Options
Please Help this is driving me crazy.
I have chosen Excite.com as my home page but when I open IE6 I first see about:blank on my address bar and then am redirected to "martfinder.com",
Earler I had the Smitfraud virus which I was able to get rid using your instructions in Smitfraud Removal Guide.
I have scanned my PC with MS Antispyware beta, Kasperskys AV, Spybot, Adaware all with the latest upgrades, I have also tried CWShreder, Kill.exe, nailfix.cmd, ewido, hoster but with no luck.
I was told that I needed to get rid of c:\winnt\windows.dat, but when I check it in hijackthis logfile and then hit fix it says cannot delete.
Please help this is driving me crazy
Here is my logfile
Logfile of HijackThis v1.99.1
Scan saved at 3:00:29 PM, on 6/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Donna Marie Gelesky\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/...r/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/s...83/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/...rvest/gwCID.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/s...,20/mcgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O19 - User stylesheet: C:\WINNT\windows.dat
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Earler I had the Smitfraud virus which I was able to get rid using your instructions in Smitfraud Removal Guide.
I have scanned my PC with MS Antispyware beta, Kasperskys AV, Spybot, Adaware all with the latest upgrades, I have also tried CWShreder, Kill.exe, nailfix.cmd, ewido, hoster but with no luck.
I was told that I needed to get rid of c:\winnt\windows.dat, but when I check it in hijackthis logfile and then hit fix it says cannot delete.
Please help this is driving me crazy
Here is my logfile
Logfile of HijackThis v1.99.1
Scan saved at 3:00:29 PM, on 6/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Donna Marie Gelesky\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/...r/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/s...83/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/...rvest/gwCID.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/s...,20/mcgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O19 - User stylesheet: C:\WINNT\windows.dat
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
0
Comments
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\xkvej.dll/sp.html#27130
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O19 - User stylesheet: C:\WINNT\windows.dat
Still in Safe Mode, find and delete these two files:
C:\WINNT\system32\xkvej.dll
C:\WINNT\windows.dat
And the bold folder:
C:\Program Files\AWS\
Then boot back into Normal Mode and post a new log.
Also deleted c:\winnt\windows.dat file and the c:\program files\aws folder.
Could not find the c:\winnt\system32\xkvej.dll file
Here is the new logfile
Logfile of HijackThis v1.99.1
Scan saved at 4:00:07 PM, on 6/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Donna Marie Gelesky\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O19 - User stylesheet: C:\WINNT\windows.dat
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O19 - User stylesheet: C:\WINNT\windows.dat
Fix that entry and delete windows.dat, reboot, and post a new log.
Please help me I would hate to have to format my hard drive and reinstall windows and everything else.
Logfile of HijackThis v1.99.1
Scan saved at 11:08:57 AM, on 6/6/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Donna Marie Gelesky\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O19 - User stylesheet: C:\WINNT\windows.dat
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
http://housecall.trendmicro.com
Do scans with those two free online AntiVirus products. There may be some files that they cannot remove. Please post the logs that they give you with a list of these files.
Ran housecall.trendmicro.com it did not find any infected files.
Here is the activescan text
Incident Status Location
Adware:Adware/eZula No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\system32\cache32_rtneg?
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch
Adware:Adware/nCase No disinfected C:\WINNT\system32\FLEOK
Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/PortalScan No disinfected C:\WINNT\system32\winupdt.008
Adware:Adware/SAHAgent No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\Documents and Settings\Donna Marie Gelesky\Desktop\Virus Hunter Security.lnk
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Donna Marie Gelesky\Application Data\Lycos
Adware:Adware/IPInsight No disinfected C:\WINNT\inf\polall1r.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINNT\downloaded program files\initial.inf
Adware:Adware/AdLogix No disinfected Windows Registry
Adware:Adware/SuperSpider No disinfected C:\WINNT\securea.html
Adware:Adware/BroadcastPC No disinfected Windows Registry
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Donna Marie Gelesky\Application Data\sskknwrd.dll
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Ab scissor.url
Adware:Adware/Transponder No disinfected Windows Registry
Virus:Bck/Dumador.O Disinfected Operating system
Adware:Adware/Adsmart No disinfected C:\WINNT\sys????.exe
Adware:Adware/SearchTheWeb No disinfected Windows Registry
Adware:Adware/Virmaid No disinfected C:\WINNT\system32\perfcii.ini
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Donna Marie Gelesky\Application Data\Sskcwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Donna Marie Gelesky\Application Data\Sskknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Donna Marie Gelesky\Application Data\Sskuknwrd.dll
Adware:Adware/CWS No disinfected C:\Documents and Settings\Donna Marie Gelesky\Desktop\Virus Hunter Security.lnk
Adware:Adware/Lop No disinfected C:\Program Files\GramLong\View coal.exe
Possible Virus. No disinfected C:\Program Files\iolo\System Mechanic 5 Professional\Search and Recover\streamserver.exe
Possible Virus. No disinfected C:\Program Files\iolo\System Mechanic 5 Professional\UninstallSMPro.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\TVSv2.dll
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\TVS_B.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\tvs_clean.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\tvs_ln.exe
Adware:Adware/SAHAgent No disinfected C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462007.inf
Adware:Adware/SAHAgent No disinfected C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462550.inf
Spyware:Spyware/ISTbar No disinfected C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462570.INF
Adware:Adware/MediaTickets No disinfected C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462580.INF
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462602.dll
Virus:Trj/Qhost.gen Disinfected C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462613
Adware:Adware/ISearch No disinfected C:\WINNT\delprot.ini
Adware:Adware/ISearch No disinfected C:\WINNT\deskbar.ini
Adware:Adware/ISearch No disinfected C:\WINNT\Downloaded Program Files\initial.inf
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\WINNT\Favorites\Sites about\What is hydrocodone.url
Adware:Adware/SAHAgent No disinfected C:\WINNT\inf\bi6.inf
Adware:Adware/Transponder No disinfected C:\WINNT\inf\polall1r.inf
Adware:Adware/Transponder No disinfected C:\WINNT\inf\polmx2.inf
Adware:Adware/SuperSpider No disinfected C:\WINNT\securea.html
Adware:Adware/Adsmart No disinfected C:\WINNT\sysab32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysad32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysah32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysar32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysat32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysbu32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syscd32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syscf32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysch32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syscp32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysdq32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysee32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysek32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syseo32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysew32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysff32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysfr32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysfx32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysgb32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysgm32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysgn32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysgt32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysgu32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysgw32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syshb32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syshm32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysib32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysig32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysjh32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysjm32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysjw32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysjx32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syslf32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysli32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syslq32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syslt32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syslx32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysly32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysmf32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysmi32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysnd32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysnu32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysnv32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysof32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysoj32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysou32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syspc32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syspi32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysql32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysqm32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysqy32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysri32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysrp32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysrr32.exe
Virus:Trj/Downloader.XY Disinfected C:\WINNT\system32\bluestd.exe
Adware:Adware/Virmaid No disinfected C:\WINNT\system32\perfcii.ini
Adware:Adware/SAHAgent No disinfected C:\WINNT\system32\ritsacnk.dat
Adware:Adware/nCase No disinfected C:\WINNT\system32\saie_gdf.dat
Adware:Adware/PortalScan No disinfected C:\WINNT\system32\winupdt.008
Adware:Adware/Adsmart No disinfected C:\WINNT\systt32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysuh32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysun32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysur32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysva32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysvf32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysvp32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysvz32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysxp32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysxr32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysxu32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysyq32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysyz32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syszb32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syszd32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\sysze32.exe
Adware:Adware/Adsmart No disinfected C:\WINNT\syszk32.exe
C:\WINNT\system32\cache32_rtneg?
C:\Program Files\MySearch
C:\WINNT\system32\FLEOK
C:\WINNT\system32\winupdt.008
C:\Documents and Settings\Donna Marie Gelesky\Desktop\Virus Hunter Security.lnk
C:\Documents and Settings\Donna Marie Gelesky\Application Data\Lycos
C:\WINNT\inf\polall1r.inf
C:\WINNT\downloaded program files\initial.inf
C:\WINNT\securea.html
C:\Documents and Settings\Donna Marie Gelesky\Application Data\sskknwrd.dll
C:\WINNT\Favorites\Sites about\Ab scissor.url
C:\WINNT\sys????.exe
C:\WINNT\system32\perfcii.ini
C:\Documents and Settings\Donna Marie Gelesky\Application Data\Sskcwrd.dll
C:\Documents and Settings\Donna Marie Gelesky\Application Data\Sskknwrd.dll
C:\Documents and Settings\Donna Marie Gelesky\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Donna Marie Gelesky\Desktop\Virus Hunter Security.lnk
C:\Program Files\GramLong\View coal.exe
C:\Program Files\tvs\TVSv2.dll
C:\Program Files\tvs\TVS_B.exe
C:\Program Files\tvs\tvs_clean.exe
C:\Program Files\tvs\tvs_ln.exe
C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462007.inf
C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462550.inf
C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462570.INF
C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462580.INF
C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462602.dll
C:\RECYCLER\S-1-5-21-725345543-1177238915-1801674531-1000\Dc6\98462613
C:\WINNT\delprot.ini
C:\WINNT\deskbar.ini
C:\WINNT\Downloaded Program Files\initial.inf
C:\WINNT\Favorites\Sites about\Ab scissor.url
C:\WINNT\Favorites\Sites about\Broadband comparison.url
C:\WINNT\Favorites\Sites about\Credit counseling.url
C:\WINNT\Favorites\Sites about\Credit report.url
C:\WINNT\Favorites\Sites about\Crm software.url
C:\WINNT\Favorites\Sites about\Debt credit card.url
C:\WINNT\Favorites\Sites about\Escorts.url
C:\WINNT\Favorites\Sites about\Fha.url
C:\WINNT\Favorites\Sites about\Health insurance.url
C:\WINNT\Favorites\Sites about\Help desk software.url
C:\WINNT\Favorites\Sites about\Insurance home.url
C:\WINNT\Favorites\Sites about\Loan for debt consolidation.url
C:\WINNT\Favorites\Sites about\Loan for people with bad credit.url
C:\WINNT\Favorites\Sites about\Marketing email.url
C:\WINNT\Favorites\Sites about\Mortgage insurance.url
C:\WINNT\Favorites\Sites about\Mortgage life insurance.url
C:\WINNT\Favorites\Sites about\Nevada corporations.url
C:\WINNT\Favorites\Sites about\Online Betting Site.url
C:\WINNT\Favorites\Sites about\Online gambling casino.url
C:\WINNT\Favorites\Sites about\Online instant loan.url
C:\WINNT\Favorites\Sites about\Order phentermine.url
C:\WINNT\Favorites\Sites about\Payroll advance.url
C:\WINNT\Favorites\Sites about\Personal loans online.url
C:\WINNT\Favorites\Sites about\Personal loans with bad credit.url
C:\WINNT\Favorites\Sites about\Prescription Drugs Rx Online.url
C:\WINNT\Favorites\Sites about\Refinancing my mortgage.url
C:\WINNT\Favorites\Sites about\Tahoe vacation rental.url
C:\WINNT\Favorites\Sites about\Unsecured bad credit loans.url
C:\WINNT\Favorites\Sites about\Videos.url
C:\WINNT\Favorites\Sites about\What is hydrocodone.url
C:\WINNT\inf\bi6.inf
C:\WINNT\inf\polall1r.inf
C:\WINNT\inf\polmx2.inf
C:\WINNT\securea.html
C:\WINNT\sysab32.exe
C:\WINNT\sysad32.exe
C:\WINNT\sysah32.exe
C:\WINNT\sysar32.exe
C:\WINNT\sysat32.exe
C:\WINNT\sysbu32.exe
C:\WINNT\syscd32.exe
C:\WINNT\syscf32.exe
C:\WINNT\sysch32.exe
C:\WINNT\syscp32.exe
C:\WINNT\sysdq32.exe
C:\WINNT\sysee32.exe
C:\WINNT\sysek32.exe
C:\WINNT\syseo32.exe
C:\WINNT\sysew32.exe
C:\WINNT\sysff32.exe
C:\WINNT\sysfr32.exe
C:\WINNT\sysfx32.exe
C:\WINNT\sysgb32.exe
C:\WINNT\sysgm32.exe
C:\WINNT\sysgn32.exe
C:\WINNT\sysgt32.exe
C:\WINNT\sysgu32.exe
C:\WINNT\sysgw32.exe
C:\WINNT\syshb32.exe
C:\WINNT\syshm32.exe
C:\WINNT\sysib32.exe
C:\WINNT\sysig32.exe
C:\WINNT\sysjh32.exe
C:\WINNT\sysjm32.exe
C:\WINNT\sysjw32.exe
C:\WINNT\sysjx32.exe
C:\WINNT\syslf32.exe
C:\WINNT\sysli32.exe
C:\WINNT\syslq32.exe
C:\WINNT\syslt32.exe
C:\WINNT\syslx32.exe
C:\WINNT\sysly32.exe
C:\WINNT\sysmf32.exe
C:\WINNT\sysmi32.exe
C:\WINNT\sysnd32.exe
C:\WINNT\sysnu32.exe
C:\WINNT\sysnv32.exe
C:\WINNT\sysof32.exe
C:\WINNT\sysoj32.exe
C:\WINNT\sysou32.exe
C:\WINNT\syspc32.exe
C:\WINNT\syspi32.exe
C:\WINNT\sysql32.exe
C:\WINNT\sysqm32.exe
C:\WINNT\sysqy32.exe
C:\WINNT\sysri32.exe
C:\WINNT\sysrp32.exe
C:\WINNT\sysrr32.exe
C:\WINNT\system32\bluestd.exe
C:\WINNT\system32\perfcii.ini
C:\WINNT\system32\ritsacnk.dat
C:\WINNT\system32\saie_gdf.dat
C:\WINNT\system32\winupdt.008
C:\WINNT\systt32.exe
C:\WINNT\sysuh32.exe
C:\WINNT\sysun32.exe
C:\WINNT\sysur32.exe
C:\WINNT\sysva32.exe
C:\WINNT\sysvf32.exe
C:\WINNT\sysvp32.exe
C:\WINNT\sysvz32.exe
C:\WINNT\sysxp32.exe
C:\WINNT\sysxr32.exe
C:\WINNT\sysxu32.exe
C:\WINNT\sysyq32.exe
C:\WINNT\sysyz32.exe
C:\WINNT\syszb32.exe
C:\WINNT\syszd32.exe
C:\WINNT\sysze32.exe
C:\WINNT\syszk32.exe
Then boot back into Normal Mode do those scans again, and post a new log.
It found a lot fewer infected files but did find some . See attached
Incident Status Location
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch
Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Donna Marie Gelesky\Application Data\Lycos
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINNT\downloaded program files\initial.inf
Adware:Adware/AdLogix No disinfected Windows Registry
Adware:Adware/Adsmart No disinfected C:\WINNT\sys????.exe
Adware:Adware/SearchTheWeb No disinfected Windows Registry
Possible Virus. No disinfected C:\Program Files\iolo\System Mechanic 5 Professional\Search and Recover\streamserver.exe
Possible Virus. No disinfected C:\Program Files\iolo\System Mechanic 5 Professional\UninstallSMPro.exe
Adware:Adware/ISearch No disinfected C:\WINNT\Downloaded Program Files\initial.inf
Adware:Adware/Adsmart No disinfected C:\WINNT\syscf32.exe
C:\WINNT\downloaded program files\initial.inf
C:\WINNT\sys????.exe
C:\Program Files\iolo\System Mechanic 5 Professional\Search and Recover\streamserver.exe
C:\Program Files\iolo\System Mechanic 5 Professional\UninstallSMPro.exe
C:\WINNT\syscf32.exe
And the bold folders:
C:\Program Files\MySearch\
C:\Documents and Settings\Donna Marie Gelesky\Application Data\Lycos\
Then boot back into Normal Mode, run the Panda scan, and post the log.
Here is the scan
Incident Status Location
Adware:Adware/SaveNow No disinfected Windows Registry