Sign in to follow this  
Marie1121

softomate toolbar - svchosts.exe

Recommended Posts

Hi this is my first post and Im unsure - please be gentle

 

I have winXP sp2

I use ntlNetguard as my for my virus software, firewall etc

And Im using the latest version of Ad-Aware SE Personal

Also use Spybot - Search & Destroy

 

I dont know how long I have had this virus/trojan Im unsure what it is, but from reading about it, it is a problem, please can you help me.

 

I have dont what you said, I have created my folder, done the hijackthis and saved the log and this is it:

 

 

Before we start - I would like to thank you for taking the time to help, Im really nervous about this so here goes...lol

 

 

--------------------------------------------------------------------------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 14:20:31, on 23/01/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\ntl\ntl Netguard\fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\svchosts.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\WINDOWS\system32\RioMSC.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ntl\ntl Netguard\RPS.exe

C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe

C:\Program Files\Multimedia Combo Set\MouseDrv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE

C:\Program Files\Common Files\{98544E4A-0688-2057-1028-04110503002c}\Update.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Marie\My Documents\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll

O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"

O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe

O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set\MouseDrv.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"

O4 - HKLM\..\Run: [{98544E4A-0688-2057-1028-04110503002c}] "C:\Program Files\Common Files\{98544E4A-0688-2057-1028-04110503002c}\Update.exe" te-110-12-0000245

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155215277015

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37900.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

 

EDIT: Moved to the HijackThis Logs forum -- rookie147

Edited by rookie147

Share this post


Link to post
Share on other sites

Hello Marie1121, and welcome to Lavasoft Support Forums. My name is Charles and I will be dealing with your log today.

I'd like you to run a full scan of your system using Ad-Aware, making sure that you save the log. Post that in your next reply, please, along with a new Hijackthis log.

Thanks,

Charles

Share this post


Link to post
Share on other sites

Here they are Charlie, sorry it took so long

 

AD-AWARE

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:23 January 2007 17:14:31

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R145 17.01.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Softomate Toolbar(TAC index:9):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

23-01-2007 17:14:31 - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 756

ThreadCreationTime : 23-01-2007 17:13:53

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 808

ThreadCreationTime : 23-01-2007 17:13:54

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 832

ThreadCreationTime : 23-01-2007 17:13:55

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 884

ThreadCreationTime : 23-01-2007 17:13:55

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 896

ThreadCreationTime : 23-01-2007 17:13:55

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1052

ThreadCreationTime : 23-01-2007 17:13:56

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1108

ThreadCreationTime : 23-01-2007 17:13:56

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1200

ThreadCreationTime : 23-01-2007 17:13:56

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [incdsrv.exe]

FilePath : C:\Program Files\Ahead\InCD\

ProcessID : 1224

ThreadCreationTime : 23-01-2007 17:13:56

BasePriority : Normal

FileVersion : 4, 3, 20, 1

ProductVersion : 4, 3, 20, 1

ProductName : Nero AG incdsrv

CompanyName : Nero AG

FileDescription : incdsrv

InternalName : incdsrv

LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.

LegalTrademarks : InCD is a trademark of Nero AG

OriginalFilename : incdsrv.exe

 

#:10 [fws.exe]

FilePath : C:\Program Files\ntl\ntl Netguard\

ProcessID : 1348

ThreadCreationTime : 23-01-2007 17:13:58

BasePriority : Normal

FileVersion : 5.2.0.45264

ProductVersion : 5.2.0.45264

ProductName : Radialpoint Security Services 5.2.0

CompanyName : Radialpoint Inc.

FileDescription : Radialpoint 5.2.0

InternalName : Radialpoint Client

LegalCopyright : Copyright © 2002-2005

LegalTrademarks : Radialpoint Inc.

OriginalFilename : Freedom.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1416

ThreadCreationTime : 23-01-2007 17:13:58

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1524

ThreadCreationTime : 23-01-2007 17:13:58

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1820

ThreadCreationTime : 23-01-2007 17:14:01

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [cdantsrv.exe]

FilePath : C:\WINDOWS\system32\DRIVERS\

ProcessID : 2012

ThreadCreationTime : 23-01-2007 17:14:02

BasePriority : Normal

FileVersion : 3.24.010

ProductVersion : 3.24.010 Windows NT 2001/10/10

ProductName : CD-Secure/CD-Compress Windows NT

CompanyName : C-Dilla Ltd

FileDescription : C-Dilla RTS Service

InternalName : CDANTSRV

LegalCopyright : Copyright © Macrovision 1993-2001

OriginalFilename : CDANTSRV.EXE

Comments : StringFileInfo: U.S. English

 

#:15 [svchosts.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2028

ThreadCreationTime : 23-01-2007 17:14:02

BasePriority : Normal

 

 

#:16 [ctsvccda.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 228

ThreadCreationTime : 23-01-2007 17:14:02

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:17 [dvpapi.exe]

FilePath : C:\Program Files\Common Files\Command Software\

ProcessID : 256

ThreadCreationTime : 23-01-2007 17:14:02

BasePriority : Normal

 

 

#:18 [riomsc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 332

ThreadCreationTime : 23-01-2007 17:14:02

BasePriority : Normal

FileVersion : 2.92 build 2

ProductVersion : 2.92 build 2

ProductName : Rio Mass Storage Class Device Manager

CompanyName : Digital Networks North America, Inc.

FileDescription : Rio Mass Storage Class Device Manager

InternalName : RioMSC

LegalCopyright : © 2003-2004 Digital Networks North America, Inc.

OriginalFilename : RioMSC.EXE

Comments : http://www.rioaudio.com/

 

#:19 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 388

ThreadCreationTime : 23-01-2007 17:14:02

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:20 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 468

ThreadCreationTime : 23-01-2007 17:14:02

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:21 [uphclean.exe]

FilePath : C:\Program Files\UPHClean\

ProcessID : 584

ThreadCreationTime : 23-01-2007 17:14:02

BasePriority : Normal

FileVersion : 1.6.30.0

ProductVersion : 1.6.30.0

ProductName : User Profile Hive Cleanup Service

CompanyName : Microsoft Corporation

FileDescription : User Profile Hive Cleanup Service

InternalName : uphclean.exe

LegalCopyright : Copyright © Microsoft Corp. 2003 - 2005

OriginalFilename : uphclean.exe

 

#:22 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1008

ThreadCreationTime : 23-01-2007 17:14:04

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:23 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1388

ThreadCreationTime : 23-01-2007 17:14:06

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:24 [wmiprvse.exe]

FilePath : C:\WINDOWS\System32\wbem\

ProcessID : 1560

ThreadCreationTime : 23-01-2007 17:14:07

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

#:25 [rps.exe]

FilePath : C:\Program Files\ntl\ntl Netguard\

ProcessID : 1916

ThreadCreationTime : 23-01-2007 17:14:07

BasePriority : Normal

FileVersion : 5.2.0.45264

ProductVersion : 5.2.0.45264

ProductName : ntl Netguard

CompanyName : ntl

FileDescription : ntl Netguard

InternalName : Radialpoint Client

LegalCopyright : Copyright © 2002-2005

LegalTrademarks : Radialpoint Inc.

OriginalFilename : Freedom.exe

 

#:26 [ps2usbkbddrv.exe]

FilePath : C:\Program Files\Multimedia Combo Set\

ProcessID : 1924

ThreadCreationTime : 23-01-2007 17:14:07

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

 

#:27 [mousedrv.exe]

FilePath : C:\Program Files\Multimedia Combo Set\

ProcessID : 1956

ThreadCreationTime : 23-01-2007 17:14:07

BasePriority : Normal

FileVersion : 2.3

ProductVersion : 2.3

ProductName : 5 Key Mouse Driver

FileDescription : 5 Key Mouse Driver

InternalName : MouseDrv

LegalCopyright : Copyright © 2003-2004

OriginalFilename : MouseDrv.EXE

 

#:28 [e_fati9xe.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 1900

ThreadCreationTime : 23-01-2007 17:14:07

BasePriority : Normal

FileVersion : 3.00

ProductVersion : 3.00

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S5I0X1

LegalCopyright : Copyright © SEIKO EPSON CORP. 2004

OriginalFilename : E_S5I0X1.EXE

 

#:29 [update.exe]

FilePath : C:\Program Files\Common Files\{98544E4A-0688-2057-1028-04110503002c}\

ProcessID : 204

ThreadCreationTime : 23-01-2007 17:14:08

BasePriority : Normal

 

 

Softomate Toolbar Object Recognized!

Type : Process

Data : Update.exe

TAC Rating : 9

Category : Data Miner

Comment : Adware_Dloader-9.exe.dmp

Object : C:\Program Files\Common Files\{98544E4A-0688-2057-1028-04110503002c}\

 

 

Warning! Softomate Toolbar Object found in memory(C:\Program Files\Common Files\{98544E4A-0688-2057-1028-04110503002c}\Update.exe)

 

"C:\Program Files\Common Files\{98544E4A-0688-2057-1028-04110503002c}\Update.exe"Process terminated successfully

"C:\Program Files\Common Files\{98544E4A-0688-2057-1028-04110503002c}\Update.exe"Process terminated successfully

 

#:30 [googletoolbarnotifier.exe]

FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\

ProcessID : 240

ThreadCreationTime : 23-01-2007 17:14:08

BasePriority : Normal

FileVersion : 1, 2, 908, 5008

ProductVersion : 1, 2, 908, 5008

ProductName : GoogleToolbarNotifier

CompanyName : Google Inc.

FileDescription : GoogleToolbarNotifier

LegalCopyright : Copyright © 2005-2006

OriginalFilename : GoogleToolbarNotifier.exe

 

#:31 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 1516

ThreadCreationTime : 23-01-2007 17:14:10

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 1

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

17:28:19 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:13:47.828

Objects scanned:170484

Objects identified:1

Objects ignored:0

New critical objects:1

 

HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 17:29:23, on 23/01/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\ntl\ntl Netguard\fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\svchosts.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\WINDOWS\system32\RioMSC.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ntl\ntl Netguard\RPS.exe

C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe

C:\Program Files\Multimedia Combo Set\MouseDrv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\WINDOWS\system32\sol.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Marie\My Documents\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll

O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"

O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe

O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set\MouseDrv.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"

O4 - HKLM\..\Run: [{98544E4A-0688-2057-1028-04110503002c}] "C:\Program Files\Common Files\{98544E4A-0688-2057-1028-04110503002c}\Update.exe" te-110-12-0000245

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155215277015

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37900.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

Edited by Marie1121

Share this post


Link to post
Share on other sites

Hey there,

Like I explained, sorry about the slight delay, but I didn't get an email saying you'd replied.

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.

We are going to boot into Safe Mode later in the fix, and there is no internet access.

 

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

 

O4 - HKLM\..\Run: [{98544E4A-0688-2057-1028-04110503002c}] "C:\Program Files\Common Files\{98544E4A-0688-2057-1028-04110503002c}\Update.exe" te-110-12-0000245

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing)

 

Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

 

Now, please reboot your computer into Safe Mode.

This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.

Then select Safe Mode from the list.

 

Set your system to show all files.

Navigate to Start | My Computer | Tools | Folder Options.

Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

 

Next, please find and delete the following files/folders (if present):

 

C:\Program Files\Common Files\{98544E4A-0688-2057-1028-04110503002c} <--Folder

C:\WINDOWS\system32\svchosts.exe <--File, there is a legitimate item with a very similar name, make sure you remove the correct one!

 

Copy and paste the following text into Notepad:

sc stop "COM+ Messages"
sc delete "COM+ Messages"

Save this as "services.bat" Choose to save as *all files and place it on your Desktop.

Double-click services.bat.

 

Reboot into Normal Mode.

 

Please post me back a new Hijackthis log.

Thanks,

Charles

Share this post


Link to post
Share on other sites

The New HIJACKTHIS log file Thanks Charles

 

Logfile of HijackThis v1.99.1

Scan saved at 22:38:08, on 24/01/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\ntl\ntl Netguard\fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\WINDOWS\system32\RioMSC.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ntl\ntl Netguard\RPS.exe

C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe

C:\Program Files\Multimedia Combo Set\MouseDrv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Marie\My Documents\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll

O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"

O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe

O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set\MouseDrv.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155215277015

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37900.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

Share this post


Link to post
Share on other sites

Hi Marie,

Please run Panda's ActiveScan.

Once you are on the Panda site click the Scan your PC button

A new window will open, click the Check Now button.

Enter your personal details.

Click the big Scan Now button.

It will ask to install various content - please allow this.

It will start downloading the files it requires for the scan, which may take a while.

When download is complete, click on Local Disks to start the scan.

When the scan completes, click the See Report button.

Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

 

Post me back the Panda report.

Thanks,

Charles

Share this post


Link to post
Share on other sites

The Panda Scan Report Log I have to do this is a couple of message as its too big... is this what you want?

 

 

Incident Status Location

 

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Penfold\Cookies\[email protected][1].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Suede\Cookies\[email protected][1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Suede\Cookies\[email protected][2].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Suede\Cookies\[email protected][2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Suede\Cookies\[email protected][2].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Suede\Cookies\[email protected][1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Suede\Cookies\[email protected][1].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Suede\Cookies\[email protected][2].txt

Virus:W32/SimpleP2P.A.worm Disinfected C:\Documents and Settings\Suede\My Documents\New Folder\run.exe

Virus:W32/SimpleP2P.A.worm Disinfected C:\Documents and Settings\Suede\My Documents\New Folder\td.exe

Virus:W32/SimpleP2P.A.worm Disinfected C:\Documents and Settings\Suede\My Documents\New Folder\Warhammer 40000-Dawn Of War-Dark Crusade (Crack + Serial).exe

Virus:W32/SimpleP2P.A.worm Disinfected C:\Documents and Settings\Suede\My Documents\New Folder\Warhammer 40000-Dawn Of War-Dark Crusade (Crack + Serial).zip[Warhammer 40000-Dawn Of War-Dark Crusade (Crack + Serial).exe]

Adware:Adware/Seekmo Not disinfected C:\Documents and Settings\Suede\My Documents\New Folder\zgo.exe

Spyware:Cookie/Com.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ10.tmp

Spyware:Cookie/FastClick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ100.tmp

Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ101.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ103.tmp

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ104.tmp

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ105.tmp

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ10A.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ10F.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ11.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ110.tmp

Spyware:Cookie/HotLog Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ111.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ112.tmp

Spyware:Cookie/SexList Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ113.tmp

Spyware:Cookie/SexList Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ115.tmp

Spyware:Cookie/Com.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ11A.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ11D.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ12.tmp

Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ125.tmp

Spyware:Cookie/WUpd Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ126.tmp

Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ127.tmp

Spyware:Cookie/PayCounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ128.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ12A.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ12B.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ12F.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ13.tmp

Spyware:Cookie/HotLog Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ130.tmp

Spyware:Cookie/SpyLog Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ131.tmp

Spyware:Cookie/Falkag Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ134.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ136.tmp

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ13F.tmp

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ14.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ142.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ143.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ145.tmp

Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ146.tmp

Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ14E.tmp

Spyware:Cookie/Com.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ15.tmp

Hacktool:Exploit/ByteVerify Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ15D.tmp[Gummy.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ15D.tmp[Counter.class]

Hacktool:Exploit/ByteVerify Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ15D.tmp[VerifierBug.class]

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ16.tmp

Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ167.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ17.tmp

Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ179.tmp

Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ17A.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ18.tmp

Spyware:Cookie/HotLog Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ181.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ187.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ19.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1A.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1B.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1C.tmp

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1D.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1E.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1ED.tmp

Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1F.tmp

Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ20.tmp

Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ21.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ211.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ22.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ23.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ24.tmp

Spyware:Cookie/Falkag Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ245.tmp

Spyware:Cookie/Com.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ25.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ251.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ268.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ27.tmp

Spyware:Cookie/Weborama Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ272.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ28.tmp

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ29.tmp

Spyware:Cookie/Com.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ29C.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2A.tmp

Spyware:Cookie/Com.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2B.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2C.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2CC.tmp

Spyware:Cookie/Adtech Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2D.tmp

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2E.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2F8.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2F9.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2FA.tmp

Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ30.tmp

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ31.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ32.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ33.tmp

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ33D.tmp

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ33E.tmp

Spyware:Cookie/Com.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ34.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ35.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ35F.tmp

Spyware:Cookie/Inet-Traffic Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ36.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ360.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ361.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ362.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ363.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ364.tmp

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ365.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ367.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ369.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ36A.tmp

Spyware:Cookie/FastClick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ36B.tmp

Spyware:Cookie/Com.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ37.tmp

Spyware:Cookie/HotLog Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ38.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ39.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ392.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ393.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ394.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3A.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3B.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3B5.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3C.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3D.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3E.tmp

Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3F.tmp

Share this post


Link to post
Share on other sites

Cont....

 

Spyware:Cookie/WUpd Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ40.tmp

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ41.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ411.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ42.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ43.tmp

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ439.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ44.tmp

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ45.tmp

Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ46.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ47.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ48.tmp

Spyware:Cookie/onestat.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ49.tmp

Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4A.tmp

Spyware:Cookie/Weborama Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4B.tmp

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4C.tmp

Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4D.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4E.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4F.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ50.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ51.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ52.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ53.tmp

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ54.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ55.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ56.tmp

Spyware:Cookie/Adtech Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ567.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ57.tmp

Spyware:Cookie/MetriWeb Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ57A.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ57F.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ58.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ581.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ582.tmp

Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ583.tmp

Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ586.tmp

Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ587.tmp

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ59.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ5A.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ5B.tmp

Spyware:Cookie/Com.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ5C.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ5D.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ61.tmp

Spyware:Cookie/Falkag Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ62.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ63.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ65.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ66.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ67.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ68.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ69.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ6A.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ6B.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ6C.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ6D.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ6E.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ6F.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ70.tmp

Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ71.tmp

Spyware:Cookie/WUpd Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ72.tmp

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ73.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ74.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ75.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ76.tmp

Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ77.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ78.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ79.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ7A.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ7B.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ7C.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ7D.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ7E.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ7F.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ80.tmp

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ81.tmp

Spyware:Cookie/Zedo Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ82.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ83.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ84.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ85.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ86.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ87.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ88.tmp

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ89.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ8A.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ8B.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ8C.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ8D.tmp

Spyware:Cookie/Falkag Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ8E.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ8F.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ90.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ92.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ93.tmp

Spyware:Cookie/Adtech Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ94.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ95.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ96.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ97.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ98.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ99.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ9A.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ9B.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ9C.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ9D.tmp

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ9E.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ9F.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQA0.tmp

Spyware:Cookie/PayCounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQA1.tmp

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQA2.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQA3.tmp

Spyware:Cookie/WUpd Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQA4.tmp

Spyware:Cookie/Adtech Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQA6.tmp

Spyware:Cookie/Adviva Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQA7.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQA8.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQAB.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQAC.tmp

Spyware:Cookie/Adtech Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQAD.tmp

Spyware:Cookie/Adviva Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQAE.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQAF.tmp

Share this post


Link to post
Share on other sites

Spyware:Cookie/Adtech Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQB0.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQB1.tmp

Spyware:Cookie/Com.com Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQB3.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQB4.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQB5.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQB6.tmp

Spyware:Cookie/Adtech Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQB7.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQB8.tmp

Spyware:Cookie/Adviva Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQB9.tmp

Spyware:Cookie/SexList Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQBA.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQBC.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQBD.tmp

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQBE.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQBF.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQC0.tmp

Spyware:Cookie/Clicktracks Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQC1.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQC2.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQC3.tmp

Spyware:Cookie/WUpd Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQC5.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQC6.tmp

Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQC7.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQC9.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQCA.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQCB.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQCC.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQCD.tmp

Spyware:Cookie/XXXCounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQCE.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQCF.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQD0.tmp

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQD1.tmp

Spyware:Cookie/Adtech Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQD2.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQD3.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQD4.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQD5.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQD6.tmp

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQD8.tmp

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQD9.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQDA.tmp

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQDB.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQDC.tmp

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQDD.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQDE.tmp

Spyware:Cookie/Adtech Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE.tmp

Spyware:Cookie/FastClick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE0.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE1.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE2.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE3.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE4.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE5.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE6.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE7.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE8.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQE9.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQEA.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQEB.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQEC.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQED.tmp

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQEF.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQF.tmp

Spyware:Cookie/FastClick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQF0.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQF1.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQF2.tmp

Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQF3.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQF4.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQF5.tmp

Spyware:Cookie/Falkag Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQF6.tmp

Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQF8.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQF9.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQFA.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQFB.tmp

Spyware:Cookie/PayCounter Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQFC.tmp

Spyware:Cookie/Falkag Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQFD.tmp

Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQFE.tmp

Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQFF.tmp

Adware:Adware/888Bar Not disinfected C:\Program Files\Common Files\{38544E4A-0688-2057-1028-04110503002c}\Bar888.dll

Adware:Adware/888Bar Not disinfected C:\Program Files\Common Files\{38544E4A-0688-2057-1028-04110503002c}\UnInstall.exe

Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-18\Dc1\system.dll

Adware:Adware/888Bar Not disinfected C:\RECYCLER\S-1-5-18\Dc1\Update.exe

Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-18\Dc2\system.dll

Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-18\Dc3\system.dll

Adware:Adware/888Bar Not disinfected C:\tdd.exe

Share this post


Link to post
Share on other sites

Hey Marie1121,

Yes you posted the correct log. It looked very long because there are a lot of infection files in your PestPatrol quarantine, which needs cleaning out.

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.

We are going to boot into Safe Mode, and there is no internet access.

 

Now, please reboot your computer into Safe Mode.

This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.

Then select Safe Mode from the list.

 

Let's clean out your temporary internet files:

Close all open windows before we start.

Go to Start | Control Panel | Internet Options | General.

Click the Delete Cookies button.

Next to it, click the Delete Files button.

When prompted, place a check in: 'Delete all offline content', click OK

 

If you have Firefox installed, we need to clean out these temporary files as well:

Go to Tools | Options.

Click Privacy.

Press the Clear button located to the right of each option (History, Cookies, Cache).

Click OK to finish, before closing it.

Alternatively, you can clear all information stored while browsing by clicking Clear All.

A confirmation dialog box will be shown before clearing the information.

 

Now we'll clean other temporary files and your Recycle Bin:

Go to Start | Run | type: cleanmgr | OK.

Let it scan your system for files to remove.

Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked.

Press OK to remove them.

 

Next, please find and delete the following files/folders (if present):

 

C:\Documents and Settings\Suede\My Documents\New Folder <--Folder

C:\Program Files\Common Files\{38544E4A-0688-2057-1028-04110503002c} <--Folder

C:\tdd.exe <--File

 

Delete the contents of the following folder, but not the folder itself:

 

C:\Program Files\PestPatrol\Quarantine

 

Reboot into Normal Mode.

 

In your next post, please let me know how things are running now.

Thanks,

Charles

Share this post


Link to post
Share on other sites

Thanks Charles, I have done what you said - I dont know why PestPatol is still on my system I removed that ages ago.

 

Everything seems to be fine so far.

 

I would like to say a big THANK YOU for taking the time to help me - your instructions are really easy to follow, even for someone like me.

 

 

Regards

Marie

Share this post


Link to post
Share on other sites

Great job! :)

You're very welcome for all the help, it's my pleasure.

Since you removed PestPatrol, delete this folder:

 

C:\Program Files\PestPatrol

 

Now that you're free from malware, please follow these simple steps to decrease the likelihood of getting re-infected again:

 

Set your system to not show all files.

Navigate to Start | My Computer | Tools | Folder Options.

Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".

Check: Hide file extensions for known file types

Check the Hide protected operating system files (recommended) option.

Click Yes to confirm.

 

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

 

In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE

A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

 

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If, of course, you encounter any more problems, please let me know and I'll try my best to sort them out for you.

Thanks and happy computing,

Charles

Edited by LS CalamityJane
Fixed outdated link

Share this post


Link to post
Share on other sites

Thanks Charles - Ive been using the pc most of the day and I havent had any problems

 

It wont let me delete PestPatrol folder - Its asking me to check disk or if its currently in use

The folder is in C:\Program Files\common files\PestPatrol

can I use the hijackthis thingy?

 

Ive just done a google search on this and other people seem to have the same problem

 

-----------------------------------------------------------

 

I have spybot Search & destroy I thought that would have found most of them but when I ran Panda there was more on there.

 

Take care :D

Edited by Marie1121

Share this post


Link to post
Share on other sites

Have a go at deleting it in Safe Mode - use my last set of instructions if you're unsure how to do it. Then let me know in your next post if you could remove it; if not, we can try something a little stronger :D

Charles

Share this post


Link to post
Share on other sites

I manged to delete it in safe mode, then rebooted the I to figured out that its part of my ntlNetguard package OMG...:D.... so I went into the recyle bin, restored file and all seems to be fine...how blonde am I...:D

 

Thanks for all the help Charles I really appreciate it. Could I adopt you... hehehehehee

Edited by Marie1121

Share this post


Link to post
Share on other sites

I think we're done here then.

Let me know if you have any more problems..

Could I adopt you...

I'm tempted, lol :D

Share this post


Link to post
Share on other sites

Thanks Charles I think so to, I know where to come when I need some good advice with easy instructions to follow.

 

If you ever feel the need to be adopted you know Im here....lol

 

Take care

Marie

Share this post


Link to post
Share on other sites
I manged to delete it in safe mode, then rebooted the I to figured out that its part of my ntlNetguard package OMG...:).... so I went into the recyle bin, restored file and all seems to be fine...how blonde am I...:D

 

Thanks for all the help Charles I really appreciate it. Could I adopt you... hehehehehee

Are you talking about pestpatrol? I hope not, it is one of the worst legitimate antispyware programs I know of, it is loaded with false positives and has poor detection rates. If you use pestpatrol I recommend you stop using it, almost any other legitimate spyware scanner is superior to it.

Share this post


Link to post
Share on other sites

Since this issue appears resolved, this topic is now closed.

 

If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this