Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problem with Malware!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problem with Malware!!

Unread postby Perkypen » June 25th, 2005, 4:38 pm

Here is my log. I had to run it from the desktop because I can not open the explorer to get into any programs, I am also having problems accessing documents from the start button.

PLEASE HELP!!

Logfile of HijackThis v1.99.1
Scan saved at 4:30:24 PM, on 6/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\autodown.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINNT\system32\dwwin.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\system32\dumprep.exe
C:\WINNT\system32\dwwin.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\y36mkxwr.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3140042562
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: CAISafe - Unknown owner - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

Thanks,

Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC
Advertisement
Register to Remove

Unread postby LDTate » June 25th, 2005, 5:50 pm

Hello Perkypen, welcome to the forum.
Try this:


1. Quit all programs that are running.
2. Click Start, and then click Run.
3. Type regsvr32 urlmon.dll, and then click OK. Note the Space.
4. When you receive the "DllRegisterServer in urlmon.dll succeeded" message, click OK.


If this does not resolve the problem, repeat steps 2 through 4 for each of the following files (in step 3, replace Urlmon.dll with each of the file names below):
• Shdocvw.dll
• Msjava.dll
• Actxprxy.dll
• Oleaut32.dll
• Mshtml.dll
• Browseui.dll
• Shell32.dll

This information came from here:
http://support.microsoft.com/default.as ... US;Q281679

Let us know if this worked.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

Unread postby Perkypen » June 25th, 2005, 6:36 pm

Okay, I did them all. I still can not open ANYTHING from the start button. I have downloaded CWShredder onto the desktop and I can not get it to open..

eTrust antivirus scan came up with:

Java. ByteVerify!exploit
Java.Shinwow.Q
Java.Shinwow.U

Please help!

Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby LDTate » June 25th, 2005, 6:42 pm

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, and run a full scan. Let it clean anything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

Unread postby Perkypen » June 26th, 2005, 8:08 am

Okay it took a long long time for that scan to run! Here is the file of what it found. There were 179 infected it cleaned 62 files, there are 117 files not removed. I can get into Explorer through the start button and I can get into my documents etc. so that is working.

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:59:18 AM, on 6/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\y36mkxwr.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3140042562
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: CAISafe - Unknown owner - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

I saved the the ewido file to the desktop in safe mode and know I can not seem to locate it.

I will have to go back and see if it is still in there and find out how to make it so I can "see" it.

Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby LDTate » June 26th, 2005, 8:32 am

We need to see that log file.
I think it's named Log.txt.

Post it when you find it.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

Unread postby Perkypen » June 26th, 2005, 8:38 am

HELP!!!

Okay I can see the file in safe mode, but when I reboot to normal mode I can not find it.

I had a choice of administrator or owner when I went into safe mode. I chose Admin. I can not get into Admin from normal mode.

Got any suggestions?

Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby Perkypen » June 26th, 2005, 8:53 am

YYYYYAAAAHHHHOOOOOOO

I entered in safe mode with networking and HERE my friend is the post. Of course I have a bump on my head form hitting it on the table!!!

:lol: :lol: :lol: :lol:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:53:01 AM, 6/26/2005
+ Report-Checksum: 6620CF5D

+ Date of database: 6/25/2005
+ Version of scan engine: v3.0

+ Duration: 498 min
+ Scanned Files: 515589
+ Speed: 17.25 Files/Second
+ Infected files: 179
+ Removed files: 62
+ Files put in quarantine: 62
+ Files that could not be opened: 0
+ Files that could not be cleaned: 117

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
C:\
C:\

+ Scan result:
C:\Documents and Settings\Owner\Cookies\owner@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cz7.clickzs[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediamgr.ugo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.easypic[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\anti-hijack\NLNuninstall.exe -> Spyware.IGetNet.c -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20050117083930.zip/docume~1/owner/locals~1/temp/sp.html -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq95.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA1.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA2.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAC.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB1.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB7.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBA.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBF.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC0.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC1.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@cz7.clickzs[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@mediamgr.ugo[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@search.msn[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@www.easypic[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@zedo[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\anti-hijack\NLNuninstall.exe -> Spyware.IGetNet.c -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\20050117083930.zip/docume~1/owner/locals~1/temp/sp.html -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq95.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA1.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA2.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAC.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB1.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB7.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBA.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBF.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC0.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC1.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@cz7.clickzs[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@mediamgr.ugo[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@search.msn[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@www.easypic[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@zedo[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\anti-hijack\NLNuninstall.exe -> Spyware.IGetNet.c -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\20050117083930.zip/docume~1/owner/locals~1/temp/sp.html -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq95.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA1.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA2.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAC.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB1.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB7.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBA.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBF.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC0.tmp -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC1.tmp -> Spyware.Tracking-Cookie -> Error during cleaning


::Report End

Thank you!!

Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby LDTate » June 26th, 2005, 9:08 am

I entered in safe mode with networking and HERE my friend is the post. Of course I have a bump on my head form hitting it on the table!!!
:banghead:

C:\Program Files\Yahoo!\YPSR\Quarantine. I don't use this program so you need to find out how to remove what's in Quarantine


Lets try this:

To use it:
  1. Download CCleaner from http://www.ccleaner.com/ and install.
  2. Open CCleaner.
  3. Place a check by everything in the Applications tab.
  4. Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
  5. Hit the button that says Run CCleaner
  6. Reboot to remove index.dat files.




1.Uncheck "Cookies" under "Internet Explorer".

2.if user is running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".

3.Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.


How do I restore registry backups if needed?

Right-click on the .REG file created and select 'Merge'.
By default these files will be saved into your 'My Documents' folder

We'll have a little more cleanup to do :D
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

Unread postby Perkypen » June 26th, 2005, 1:37 pm

Okay, I downloaded CCleaner. It did start to run but then it froze up. I tried to restart it again, but if was "not responding" I restarted the computer and it is still "not responding"

My eyes are starting to twitch now!!!

Got any suggestions??

Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby LDTate » June 26th, 2005, 1:58 pm

Then do this one. We need to get rid of the remaining "Stuff"

Download and run.
http://cleanup.stevengould.org/


Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

Unread postby Perkypen » June 26th, 2005, 3:22 pm

Here is the new log. Great "flushing" noise!!

Things seem to be working much better. I can get into programs and explorer from the start button.

Logfile of HijackThis v1.99.1
Scan saved at 3:20:37 PM, on 6/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\y36mkxwr.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3140042562
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: CAISafe - Unknown owner - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe



THANKS!

Penny

BTW-my eye twitch seems to be getting better too!!
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby LDTate » June 26th, 2005, 3:26 pm

Good Job :D


Log looks good :D

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK




If you dont have these three programs I would recommend that you get them. [color=red]Spywareblaster[/color], [color=red]Spywareguard[/color] and [color=red]IESPY AD[/color]. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

Unread postby Perkypen » June 26th, 2005, 4:51 pm

Got two problems

1 eTrust popped up and says:

C:\WINNT\system32\kbdd.dll is infected with Win32.Mersting.B

2. AVG antivirus scan found Jave/ByteVerify virus. Status of about 28 files is infected/embedded.

Can you please help me remove??? :cry:

Thanks,

Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby LDTate » June 26th, 2005, 4:58 pm

Make sure you are only running 1 Anti-Virus program along with Ewido.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware