.exe infected by "Trojan-Downloader.Win32.Small.ayl" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Downloaded Program Files\gdnUS2217.exe infected by "Trojan-Downloader.Win32.Small.ayl" Virus. Action Taken: File Deleted.
File C:\_RESTORE\TEMP\A0182639.CPY infected by "Trojan-Downloader.Win32.Small.atl" Virus. Action Taken: File to be deleted on reboot.
File C:\_RESTORE\TEMP\A0182640.CPY infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: File to be deleted on reboot.
File C:\_RESTORE\TEMP\A0182641.CPY infected by "Trojan-Clicker.Win32.Small.hx" Virus. Action Taken: File to be deleted on reboot.
File C:\_RESTORE\TEMP\A0182642.CPY infected by "Trojan-Clicker.Win32.Small.hx" Virus. Action Taken: File to be deleted on reboot.
File C:\_RESTORE\TEMP\A0182743.CPY infected by "Trojan-Downloader.Win32.Small.atl" Virus. Action Taken: File to be deleted on reboot.
....Thanks again ..i really appreciate you taking time to help me :tazz:
  • 0

#8
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
ok lets have one more
Panda ActiveScan please :tazz: just to make sure we got everything (again save the log) . and then:

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click Start Scan
  • After it's done scanning, click Scan Results
  • Make sure all items found have a check next to them, then click Clean Threats Now.
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called Antispyware.log, please double-click that log and copy the entire contents and paste them here.

What I need back:
1. Panda ActiveScan Log
2. Trendmicro Log

Edited by skate_punk_21, 21 September 2005 - 06:04 PM.

  • 0

#9
aarrow

aarrow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi again Skate ...here are the logs you requested :tazz:


Incident Status Location

Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM\SVCHOST.dll
Adware:adware/tvmedia No disinfected C:\WINDOWS\Application Data\tvmuknwrd.dll
Adware:adware/sidesearch No disinfected C:\PROGRAM FILES\Lycos
Adware:adware/downloadware No disinfected C:\PROGRAM FILES\Recommended Hotfix - 421701D
Adware:adware/portalscan No disinfected C:\PROGRAM FILES\COMMON FILES\Slmss
Adware:adware/bookedspace No disinfected C:\WINDOWS\bsx32
Adware:adware/exactsearch No disinfected Windows Registry
Virus:Trj/Shellbot.B Disinfected C:\WINDOWS\SYSTEM\svchost.exe
Adware:Adware/IPInsight No disinfected C:\_RESTORE\TEMP\A0182644.CPY
Adware:Adware/MultiMPP No disinfected C:\_RESTORE\TEMP\A0182645.CPY
Spyware:Spyware/BetterInet No disinfected C:\_RESTORE\TEMP\A0182646.CPY
Adware:Adware/Transponder No disinfected C:\_RESTORE\TEMP\A0182647.CPY
Virus:Trj/Shellbot.B Disinfected C:\_RESTORE\TEMP\A0182759.CPY
Virus:Trj/Shellbot.B Disinfected C:\Recycled\svchost.exe
Started Scanning
Files and Directories
Found 'virushunter21.ico' in 'c:\WINDOWS\SYSTEM'
Found 'kill all spyware11.ico' in 'c:\WINDOWS\SYSTEM'
Found 'creditcard21.ico' in 'c:\WINDOWS\SYSTEM'
Found 'poker1.ico' in 'c:\WINDOWS\SYSTEM'
Found '' in 'c:\WINDOWS\bsx32'
Found 'XTFL2.bsx' in 'c:\WINDOWS\bsx32'
Found 'ADVC5.bsx' in 'c:\WINDOWS\bsx32'
Found 'FINC5.bsx' in 'c:\WINDOWS\bsx32'
Found 'ADVCTX2.bsx' in 'c:\WINDOWS\bsx32'
Found 'ADBN3.bsx' in 'c:\WINDOWS\bsx32'
Found 'TMP3.bsx' in 'c:\WINDOWS\bsx32'
Found 'INK1.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIR21184.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIPF1965.bsx' in 'c:\WINDOWS\bsx32'
Found 'SPZ3.bsx' in 'c:\WINDOWS\bsx32'
Found 'BID1.bsx' in 'c:\WINDOWS\bsx32'
Found 'BingoRoom1.bsx' in 'c:\WINDOWS\bsx32'
Found 'MOVS2.bsx' in 'c:\WINDOWS\bsx32'
Found 'HERBS1.bsx' in 'c:\WINDOWS\bsx32'
Found 'ADTMI1.bsx' in 'c:\WINDOWS\bsx32'
Found 'CARD2.bsx' in 'c:\WINDOWS\bsx32'
Found 'EML1.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIS24110.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIS31590.bsx' in 'c:\WINDOWS\bsx32'
Found 'TRVL6.bsx' in 'c:\WINDOWS\bsx32'
Found 'HOGAR3.bsx' in 'c:\WINDOWS\bsx32'
Found 'HEBE3.bsx' in 'c:\WINDOWS\bsx32'
Found 'FINC3.bsx' in 'c:\WINDOWS\bsx32'
Found 'UTONE2.bsx' in 'c:\WINDOWS\bsx32'
Found 'EECH1.bsx' in 'c:\WINDOWS\bsx32'
Found 'FMND1.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIRE20082.bsx' in 'c:\WINDOWS\bsx32'
Found 'FLWR1.bsx' in 'c:\WINDOWS\bsx32'
Found 'DATE4.bsx' in 'c:\WINDOWS\bsx32'
Found 'FAST1.bsx' in 'c:\WINDOWS\bsx32'
Found 'JOBS4.bsx' in 'c:\WINDOWS\bsx32'
Found 'CARS3.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIT26116.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIW11211.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIWS3.bsx' in 'c:\WINDOWS\bsx32'
Found 'VENUE1.bsx' in 'c:\WINDOWS\bsx32'
Found 'NEWS2.bsx' in 'c:\WINDOWS\bsx32'
Found 'SHOP2.bsx' in 'c:\WINDOWS\bsx32'
Found 'TECH2.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIOT25456.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIOG19375.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIM9740.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIL18549.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASII21469.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIH7853.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIH21180.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIGT10102.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIG21943.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIFWH29233.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIF4502.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIFA15376.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIF29819.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIE17070.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASID12180.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIC29667.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIB9894.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIT17011.bsx' in 'c:\WINDOWS\bsx32'
Found 'ASIM4381.bsx' in 'c:\WINDOWS\bsx32'
Found 'WWW3.bsx' in 'c:\WINDOWS\bsx32'
Found 'A0182644.CPY' in 'c:\_RESTORE\TEMP'
Found 'A0182645.CPY' in 'c:\_RESTORE\TEMP'
Found 'A0182648.CPY' in 'c:\_RESTORE\TEMP'
Found 'acp1.dat' in 'c:\Program Files\Common Files\Slmss'
Found '' in 'c:\Program Files\Lycos'
Found '' in 'c:\Program Files\Recommended Hotfix - 421701D'
Found '' in 'c:\Program Files\Recommended Hotfix - 421701D\v15'
Found '' in 'c:\Program Files\Morpheus'
Found '' in 'c:\Program Files\Morpheus\My Shared Folder'
Found 'asbcursor.cur' in 'c:\Program Files\Advanced Searchbar'
Programs in Memory
Internet URL Shortcuts
Internet Cookies
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Classes\Install.Install'
Found '' in 'SOFTWARE\Classes\Install.Install.1'
Found '' in 'SOFTWARE\Classes\Install.Install.1\CLSID'
Found '' in 'SOFTWARE\Classes\Install.Install\CLSID'
Found '' in 'SOFTWARE\Classes\Install.Install\CurVer'
Found '' in 'SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\InstalledVersion'
Found '' in 'SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\DownloadInformation'
Found '' in 'SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains\Files'
Found '' in 'SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'c:\WINDOWS\SYSTEM\virushunter21.ico' in shortcut areas.
Checking for 'c:\WINDOWS\SYSTEM\virushunter21.ico' in startup areas.
Cleaning 'c:\WINDOWS\SYSTEM\virushunter21.ico'
Checking for 'c:\WINDOWS\SYSTEM\kill all spyware11.ico' in shortcut areas.
Checking for 'c:\WINDOWS\SYSTEM\kill all spyware11.ico' in startup areas.
Cleaning 'c:\WINDOWS\SYSTEM\kill all spyware11.ico'
Checking for 'c:\WINDOWS\SYSTEM\creditcard21.ico' in shortcut areas.
Checking for 'c:\WINDOWS\SYSTEM\creditcard21.ico' in startup areas.
Cleaning 'c:\WINDOWS\SYSTEM\creditcard21.ico'
Checking for 'c:\WINDOWS\SYSTEM\poker1.ico' in shortcut areas.
Checking for 'c:\WINDOWS\SYSTEM\poker1.ico' in startup areas.
Cleaning 'c:\WINDOWS\SYSTEM\poker1.ico'
Checking for 'c:\WINDOWS\bsx32' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32' in startup areas.
Cleaning 'c:\WINDOWS\bsx32'
Checking for 'c:\WINDOWS\bsx32\XTFL2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\XTFL2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\XTFL2.bsx'
Checking for 'c:\WINDOWS\bsx32\ADVC5.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADVC5.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADVC5.bsx'
Checking for 'c:\WINDOWS\bsx32\FINC5.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FINC5.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FINC5.bsx'
Checking for 'c:\WINDOWS\bsx32\ADVCTX2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADVCTX2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADVCTX2.bsx'
Checking for 'c:\WINDOWS\bsx32\ADBN3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADBN3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADBN3.bsx'
Checking for 'c:\WINDOWS\bsx32\TMP3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\TMP3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\TMP3.bsx'
Checking for 'c:\WINDOWS\bsx32\INK1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\INK1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\INK1.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIR21184.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIR21184.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIR21184.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIPF1965.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIPF1965.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIPF1965.bsx'
Checking for 'c:\WINDOWS\bsx32\SPZ3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\SPZ3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\SPZ3.bsx'
Checking for 'c:\WINDOWS\bsx32\BID1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\BID1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\BID1.bsx'
Checking for 'c:\WINDOWS\bsx32\BingoRoom1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\BingoRoom1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\BingoRoom1.bsx'
Checking for 'c:\WINDOWS\bsx32\MOVS2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\MOVS2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\MOVS2.bsx'
Checking for 'c:\WINDOWS\bsx32\HERBS1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\HERBS1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\HERBS1.bsx'
Checking for 'c:\WINDOWS\bsx32\ADTMI1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADTMI1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADTMI1.bsx'
Checking for 'c:\WINDOWS\bsx32\CARD2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\CARD2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\CARD2.bsx'
Checking for 'c:\WINDOWS\bsx32\EML1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\EML1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\EML1.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIS24110.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIS24110.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIS24110.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIS31590.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIS31590.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIS31590.bsx'
Checking for 'c:\WINDOWS\bsx32\TRVL6.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\TRVL6.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\TRVL6.bsx'
Checking for 'c:\WINDOWS\bsx32\HOGAR3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\HOGAR3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\HOGAR3.bsx'
Checking for 'c:\WINDOWS\bsx32\HEBE3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\HEBE3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\HEBE3.bsx'
Checking for 'c:\WINDOWS\bsx32\FINC3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FINC3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FINC3.bsx'
Checking for 'c:\WINDOWS\bsx32\UTONE2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\UTONE2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\UTONE2.bsx'
Checking for 'c:\WINDOWS\bsx32\EECH1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\EECH1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\EECH1.bsx'
Checking for 'c:\WINDOWS\bsx32\MORT5.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\MORT5.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\MORT5.bsx'
Checking for 'c:\WINDOWS\bsx32\FMND1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FMND1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FMND1.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIRE20082.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIRE20082.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIRE20082.bsx'
Checking for 'c:\WINDOWS\bsx32\FLWR1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FLWR1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FLWR1.bsx'
Checking for 'c:\WINDOWS\bsx32\DATE4.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\DATE4.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\DATE4.bsx'
Checking for 'c:\WINDOWS\bsx32\FAST1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FAST1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FAST1.bsx'
Checking for 'c:\WINDOWS\bsx32\JOBS4.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\JOBS4.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\JOBS4.bsx'
Checking for 'c:\WINDOWS\bsx32\CARS3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\CARS3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\CARS3.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIT26116.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIT26116.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIT26116.bsx'
Checking for 'c:\WINDOWS\bsx32\AUTOS2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\AUTOS2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\AUTOS2.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIW11211.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIW11211.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIW11211.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIWS3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIWS3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIWS3.bsx'
Checking for 'c:\WINDOWS\bsx32\VENUE1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\VENUE1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\VENUE1.bsx'
Checking for 'c:\WINDOWS\bsx32\NEWS2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\NEWS2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\NEWS2.bsx'
Checking for 'c:\WINDOWS\bsx32\SHOP2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\SHOP2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\SHOP2.bsx'
Checking for 'c:\WINDOWS\bsx32\TECH2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\TECH2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\TECH2.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIOT25456.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIOT25456.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIOT25456.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIOG19375.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIOG19375.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIOG19375.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIM9740.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIM9740.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIM9740.bsx'
Checking for 'c:\WINDOWS\bsx32\ASILS29399.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASILS29399.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASILS29399.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIL18549.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIL18549.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIL18549.bsx'
Checking for 'c:\WINDOWS\bsx32\ASII21469.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASII21469.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASII21469.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIH7853.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIH7853.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIH7853.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIH21180.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIH21180.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIH21180.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIGT10102.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIGT10102.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIGT10102.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIG21943.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIG21943.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIG21943.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIFWH29233.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIFWH29233.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIFWH29233.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIF4502.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIF4502.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIF4502.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIFA15376.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIFA15376.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIFA15376.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIF29819.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIF29819.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIF29819.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIE17070.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIE17070.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIE17070.bsx'
Checking for 'c:\WINDOWS\bsx32\ASID12180.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASID12180.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASID12180.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIC29667.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIC29667.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIC29667.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIB9894.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIB9894.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIB9894.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIT17011.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIT17011.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIT17011.bsx'
Checking for 'c:\WINDOWS\bsx32\ASIM4381.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIM4381.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIM4381.bsx'
Checking for 'c:\WINDOWS\bsx32\WWW3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\WWW3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\WWW3.bsx'
Checking for 'c:\WINDOWS\bsx32\XTFL2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\XTFL2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\XTFL2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\XTFL2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ADVC5.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADVC5.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADVC5.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ADVC5.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\FINC5.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FINC5.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FINC5.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\FINC5.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ADVCTX2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADVCTX2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADVCTX2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ADVCTX2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ADBN3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADBN3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADBN3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ADBN3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\TMP3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\TMP3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\TMP3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\TMP3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\INK1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\INK1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\INK1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\INK1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIR21184.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIR21184.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIR21184.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIR21184.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIPF1965.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIPF1965.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIPF1965.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIPF1965.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\SPZ3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\SPZ3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\SPZ3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\SPZ3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\BID1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\BID1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\BID1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\BID1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\BingoRoom1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\BingoRoom1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\BingoRoom1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\BingoRoom1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\MOVS2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\MOVS2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\MOVS2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\MOVS2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\HERBS1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\HERBS1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\HERBS1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\HERBS1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ADTMI1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ADTMI1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ADTMI1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ADTMI1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\CARD2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\CARD2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\CARD2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\CARD2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\EML1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\EML1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\EML1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\EML1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIS24110.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIS24110.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIS24110.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIS24110.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIS31590.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIS31590.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIS31590.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIS31590.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\TRVL6.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\TRVL6.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\TRVL6.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\TRVL6.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\HOGAR3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\HOGAR3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\HOGAR3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\HOGAR3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\HEBE3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\HEBE3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\HEBE3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\HEBE3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\FINC3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FINC3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FINC3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\FINC3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\UTONE2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\UTONE2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\UTONE2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\UTONE2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\EECH1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\EECH1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\EECH1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\EECH1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\FMND1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FMND1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FMND1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\FMND1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIRE20082.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIRE20082.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIRE20082.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIRE20082.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\FLWR1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FLWR1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FLWR1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\FLWR1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\DATE4.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\DATE4.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\DATE4.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\DATE4.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\FAST1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\FAST1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\FAST1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\FAST1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\JOBS4.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\JOBS4.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\JOBS4.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\JOBS4.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\CARS3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\CARS3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\CARS3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\CARS3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIT26116.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIT26116.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIT26116.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIT26116.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIW11211.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIW11211.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIW11211.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIW11211.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIWS3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIWS3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIWS3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIWS3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\VENUE1.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\VENUE1.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\VENUE1.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\VENUE1.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\NEWS2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\NEWS2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\NEWS2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\NEWS2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\SHOP2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\SHOP2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\SHOP2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\SHOP2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\TECH2.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\TECH2.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\TECH2.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\TECH2.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIOT25456.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIOT25456.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIOT25456.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIOT25456.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIOG19375.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIOG19375.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIOG19375.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIOG19375.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIM9740.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIM9740.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIM9740.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIM9740.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIL18549.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIL18549.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIL18549.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIL18549.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASII21469.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASII21469.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASII21469.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASII21469.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIH7853.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIH7853.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIH7853.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIH7853.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIH21180.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIH21180.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIH21180.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIH21180.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIGT10102.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIGT10102.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIGT10102.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIGT10102.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIG21943.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIG21943.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIG21943.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIG21943.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIFWH29233.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIFWH29233.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIFWH29233.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIFWH29233.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIF4502.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIF4502.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIF4502.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIF4502.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIFA15376.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIFA15376.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIFA15376.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIFA15376.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIF29819.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIF29819.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIF29819.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIF29819.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIE17070.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIE17070.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIE17070.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIE17070.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASID12180.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASID12180.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASID12180.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASID12180.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIC29667.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIC29667.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIC29667.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIC29667.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIB9894.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIB9894.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIB9894.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIB9894.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIT17011.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIT17011.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIT17011.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIT17011.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\ASIM4381.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\ASIM4381.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\ASIM4381.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\ASIM4381.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\WINDOWS\bsx32\WWW3.bsx' in shortcut areas.
Checking for 'c:\WINDOWS\bsx32\WWW3.bsx' in startup areas.
Cleaning 'c:\WINDOWS\bsx32\WWW3.bsx'
[SCANMODS] The file 'c:\WINDOWS\bsx32\WWW3.bsx' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\_RESTORE\TEMP\A0182644.CPY' in shortcut areas.
Checking for 'c:\_RESTORE\TEMP\A0182644.CPY' in startup areas.
Cleaning 'c:\_RESTORE\TEMP\A0182644.CPY'
[SCANMODS] WARNING: Deletion of the file 'c:\_RESTORE\TEMP\A0182644.CPY' requires a reboot.
Checking for 'c:\_RESTORE\TEMP\A0182645.CPY' in shortcut areas.
Checking for 'c:\_RESTORE\TEMP\A0182645.CPY' in startup areas.
Cleaning 'c:\_RESTORE\TEMP\A0182645.CPY'
[SCANMODS] WARNING: Deletion of the file 'c:\_RESTORE\TEMP\A0182645.CPY' requires a reboot.
Checking for 'c:\_RESTORE\TEMP\A0182648.CPY' in shortcut areas.
Checking for 'c:\_RESTORE\TEMP\A0182648.CPY' in startup areas.
Cleaning 'c:\_RESTORE\TEMP\A0182648.CPY'
[SCANMODS] WARNING: Deletion of the file 'c:\_RESTORE\TEMP\A0182648.CPY' requires a reboot.
Checking for 'c:\Program Files\Common Files\Slmss\acp1.dat' in shortcut areas.
Checking for 'c:\Program Files\Common Files\Slmss\acp1.dat' in startup areas.
Cleaning 'c:\Program Files\Common Files\Slmss\acp1.dat'
Checking for 'c:\Program Files\Lycos' in shortcut areas.
Checking for 'c:\Program Files\Lycos' in startup areas.
Cleaning 'c:\Program Files\Lycos'
Checking for 'c:\Program Files\Recommended Hotfix - 421701D' in shortcut areas.
Checking for 'c:\Program Files\Recommended Hotfix - 421701D' in startup areas.
Cleaning 'c:\Program Files\Recommended Hotfix - 421701D'
Checking for 'c:\Program Files\Recommended Hotfix - 421701D\rh.dat' in shortcut areas.
Checking for 'c:\Program Files\Recommended Hotfix - 421701D\rh.dat' in startup areas.
Cleaning 'c:\Program Files\Recommended Hotfix - 421701D\rh.dat'
Checking for 'c:\Program Files\Recommended Hotfix - 421701D\v15' in shortcut areas.
Checking for 'c:\Program Files\Recommended Hotfix - 421701D\v15' in startup areas.
Cleaning 'c:\Program Files\Recommended Hotfix - 421701D\v15'
[SCANMODS] The file 'c:\Program Files\Recommended Hotfix - 421701D\v15' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\Program Files\Morpheus' in shortcut areas.
Checking for 'c:\Program Files\Morpheus' in startup areas.
Cleaning 'c:\Program Files\Morpheus'
Checking for 'c:\Program Files\Morpheus\uninstallmorpheus13.cab' in shortcut areas.
Checking for 'c:\Program Files\Morpheus\uninstallmorpheus13.cab' in startup areas.
Cleaning 'c:\Program Files\Morpheus\uninstallmorpheus13.cab'
Checking for 'c:\Program Files\Morpheus\My Shared Folder' in shortcut areas.
Checking for 'c:\Program Files\Morpheus\My Shared Folder' in startup areas.
Cleaning 'c:\Program Files\Morpheus\My Shared Folder'
[SCANMODS] The file 'c:\Program Files\Morpheus\My Shared Folder' was not found. Most likely already cleaned by another scanner module.
Checking for 'c:\Program Files\Advanced Searchbar\asbcursor.cur' in shortcut areas.
Checking for 'c:\Program Files\Advanced Searchbar\asbcursor.cur' in startup areas.
Cleaning 'c:\Program Files\Advanced Searchbar\asbcursor.cur'
Finished Cleaning



Thank you so much :)
  • 0

#10
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Delete The following files(red)/folders(blue) IF THEY STILL EXIST (since the second scanner may have already gotten to them :tazz:

C:\WINDOWS\SYSTEM\SVCHOST.dll <--careful here, be sure its this file ONLY
C:\WINDOWS\Application Data\tvmuknwrd.dll
C:\PROGRAM FILES\Lycos
C:\PROGRAM FILES\Recommended Hotfix - 421701D
C:\PROGRAM FILES\COMMON FILES\Slmss
C:\WINDOWS\bsx32

Now tell me... You still got that blue screen?? How is everything??
  • 0

#11
aarrow

aarrow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hiya Skate .....k Deleted what files i could find ..and everything seems ok now ....no blue screen ....woking great ...lots of stuff on desktop :tazz:


Thanks for you time and trouble skate i really appreciate it :) :)
  • 0

#12
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Congratulations Your Log is Clean!!:grin:

If you are still having trouble, please dont continue with these instructions just yet. LET ME KNOW!


System Restore
Now that we know your system is clean, we want to purge any potentially infected restore points. To do that, complete the following:

1: Go to Start->Settings->Control Panel and double-click on the System icon.
2: On the Performance tab click File System.
3: Click the Troubleshooting tab, and then check 'Disable System Restore'. Click OK. Click Yes when you are prompted to restart Windows.
4:You may enable System Restore again by following the same steps as above except you should uncheck 'Disable System Restore'.


Preventative Measures

This is a good time to set up protection against further attacks. Read How Did I Get Infected In The First Place?.

Also Consider...
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:How is she running now? Any further problems? If not, Good work, and Happy Computing!

Please reply once more so we know you have read these measures2

Edited by skate_punk_21, 22 September 2005 - 05:02 AM.

  • 0

#13
aarrow

aarrow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Everything seems to be ok ...comp running a lil slow ...btw i have EZ armor Firewall and Antivirus on this comp and i now have TCactive, TC monitor and Trojanhunter running as well is this too much or should i delete the 3 new ones ?






Thanks again for taking time to help me ....You Rock!!!!!!! :tazz:
  • 0

#14
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
that'll be why its lagging i believe. its up to you, personally i would keep 1, and just run an online virus scan once in a while.

Edited by skate_punk_21, 22 September 2005 - 02:42 PM.

  • 0

#15
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP