taniguce

Thank you so much for all your help. I really appreciate it. I will definitely take the tips you gave me to protect my pc. Thanks, again.

Logfile of HijackThis v1.99.1 Scan saved at 9:11:28 AM, on 10/9/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee Firewall\CP

I ran another AVG Anti-Spyware scan in safemode. It did not find anything this time, so there is no report to copy/paste to you.

Logfile of HijackThis v1.99.1 Scan saved at 5:14:13 PM, on 10/8/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\SpywareGuard\sgmain.exe C:\P

Files in c:\!killbox: 1. Logs (folder), in this folder is a file called kb 2. conscorr.ini 3. z2748.exe (when I went into the !killbox folder, the AVG Anti-Spyware you had me load previously comes up and states that "Malware found" Name: Downloader.CWS.ab Location: C:\!KillBox\z2748.exe Below is the contents of the file called kb: Pocket Killbox version 2.0.0.881 Running on Windows XP as Leigh Silberg(Administrator) was started @ Thursday, October 05, 2006, 8:10 PM # 1 [Delete on Reboot] Path = C:\windows\inf\conscorr.inf # 2 [Delete on Reboot] Path = c:\temp\FLEOK # 3 [Delete on Rebo

1. I ran Hijack This and checked the boxes to delete. I received an error message regarding deleting the 020 box, O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll. It should be noted in the hijack logfile. 2. I ran Killblox and did receive the message regarding any PendingFileRenameOperations prompt . I clicked OK at this prompt as you instructed. 3. I do not know what the C:\Program Files\Picasa\pinstall.dll is. I do have a "Hello" folder in the C:\Program Files\ directory which I don't know anything about. In the folder, it has a Picasa icon. I did a search on Google regarding th

1. I ran Hijack This and checked the boxes to delete. I received an error message regarding deleting the 020 box, O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll. It should be noted in the hijack logfile. 2. I ran Killblox and did receive the message regarding any PendingFileRenameOperations prompt . I clicked OK at this prompt as you instructed. 3. I do not know what the C:\Program Files\Picasa\pinstall.dll is. I do have a "Hello" folder in the C:\Program Files\ directory which I don't know anything about. In the folder, it has a Picasa icon. I did a search on Google regarding th

1. I ran Hijack This and checked the boxes to delete. I received an error message regarding deleting the 020 box, O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll. It should be noted in the hijack logfile. 2. I ran Killblox and did receive the message regarding any PendingFileRenameOperations prompt . I clicked OK at this prompt as you instructed. 3. I do not know what the C:\Program Files\Picasa\pinstall.dll is. I do have a "Hello" folder in the C:\Program Files\ directory which I don't know anything about. In the folder, it has a Picasa icon. I did a search on Google regarding th

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Logfile created on: 10/7/2006 8:52:21 AM WinPFind v1.5.0 Folder = C:\folder\winpfind\WinPFind\ Microsoft Windows XP (Version =

I have tried to run this program about 5 times now. Each time I run the program as you specified, my PC reboots itself. Is this a common occurence with this program? I don't know if something is wrong with my PC or is the the GMER program itself that is having the problem. Please advise. Thank you.

I did not see anything regarding this instruction "leave [X]scan through Windows Explorer checked". So, I just clicked >scan then>next. I also did not get any rename option. 10/06/06 17:40:29 [info]: BlackLight Engine 1.0.47 initialized 10/06/06 17:40:29 [info]: OS: 5.1 build 2600 () 10/06/06 17:40:29 [Note]: 7019 4 10/06/06 17:40:29 [Note]: 7005 0 10/06/06 17:40:51 [Note]: 7006 0 10/06/06 17:40:51 [Note]: 7011 448 10/06/06 17:40:52 [Note]: 7026 0 10/06/06 17:40:52 [Note]: 7026 0 10/06/06 17:41:01 [Note]: FSRAW library version 1.7.1020 10/06/06 17:41:37 [Note]: 7007 0

Logfile of HijackThis v1.99.1 Scan saved at 1:35:02 PM, on 10/6/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program

I copy/paste the "C:\WINDOWS\System32\win_a3.dll" into the box and clicked submit. It seemed to have worked. I got a screen with the following message after I hit the send file button "Your file (win_a3.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file". Thank you.

When I attempted to browse and locate the file "C:\WINDOWS\System32\win_a3.dll", it is not there. I even ran HiJack again just to make sure it was still there and it is in the Hijack Logfile like I sent you. I ran a search on my computer and it does not find it either. I even went to the folder options on My Computer and checked all appropriate boxes and radio buttons to "show" all hidden files. I still had no success in locating it on my computer, even though it is showing up on the Hijack Logfile. Please advise. Thank you.

Logfile of HijackThis v1.99.1 Scan saved at 8:32:49 AM, on 10/6/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\McAfee\McAfee VirusScan

AVG Report Scan: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 9:52:25 PM 10/5/2006 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{4D1C7E59-FDEE-E7E8-D0E4-2CA28A50B796} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{E716BC71-BD4C-141B-C430-3B0BB54033C3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). C:\!KillBox\MediaTicketsInstaller.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined). HKLM\SOFTWARE\Micros

First, I did receive the message "Click OK at any PendingFileRenameOperations prompt" during the killbox program. Here is the HiJack Logfile: Logfile of HijackThis v1.99.1 Scan saved at 8:29:35 PM, on 10/5/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.

ActiveScan Report: Incident Status Location Adware:adware/ipinsight Not disinfected c:\windows\inf\conscorr.inf

Here is the text file you requested: SmitFraudFix v2.105 Scan done at 15:31:27.15, Thu 10/05/2006 Run from C:\Documents and Settings\Leigh Silberg\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »

Thanks for your help. Here is the file you requested: SmitFraudFix v2.105 Scan done at 11:15:52.79, Thu 10/05/2006 Run from C:\Documents and Settings\Leigh Silberg\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDO

I am no longer able to get into the McAfee download site so I am get the latest dat files. My other computer using the same broadband with linksys has no problem getting into the same site. I was hit with a lot of viruses yesterday and believe I was also hit with a spyware problem. I think it is called "spyaxe". I thought I cleaned everything up with "Spybot Search and Destroy" and "AVG" antivirus softwares. Here is my HiJack Logfile: Logfile of HijackThis v1.99.1 Scan saved at 9:03:43 AM, on 10/5/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000)